From 385cc92bc91e1a6c3724085c060e76bf40c13ed3 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Tue, 15 Oct 2024 16:08:16 +0200 Subject: Import PhD thesis --- slides/src/body.tex | 502 +++++++++++++++++++++++++++++++++++++++++++++++ slides/src/preamble.tex | 120 +++++++++++ slides/src/titlepage.tex | 3 + 3 files changed, 625 insertions(+) create mode 100644 slides/src/body.tex create mode 100644 slides/src/preamble.tex create mode 100644 slides/src/titlepage.tex (limited to 'slides/src') diff --git a/slides/src/body.tex b/slides/src/body.tex new file mode 100644 index 0000000..2c38569 --- /dev/null +++ b/slides/src/body.tex @@ -0,0 +1,502 @@ +% +% Hi, welcome, , . +% + +% +% The outline is that I will start by introducing the problem area which spans +% Certificate Transparency, Tor, and the combination thereof. Following this, +% I will define my research questions and explain my contributions in broad +% strokes as a thesis overview. Then I will go some further detail regarding +% each contribution. I will wrap up with conclusions and future work as a take +% away. +% +\begin{frame} + \mktitle{Outline} + + \begin{columns} + \begin{column}{0.65\textwidth} + \centering\includegraphics[width=.8\columnwidth]{img/introduction/outline} + \end{column} + \begin{column}{0.35\textwidth} + \begin{enumerate} + \item Introduction + \item Thesis overview + \item Contributions + \item Take away + \end{enumerate} + \end{column} + \end{columns} + +\end{frame} + +%%% +% Introduction to my research area +%%% +\subtitle{Introduction} + +% +% Short answer: you're all browsing the web. Are you visiting the real +% authentic website? Certificates; much like a passport in the real world. +% Trusted party, police; but web = tie a domain name to public key. +% +% The first problem that my thesis plugs into: how do we detect certificate +% mis-issuance. I.e., what if one of these trusted parties issue a valid +% certificate to the attacker, either out of malice or due to a mistake? +% How would we detect that? What assumptions do we rely on to detect that? +% We look at this problem both in the context of regular browsing, but also +% in the context of Tor Browser. +% +% What is TB? FF fork, among other things route traffic through Tor. +% Guard, middle, relay. No relay sees both user IP and destination, gives +% anonymity. +% +% Second problem that my thesis plugs into: how is anonymity affected by +% the steps TB takes to load a website securely? +% +\begin{frame} + \mktitle{How is all of this related to you?} + + \begin{columns} + \begin{column}{0.5\textwidth} + \centering\includegraphics[width=\columnwidth]{img/introduction/chromium}\\ + Web browsing + \end{column} + \begin{column}{0.5\textwidth} + \centering\includegraphics[width=\columnwidth]{img/introduction/tb}\\ + Possibly with Tor Browser + \end{column} + \end{columns} + +\end{frame} +% +% Okay, so I mentioned certs, cert issuance, and cert mis-issuance several +% times now. How does that actually work? +% +% CSR, log a preliminary version of the certificate in a public CT log. If CT +% is new to you, think of this as a public append-only list of certificates. +% Fantastic because...monitor. +% +% To complete issuance of a certificate, the certificate authority waits for +% a signed promise that the preceritifcate will be appended within 24h. This +% is hardcoded into the final certificate which is served by browsers. +% +% Browser that support CT like Chrome, reject cert unless two promises. +% +% This is certificate transparency as deployed at a glance. +% +% Now if you take the time to think about this setup, you will likely ask +% questions like how could you verify that these promises are honored? And +% even if you do, how would do you know that you see the same logs as everyone +% else? If I'm a log operator, I could... +% +\begin{frame} + \mktitle{Some preliminaries, Certificate Transparency what?} + + \begin{columns} + \begin{column}{0.485\textwidth} + \centering\includegraphics[width=\columnwidth]{img/introduction/ct-issuance}\\\vspace{0.33cm} + \textbf{Certificate issuance} + \end{column} + \dashedline + \begin{column}{0.485\textwidth} + \centering\includegraphics[width=.7\columnwidth]{img/introduction/ct-policy}\\\vspace{0.9cm} + \textbf{Browser behavior} + \end{column} + \end{columns} + + \pause\vfill\alert{Why should we take log promises at face value?} +\end{frame} + +%%% +% Overview of research questions and contributions +%%% +\subtitle{Research questions and overview} + +\begin{frame} + \mktitle{Research questions} + + \begin{enumerate} + \item Can trust requirements in Certificate Transparency be reduced in practise? + \pause\item How can authentication of websites be improved in the context of Tor Browser? + \pause\item How do the protocols used during website visits affect unlinkability between Tor users and their destination websites? + \end{enumerate} + + \pause\hfill\includegraphics[width=0.6\textwidth]{img/overview/wf}\\\vspace{.123cm} + %\pause\hfill\alert{plus active measures within Tor's threat model} +\end{frame} + +%%% +% Contributions in more detail +%%% +\subtitle{Contributions} + +% +% 6 papers, published in... Together they make 6 collective contributions. +% 1. ...; here we're addressing an additional trust dependency that often arises +% in practise as websites monitor the logs. We more or less eliminate a trusted +% party. +% 2. ...; i will define this problem in more detail soon, but it's basically +% about if I as a log operator provide *YOU* with one append-only list of +% certificates and everyone else a different list of append-only certificate, +% how would we detect that I'm misbehaving and telling you different things? +% We propose "gossip mechanisms" that address this problem. +% 3. ...; the short summary is that we show how to gradually add certificate +% transparency in Tor Browser. The full design does not place any trust in CT +% logs that isn't verified. We also explore how onion services - those sites +% that are only available through the Tor network - can benefit from CT: +% 4. ...; here we introduce the security abstraction of a website oracle. If +% you're familiar with cryptography it's much like an enc/dec oracle, except +% that it is tailor for evaluation of website fingerprinting attacks. It +% helps us model how the protocols used during website visits can make WF +% attacks more reliable by significantly reducing false positives. We discuss +% many ways to gain access to our security abstraction in the real world, such +% as volunteering to operate a certificate transparency log, but also focus on +% lower-cost attacks. This brings me to the next contribution. +% 5. ...; the gist is that I can, on my laptop from my spotty wifi, implement a +% real-world website oracle with high accuracy using side-channels in DNS. As +% this is a serious threat to the anonymity provided by Tor, we also proposed +% a defense that would eliminate the entire side-channel if deployed. +% +% +\begin{frame} + \mktitle{Contributions} + + \begin{tikzpicture}[remember picture,overlay] + \node[anchor=north east, xshift=2pt] (n1) at (current page.north east) {\textbf{RQ3:} ``exploit protocols for deanonymization''}; + \node[left=0pt of n1] (n2) {\textbf{RQ2:} ``CT+Tor''}; + \node[left=0pt of n2] (n3) {\textbf{RQ1:} ``less trust reqs in CT''}; + \end{tikzpicture} + + \begin{columns} + \begin{column}{.56\textwidth} + \begin{enumerate} + \item<2-> Reduced trust in third-party monitoring + %with a signed tree head extension that shifts trust from + %non-cryptographic certificate notifications to a log's gossip-audit + %model (or if such a model does not exist yet, the logs themselves). + \item<3-> Increased probability of split-view detection + %by proposing gossip protocols that disseminate signed tree heads + %without bidirectional communication. + \item<4-> Improved detectability of website hijacks targeting Tor Browser + %by proposing privacy-preserving and gradual roll-outs of Certificate + %Transparency in Tor. + \item<5-> An extension of the attacker model for website fingerprinting + %that provides attackers with the capability of querying a website + %oracle. + \item<6-> Remotely-exploitable probing-attacks on Tor's DNS cache + %instantiate a real-world website oracle without any special attacker + %capabilities or reach. + \item<7-> A redesign of Tor's DNS cache to defend against all (timeless) + timing attacks + %while retaining or improving performance compared to today. + \end{enumerate} + \end{column} + \begin{column}{.5\textwidth} + % Mention two two blog posts + % Mention two papers with merged Tor code (bug fixes / mitigations) + \centering\includegraphics[width=\columnwidth]{img/overview/thesis}\\\vspace{.33cm} + \end{column} + \end{columns} + +\end{frame} + +\begin{frame} + \mktitle{C1: Reduced trust in third-party monitoring} + + \begin{columns} + \begin{column}{0.5\textwidth} + \centering\includegraphics[width=\columnwidth]{img/contribs/lwm-problem}\\\vspace{0.33cm} + \textbf{Problem} + \end{column} + + \pause\dashedline + \begin{column}{0.35\textwidth} + \centering\includegraphics[width=.95\columnwidth]{img/contribs/lwm-solution}\\\vspace{0.33cm} + \textbf{Solution} + \end{column} + \end{columns} + + % + % Merkle town: ~250.000 new certs/hour (May 2023), assume all of them in every + % log and a tree head frequency of one hours as specified in the paper. There + % are 17 logs to monitor (May, 2023). We need two audit paths per log. + % + % >>> 2 * log(250000, 2) * 32 * 17 / (1024) + % 19.052291604906934 + % + % So, the overhead per LWM subject is roughly 19KiB per day. The 10Mbps for + % self-monitoring is based on real bandwidth monitoring (from sauteed onions). + % + % (Times num logs.) + % + \pause\vfill\alert{Secure in multi-instance setting, small performance overhead} +\end{frame} + +% +% The split-view problem can be defined as follows... +% We propose two approaches towards the split-view problem in the thesis. +% +% The first one plugs into CT-over-DNS; at the time of writing paper -> was +% being deployed by Chrome. The idea is to interact with the logs to verify +% that a certificate is included by fetching proofs through your DNS resolver. +% This effectively makes DNS into a proxy for communicating with the logs, +% which is not an additional privacy leak because you have already revealed +% to your DNS resolver which website your visiting when looking up a domain +% name. Our observation is that if plaintext DNS traffic is used to interact +% with the logs, then intermediate routers and switches on the internet are +% in a position to verify if the users that share the same vantage points see +% the same append-only logs, notably without the users having to do any of +% the split-view detection because its provided as a service by the network. +% Exactly about how we implemented and evaluated this is available in the +% thesis. +% +% The second one +\begin{frame} + \mktitle{C2: Increased probability of split-view detection} + + \begin{columns} + \begin{column}{0.323\textwidth} + \vspace{1.112cm} + \centering\includegraphics[width=\columnwidth]{img/contribs/split-view}\\ + \vspace{1.112cm} + \textbf{Problem} + \end{column} + + \pause\dashedline + \begin{column}{0.323\textwidth} + \vspace{1.112cm} + \centering\includegraphics[width=\columnwidth]{img/contribs/ctga-intuition}\\ + \vspace{1.112cm} + \textbf{Solution (1/2)} + \end{column} + + %\pause\dashedline + %\begin{column}{0.323\textwidth} + % \centering\includegraphics[width=\columnwidth]{img/contribs/ctga-gossip}\\ + % \textbf{Solution} + %\end{column} + \pause\dashedline + \begin{column}{0.323\textwidth} + \centering\includegraphics[width=\columnwidth]{img/contribs/ctor-gossip}\\ + \textbf{Solution (2/2)} + \end{column} + + \end{columns} + + %\pause\vfill\alert{Aggregation indistinguishability, incremental roll-out measurements} + +\end{frame} + +%\begin{frame} +% \mktitle{C2: Increased probability of split-view detection} +% +% \begin{columns} +% \begin{column}{0.323\textwidth} +% \vspace{1.15cm} +% \centering\includegraphics[width=\columnwidth]{img/contribs/split-view}\\ +% \vspace{1.15cm} +% \textbf{Problem} +% \end{column} +% +% \dashedline +% \begin{column}{0.323\textwidth} +% \vspace{1.15cm} +% \centering\includegraphics[width=\columnwidth]{img/contribs/ctor-setting}\\ +% \vspace{1.15cm} +% \textbf{Setting} +% \end{column} +% +% \pause\dashedline +% \begin{column}{0.323\textwidth} +% \centering\includegraphics[width=\columnwidth]{img/contribs/ctor-gossip}\\ +% \textbf{Solution} +% \end{column} +% \end{columns} +% +%\end{frame} + +\begin{frame} + \mktitle{C3: Improved detectability of website hijacks targeting Tor Browser} + + \begin{columns} + \begin{column}{.485\textwidth} + \centering\includegraphics[width=.8\columnwidth]{img/contribs/ctor-full}\\\vspace{.33cm} + \textbf{Solution (continued)} + \end{column} + + \pause\dashedline + \begin{column}{.485\textwidth} + Attacker capabilities + \begin{itemize} + \item Vanilla Tor Browser threat model + \item Plus zero-day on Tor Browser + \item Plus operates enough logs + \end{itemize} + + \pause\vspace{.33cm} + Security + \begin{itemize} + \item Break any of the four phases + \item ``Break'' must go unnoticed + \end{itemize} + \end{column} + \end{columns} + + \pause\vfill\alert{Gradual roll out, also use-cases relating to onion services} + %\pause\vfill\alert{Small performance overhead, incremental roll-out plan} +\end{frame} + +%\begin{frame} +% \mktitle{Onion address discovery benefits from transparency as well (C3)} +% +% \begin{tikzpicture}[remember picture,overlay] +% \node[anchor=north] (n1) at (current page.north) {\tiny{\texttt{cyigahm4clwlimo6mfl4yjie5fwfbhlbuag57xo3kimk6invht6ffrad.onion}}}; +% \end{tikzpicture} +% +% \pause +% \begin{columns} +% \begin{column}{0.67\textwidth} +% \begin{itemize} +% \item What is the onion address of example.com? +% \pause\item What onion addresses are discovered for my site? +% \pause\item Sounds familiar? +% \end{itemize} +% \end{column} +% +% \pause\dashedline +% \begin{column}{0.33\textwidth} +% \centering +% \includegraphics[width=.5\columnwidth]{img/contribs/sauteed-cert}\\ +% \textbf{Extend certificate} +% \end{column} +% \end{columns} +% +% \pause\vfill\alert{One view of domain names to onion addresses, forward censorship resistance} +%\end{frame} + +% +% Kom ihåg att nämna website oracle "as a security abstraction", referens för andra +% +\begin{frame} + \mktitle{C4: An extension of the attacker model for website fingerprinting} + \begin{columns} + \begin{column}{0.59\textwidth} + \centering\includegraphics[width=\columnwidth]{img/contribs/wfwo-setting}\\ + \end{column} + + \pause\dashedline + \begin{column}{.49\textwidth} + \begin{itemize} + \item Smaller destination anonymity set + \pause\item Eliminates most false positives for Alexa top-10k and beyond + \pause\item Gaining access to a website oracle? + \end{itemize} + \end{column} + \end{columns} + + \pause\vfill\alert{Certificate Transaprency logs, Certificate Authorities, ...} +\end{frame} + +\begin{frame} + \mktitle{C5: Remotely-exploitable probing-attacks on Tor's DNS cache} + + \begin{columns} + \begin{column}{0.49\textwidth} + \centering\includegraphics[width=\columnwidth]{img/contribs/dns-timing}\\\vspace{.33cm} + \textbf{Timing attack} + \end{column} + + \pause\dashedline + \begin{column}{0.49\textwidth} + \vspace{.5cm} + \centering\includegraphics[width=\columnwidth]{img/contribs/tlwo-uncached}\\\vspace{.83cm} + \textbf{Timeless timing attack} + \end{column} + \end{columns} + + % + % Timing, 17.3\% TPR + % - Google DNS? 16.8\%\\ + % - Cloudflare DNS? 7.4\%\\ + % + % Timeless + % Type & Got uncached & Got cached & Failures \\ + % Uncached & $6,034,779$ & $0$ & $2,858$ \\ + % Cached & $0$ & $6,034,594$ & $142$ \\ + % + \pause\vfill\alert{12M repetitions in the live Tor network, fully reliable attack prototype} +\end{frame} + +\begin{frame} + \mktitle{C6: A redesign of Tor's DNS cache to\\defend against all (timeless) timing attacks} + \begin{columns} + \begin{column}{0.49\textwidth} + \centering\includegraphics[width=\columnwidth]{img/contribs/tlwo-preload}\\\vspace{.33cm} + \textbf{Preloaded DNS cache} + \end{column} + + \pause\dashedline + \begin{column}{0.44\textwidth} + \centering\includegraphics[width=\columnwidth]{img/contribs/tlwo-heatmap-web} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \mktitle{Summary of research methods} + + \begin{columns} + \begin{column}{0.25\textwidth} + \centering\includegraphics[width=\columnwidth]{img/take-away/methods-proofs}\\ + Threat modelling, + proof sketching + \end{column} + + \begin{column}{0.25\textwidth} + \centering\includegraphics[width=\columnwidth]{img/take-away/methods-measurements}\\ + Real-world measurements + \end{column} + + \begin{column}{0.25\textwidth} + \centering\includegraphics[width=\columnwidth]{img/take-away/methods-simulation}\\ + Network simulation\\ + \, + \end{column} + + \begin{column}{0.25\textwidth} + \centering\includegraphics[width=\columnwidth]{img/take-away/methods-prototyping}\\ + Prototyping and evaluation + \end{column} + \end{columns} + +\end{frame} + +\subtitle{Take away} +\begin{frame} + \vfill + \begin{columns} + \begin{column}{.75\textwidth} + \mktitle{Take away} + \vspace{.33cm} + \begin{itemize} + \item Trust requirements can be reduced wrt.\ monitors and logs + \item Certificate Transparency can work in Tor Browser's setting + \item The website fingerprinting threat model could be stronger + \item ``On...'' + \end{itemize} + \end{column} + \begin{column}{.35\textwidth} + \centering\includegraphics[width=\columnwidth]{img/take-away/take-away} + \end{column} + \end{columns} +\end{frame} + +%%% +% Thanks +%%% +\subtitle{Collaborators and funders} + +\begin{frame} + \vfill + \centering\includegraphics[width=.7\textwidth]{img/thanks} +\end{frame} diff --git a/slides/src/preamble.tex b/slides/src/preamble.tex new file mode 100644 index 0000000..24c4fbb --- /dev/null +++ b/slides/src/preamble.tex @@ -0,0 +1,120 @@ +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% Packages % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\usepackage[utf8]{inputenc} + +\usepackage[ + lambda, advantage, operators, sets, adversary, landau, probability, notions, + logic, ff, mm, primitives, events, complexity, asymptotics, keys +]{cryptocode} + +\usepackage{rotate} +\usepackage{graphicx} +\usepackage{mathtools} +\usepackage{amsmath} +\usepackage{amssymb} +\usepackage{flowchart} +\usepackage{smartdiagram} +\usepackage{pifont} +\usepackage{wasysym} +\usepackage{graphicx} +\usepackage{color} +\usepackage{drawstack} +\usepackage{tikz} +\usepackage{tikz-qtree} +\usetikzlibrary{ + arrows,% + decorations.markings,% + backgrounds,% + calc,% + fit,% + positioning,% + shapes.misc,% + shadows,% + shapes.arrows,% + shapes,% + snakes,% +} +\usepackage{booktabs} +\usepackage{smartdiagram} +%\usepackage{floatrow}% this one causes error on arch for some reason +\usepackage[position=bottom]{subfig} % environment for nested figures + +\usepackage{xcolor} +\definecolor{darkGreen}{HTML}{008000} +\definecolor{darkBlue}{HTML}{2809B2} +\definecolor{darkRed}{HTML}{CC0000} +\definecolor{darkGray}{HTML}{808080} +\definecolor{darkOrange}{HTML}{D77D00} +\definecolor{darkPurple}{HTML}{800080} +\colorlet{lightGray}{gray!33} +\colorlet{lightYellow}{yellow!50} +\definecolor{darkGreen}{HTML}{008000} +\definecolor{darkBlue}{HTML}{2809B2} +\definecolor{darkRed}{HTML}{CC0000} + +\usepackage{hyperref} +\hypersetup{ + colorlinks = true, % Color links instead of boxes + urlcolor = darkBlue, % Color external hyper links + linkcolor = darkBlue, % Color internal links + citecolor = darkBlue, % Color citations +} + +% Figures, tables and code +\usepackage{booktabs} +\usepackage{colortbl} +\usepackage{flowchart} +\usepackage{adjustbox} +\usepackage{listings} + +\lstdefinestyle{CStyle}{ + backgroundcolor=\color{lightGray!25}, + commentstyle=\color{darkGreen}, + keywordstyle=\color{darkBlue}, + numberstyle=\tiny\color{darkRed}, + stringstyle=\color{darkPurple}, + basicstyle=\footnotesize, + breakatwhitespace=false, + breaklines=false, + captionpos=b, + keepspaces=true, + numbers=left, + numbersep=5pt, + showspaces=false, + showstringspaces=false, + showtabs=false, + tabsize=2, + language=C, + morekeywords={size_t,def,in,zip,True,False,ord,u8,u64}, +} + +\setbeamertemplate{itemize item}[circle] +\setbeamertemplate{itemize subitem}[default] +\setbeamertemplate{caption}[numbered] + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% Defines % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\makeatletter +\let\@@magyar@captionfix\relax %needed for \titlefloatright +\makeatother + +\newcommand{\tyes}{\textcolor{darkGreen}{\ding{51}}} +\newcommand{\tno}{\textcolor{darkRed}{\ding{55}}} +\newcommand{\burl}[1]{\tiny{\url{#1}}} +\newcommand{\TODO}[1]{\textcolor{red}{TODO}: #1} +\newcommand{\floatright}[1]{\hspace{0pt plus 1 filll}#1$\;$} + +\def\rding{\rotatebox[origin=c]{-91}{\ding{224}}} +\def\lding{\rotatebox[origin=c]{91}{\ding{224}}} + +\newcommand{\dashedline}{% + \begin{column}{0.01\textwidth} + \centering + \tikz\draw[dashed] (0,0) -- (0,3); + \end{column}% +} + +% TODO: fix this properly... +\newcommand{\mktitle}[1]{\centering\textbf{\large#1}\vfill\normalsize} diff --git a/slides/src/titlepage.tex b/slides/src/titlepage.tex new file mode 100644 index 0000000..9b18039 --- /dev/null +++ b/slides/src/titlepage.tex @@ -0,0 +1,3 @@ +\begin{frame} + \titlepage +\end{frame} -- cgit v1.2.3