-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmaybenot.tex
293 lines (268 loc) · 9.34 KB
/
maybenot.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
%!TEX program = xelatex
\pdfminorversion=4 % required for impressive presentation tool
\documentclass[xcolor=x11names,dvipsnames,aspectratio=169]{beamer}
\usepackage{graphicx}
\usepackage{textcomp}
\usepackage{flowchart}
\usepackage[absolute,overlay]{textpos}
\usepackage{tikz}
\usetikzlibrary{
shapes.misc,positioning,arrows,decorations.markings,shapes.arrows
}
\tikzset{set/.style={draw,circle,inner sep=0pt,align=center}}
\tikzset{brace/.style={decorate, decoration={brace}},
brace mirrored/.style={decorate, decoration={brace,mirror}}}
\pgfdeclarelayer{background}
\pgfsetlayers{background,main}
\usepackage[
lambda, advantage, operators, sets, adversary, landau, probability, notions,
logic, ff, mm, primitives, events, complexity, asymptotics, keys
]{cryptocode}
\usetheme{Dart}
\definecolor{rust}{RGB}{222,165,132}
\definecolor{tor}{RGB}{148,0,255}
\title{Maybenot}
\subtitle{A framework for traffic analysis defenses}
\author{\href{https://pulls.name}{Tobias Pulls} and \href{https://www.ethanwitwer.com/}{Ethan Witwer}}
\date{26 November 2023}
\begin{document}
\frame{\titlepage}
\setcounter{showSlideNumbers}{0}
\begin{frame}{Patterns in encrypted data}
\framesubtitle{CC BY-SA 4.0 \url{https://words.filippo.io/the-ecb-penguin/}}
\begin{center}
\includegraphics<1>[width=.3\textwidth]{img/Tux}
\includegraphics<1>[width=.3\textwidth]{img/tux-ecb}
\includegraphics<1>[width=.3\textwidth]{img/tux-rng}
\end{center}
\end{frame}
\begin{frame}{Patterns in encrypted network traffic}
\framesubtitle{from Tor, 514 byte cells}
\begin{center}
\includegraphics<1>[width=.9\textwidth]{img/trace-nopadding}%
\end{center}
\end{frame}
\begin{frame}{Patterns in encrypted network traffic}
\framesubtitle{from Tor, 514 byte cells}
\begin{columns}
\begin{column}{0.4\textwidth}
\begin{itemize}
\item wikipedia.org, 10 articles
\vspace{0.8cm}
\item amazon.com, 10 products
\vspace{0.8cm}
\item reddit.com, 10 subreddits
\vspace{0.8cm}
\item okezone.com, 10 articles
\vspace{0.8cm}
\item yahoo.co.jp, 10 articles
\end{itemize}
\end{column}
\begin{column}{0.6\textwidth}
\begin{center}
\includegraphics<1>[width=.9\textwidth]{img/trace-nopadding-cut}%
\end{center}
\end{column}
\end{columns}
\end{frame}
\begin{frame}{Goal of Maybenot: increase attacker uncertainty \includegraphics<1>[width=.022\textwidth]{img/maybenot}}
\framesubtitle{black/white = received/sent nonpadding, red/green = received/sent padding}
\begin{columns}
\begin{column}{0.5\textwidth}
\begin{center}
\includegraphics<1>[width=.9\textwidth]{img/trace-nopadding-cut}%
\end{center}
\end{column}
\begin{column}{0.5\textwidth}
\begin{center}
\includegraphics<1>[width=.9\textwidth]{img/interspace}%
\end{center}
\end{column}
\end{columns}
\end{frame}
\section{Maybenot framework}
\begin{frame}{Why a framework?}
\framesubtitle{early days of deploying good-enough defenses}
\begin{columns}
\begin{column}{0.55\textwidth}
\begin{itemize}
\item perfect or \alert{good enough} defenses
\item moving target -- advances in AI
\item different types of traffic analysis attacks
\item different protocols, similar needs
\item \alert{orchestrate} defenses
\end{itemize}
\end{column}
\begin{column}{0.45\textwidth}
\begin{center}
\includegraphics<1>[width=.45\textwidth]{img/setting-tls}\\
\vspace{0.4cm}
\includegraphics<1>[width=.65\textwidth]{img/setting-vpn}\\
\vspace{0.4cm}
\includegraphics<1>[width=.85\textwidth]{img/setting-tor}
\end{center}
\end{column}
\end{columns}
\end{frame}
\begin{frame}{Maybenot framework}
\framesubtitle{a framework for traffic analysis defenses}
\begin{columns}
\begin{column}{0.3\textwidth}
\begin{center}
\includegraphics<1>[width=.9\textwidth]{img/framework}%
\end{center}
\end{column}
\begin{column}{0.7\textwidth}
\begin{itemize}
\item {a small light-weight library in \color{rust}Rust}
\item generalization and extension of the {\color{tor}Tor Circuit
Padding Framework} by Perry and Kadianakis
\bigskip
\item defenses as probabilistic state \alert{machines}
\item with tunable \alert{limits} on padding and blocking
\bigskip
\item integration is simple
\begin{description}
\item[input] trigger \alert{events}
\item[output] schedule \alert{actions}
\end{description}
\bigskip
\item related work: QCSD by Smith et al., WFDefProxy by Gong et al.,
Proteus by Wails et al.
\end{itemize}
\end{column}
\end{columns}
\end{frame}
\section{Maybenot simulator}
\begin{frame}{Maybenot simulator}
\framesubtitle{because collecting real-world datasets takes time}
\begin{columns}
\begin{column}{0.55\textwidth}
\begin{itemize}
\item another simple {\color{rust}Rust} library
\item input
\begin{itemize}
\item base network trace
\item machines at client and server
\item simulation parameters: e.g., limits and network model
\end{itemize}
\item output: simulated network trace
\item rapid \alert{prototyping} of defenses
\end{itemize}
\end{column}
\begin{column}{0.5\textwidth}
\begin{center}
\includegraphics<1>[width=.99\textwidth]{img/sim-9-sites-criterion}%
\end{center}
\end{column}
\end{columns}
\end{frame}
\section{Maybenot defenses}
\begin{frame}{Defense 1: FRONT}
\framesubtitle{Jiajun Gong and Tao Wang. \emph{Zero-delay Lightweight Defenses against Website Fingerprinting}. USENIX Security 2020.}
\begin{columns}
\begin{column}{0.55\textwidth}
\begin{itemize}
\item a lightweight padding-based defense
\item on each side of a connection:
\begin{itemize}
\item sample a padding count $n = [1, N]$
\item sample a window $w = [W_{min}, W_{max}]$
\item select $n$ time values from a Rayleigh distribution with $\sigma = w$
\item send a packet at each time
\end{itemize}
\end{itemize}
\end{column}
\begin{column}{0.5\textwidth}
\begin{center}
\large{\alert{trace}} \\
+ \\
\tiny{\hfill} \\
\includegraphics<1>[width=.99\textwidth]{img/rayleigh.png}%
\end{center}
\end{column}
\end{columns}
\end{frame}
\begin{frame}{Maybenot FRONT}
\framesubtitle{a straightforward approach}
\begin{center}
\includegraphics<1>[width=.8\textwidth]{img/maybenot-front.png}%
\end{center}
\end{frame}
\begin{frame}{Pipelined FRONT}
\framesubtitle{towards a closer approximation}
\begin{center}
\includegraphics<1>[width=.8\textwidth]{img/maybenot-piplined-front.png}%
\end{center}
\end{frame}
\begin{frame}{Defense 2: RegulaTor}
\framesubtitle{James K Holland and Nicholas Hopper. \emph{RegulaTor: A Straightforward Website Fingerprinting Defense}. PETS 2022.}
\begin{columns}
\begin{column}{0.55\textwidth}
\begin{itemize}
\item regularization defense for Tor
\item send traffic at a fixed rate $R$ initially, decrease via decay function: rate = $RD^t$
\item if the number of queued cells exceeds a threshold, restart the surge (reset $t_0$)
\item optimizations:
\begin{itemize}
\item padding budget
\item $C$ parameter for upload traffic
\end{itemize}
\end{itemize}
\end{column}
\begin{column}{0.5\textwidth}
\begin{center}
\includegraphics<1>[width=.99\textwidth]{img/regulator-defended.png}%
\end{center}
\end{column}
\end{columns}
\end{frame}
\begin{frame}{Maybenot RegulaTor}
\framesubtitle{the relay-side machine}
\begin{center}
\includegraphics<1>[width=.6\textwidth]{img/maybenot-regulator.png}%
\end{center}
\end{frame}
\begin{frame}{Maybenot RegulaTor}
\framesubtitle{the client-side machine}
\begin{center}
\includegraphics<1>[width=.6\textwidth]{img/maybenot-regulator-client.png}%
\end{center}
\end{frame}
\begin{frame}{Evaluation results}
\framesubtitle{Tobias Pulls and Ethan Witwer. \emph{Maybenot: A Framework for Traffic Analysis Defenses}. WPES 2023.}
\begin{center}
\includegraphics<1>[width=.85\textwidth]{img/wpes-table}%
\end{center}
\end{frame}
\section{Wrap-up}
\begin{frame}{Challenges}
\framesubtitle{simplicity vs. expressiveness}
\begin{itemize}
\item some defenses aren't designed for state machine models
\begin{itemize}
\item we can only approximate their behavior
\item large machines may be needed to do so
\end{itemize}
\item specific challenges in implementing defenses
\begin{itemize}
\item no event for queued cells
\item no clean mechanism for counting
\item no precise way to measure time
\end{itemize}
\item new features added in v2 of the framework
\end{itemize}
\end{frame}
\begin{frame}{Takeaways}
\framesubtitle{``you don't know the power of the dark side''}
\begin{itemize}
\item \url{https://crates.io/crates/{maybenot, maybenot-simulator}}
\item \url{https://github.com/ewitwer/maybenot-defenses}
\bigskip
\item continue building bottom-up
\item improve simulator
\item learn from integrations
\end{itemize}
\end{frame}
\backmatter
\end{document}