anonymity & virtualization - University of...

18

Transcript of anonymity & virtualization - University of...

Page 1: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer
Page 2: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

cs642

anonymity & virtualization

adam everspaugh [email protected]

computer security

Page 3: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

todayAnnouncements: HW3 due tonight; HW4 posted tomorrow

Anonymous browsing, TOR

Virtualization,

Random number generators and reset vulnerabilities

Page 4: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

Preventingintercept

• End-to-endencryption(TLS,SSH)

• Whatdoesthisprotect?Whatdoesitleak?

• Whatcangowrong?

Othermajorbackbone

AT&Tnetwork

Interceptiongear

IP:1.2.3.4

IP:5.6.7.8

think-pair-share

Page 5: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

Hidingconnectivityisharder

• IPaddressesarerequiredtoroutecommunication,yetnotencryptedbynormalend-to-endencryption– 1.2.3.4talkedto5.6.7.8overHTTPs

• Howcanwehideconnectivityinformation?

Page 6: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

SimpleAnonymizationServices

• Single-hopproxyservices

• JonDonym,anonymousremailers(MixMaster,MixMinion),manyothers

Anonymizer.com

Page 7: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

Tor(TheOnionRouter)

Othermajorbackbone

AT&Tnetwork

Interceptiongear

IP:1.2.3.4

IP:5.6.7.8

Othermajorbackbone

TorRelayTorRelay TorRelay

7.8.9.1 8.9.1.19.1.1.2

Client->7.8.9.1->8.9.1.1->9.1.1.2->DestinationCalledacircuit

Page 8: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

Client:1.2.3.4

Onionrouting:thebasicidea

Torimplementsmorecomplexversionofthisbasicidea

7.8.9.1

Encryptedto7.8.9.1Src:

1.2.3.4Dest:7.8.9.1

8.9.1.1

Encryptedto8.9.1.1Src:

7.8.9.1Dest:8.9.1.1

Encryptedto9.1.1.2Src:

8.9.1.1Dest:9.1.1.2

9.1.1.2 webserver:5.6.7.8

HTTPpacketSrc:

9.1.1.2Dest:5.6.7.8

Page 9: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

Whatdoesadversarysee?

Othermajorbackbone

AT&Tnetwork

Interceptiongear

IP:1.2.3.4

IP:5.6.7.8

Othermajorbackbone

TorNodeTorNode TorNode

7.8.9.1 8.9.1.19.1.1.2

HTTPpacketSrc:

9.1.1.2Dest:5.6.7.8

Torobfuscateswhotalkedtowhom,needend-to-endencryption(e.g.,HTTPS)toprotectpayload

Page 10: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

• Dec2016:EldoKim,Harvardsophomore,sentbombthreatsusingGuerillaMail(anonymousemailservice)

• UsedToRtoconnecttoGuerillaMail(fromhisdormroom)

• Caughtwithin2days

• Howdidhegetcaught?

• GuerillaMailindicateduserconnectedviaToRnode

• FBIcomparedtimestamponemailtoHarvardnetworklogs,

• HewastheonlyoneusingToRatthattime(onthelocalnetwork),confessedwhenconfronted

Page 11: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

[Asof:April13,2016]

Page 12: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

virtualization

Page 13: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

Virtualization

Hardware

OS

Process1 Process2

Novirtualization

Type-1:HypervisorrunsdirectlyonhardwareType-2:HypervisorrunsonhostOS

Hardware

Hypervisor

OS1

P1 P2

OS2

P1 P2

DriversDrivers

Type-1Virtualization(Xen,VMwareESX)

P2

P1 P2

Type-2Virtualization(VMwareWorkstation,VirtualBox)

OS2

P1

HostOS

Hardware

Hypervisor

Page 14: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

VMUseCases

• Developmentandtesting(especiallywhenweneeddifferentOSs)

• Serverconsolidation

• Runmultipleserversonsamehardware:webserver,fileserver,emailservers,…

• Cloudcomputing:Infrastructure-as-a-Service

• Sandboxing/containment

Page 15: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

SecurityModel

Hardware

Hypervisor

OS1

P1 P2

OS2

P1 P2

DriversDrivers

Type-1Virtualization(VMwareWorkstation,VirtualBox)

• What'sthedesiredsecuritymodel?

• IsolationbetweenOS1/OS2(andprocesses)

• Noaccesstofilesystem,memorypages

• No"escape"fromprocess/OStohypervisor

• Whatcangowrong?

Page 16: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

IsolationProblems

Hardware

Hypervisor

OS1

P1 P2

OS2

P1 P2

DriversDrivers

Type-1Virtualization(VMwareWorkstation,VirtualBox)

• Informationleakage

• side-channelattacksusingsharedresources(instruction/memorycaches)

• Degradationofservice

• Violateperformanceisolation,OS1degradesOS2togetmoreCPUtimeornetworkbandwidth

• Otherproblems?

Page 17: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

VirtualMachineManagement

• Snapshots– Volumesnapshot/checkpoint• persistentstorageofVM• mustbootfromstoragewhenresumingsnapshot

– Fullsnapshot• persistentstorageandephemeralstorage(memory,registerstates,caches,etc.)

• start/resumeinbetween(essentially)arbitraryinstructions

• VMimageisafilethatstoresasnapshot

Page 18: anonymity & virtualization - University of Wisconsin–Madisonpages.cs.wisc.edu/~ace/media/lectures/tor.pdf · anonymity & virtualization adam everspaugh ace@cs.wisc.edu computer

recapAnonymous browsing, TOR

Virtualization types, use cases

Virtualization containment problems

Linux RNG and reset vulnerabilities


Anonymity - courses.cs.washington.edu

Anonymity - courses.cs.washington.edu

Measuring Anonymity Revisited

Measuring Anonymity Revisited

Protocols for Anonymity CS 395T. Overview uBasic concepts of anonymity Chaum’s MIX Dining cryptographers Knowledge-based definitions of anonymity uProbabilistic.

Protocols for Anonymity CS 395T. Overview uBasic concepts of anonymity Chaum’s MIX Dining cryptographers Knowledge-based definitions of anonymity uProbabilistic.

On the Anonymity of Anonymity Systems Andrei Serjantov schnur@gmail.com (anonymous)

On the Anonymity of Anonymity Systems Andrei Serjantov [email protected] (anonymous)

Anonymity Guide

Anonymity Guide

Virtualization 101. What is Virtualization? Desktop Virtualization Server Virtualization Network Virtualization Storage Virtualization Application.

Virtualization 101. What is Virtualization? Desktop Virtualization Server Virtualization Network Virtualization Storage Virtualization Application.

Anonymity - Beginnings

Anonymity - Beginnings

Cartographic Anonymity

Cartographic Anonymity

Analyzing Anonymity Protocols

Analyzing Anonymity Protocols

Anonymity and Sensitivity

Anonymity and Sensitivity

Anonymity - Background R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.

Anonymity - Background R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.

HORNET anonymity network

HORNET anonymity network

Virtualization 101. What is Virtualization? Types of Virtualization Desktop Virtualization Server Virtualization Network Virtualization Storage Virtualization.

Virtualization 101. What is Virtualization? Types of Virtualization Desktop Virtualization Server Virtualization Network Virtualization Storage Virtualization.

Protocols for Anonymity

Protocols for Anonymity

Anonymity BB 022107 - phlesig.files.wordpress.com · Anonymity Baggio & Belderrain©2007 Anonymity Risk 3 Anonymity Risk 2 Anonymity Risk 1 Accountability Risk 3 Accountability Risk

Anonymity BB 022107 - phlesig.files.wordpress.com · Anonymity Baggio & Belderrain©2007 Anonymity Risk 3 Anonymity Risk 2 Anonymity Risk 1 Accountability Risk 3 Accountability Risk

Anonymity – Crowds R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

Anonymity – Crowds R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

Electronic Voting R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

Electronic Voting R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

Anonymity, trust, accountability

Anonymity, trust, accountability

Dining Cryptographers R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.

Dining Cryptographers R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.

Jep Anonymity Crime

Jep Anonymity Crime