Design and Implementation of Secure Trusted Overlay Networks (thesis)
Abstract:
Denial-of-service attacks, malicious routing updates, and online
identity theft are clearly on the rise on the Internet, costing the US
industry billions of dollars. In reaction, there is a large effort to
design new technologies such as Trusted Computing that solve many of
these problems efficiently. However, state-of-the-art systems for
anonymous communication have various weaknesses against traffic
analysis and are often designed for one specific purpose. So far,
Trusted Computing has not been considered for improving the efficiency
of Internet anonymity and privacy and building a general-purpose
architecture to solve the problem.In this thesis we describe the design and implementation of Secure
Trusted Overlay Networks (STONe). STONe is the first system for
general-purpose anonymous communication that is entirely based on
Trusted Computing. STONe significantly improves anonymous
communication on the Internet and makes three main
contributions. First, STONe uses Trusted Computing to protect against
Byzantine Failures on the network stack to provide an overlay network
for scalable, efficient secure routing, and end-to-end
communication. This prevents many active denial-of-service attacks on
an anonymity network and provides a foundation for more robust
protection against traffic analysis. Second, STONe is the first system
to provide anonymous routing through load-balancing by random routing
previously used for local cluster networks. This turns out to better
protect against most existing traffic analysis attacks. Such attacks
have yet been difficult to come by, namely the Predecessor Attack and
the Intersection Attack. Third, on the application-level, STONe
provides application-level anonymity through trusted anonymous sockets
and a trusted name service, an inexpensive trusted certification
mechanism with one-way per-session authentication. We implemented and
evaluated a prototype of STONe on PlanetLab and show that it
significantly outperforms state-of-the-art systems for anonymous
communication at the expense of additional Trusted Computing hardware.