Secure Trusted Overlay Networks for Robust Privacy-Protecting Communication

Опубликовано 6 сентября 2016, 6:07

In this talk we present STONe, Secure Trusted Overlay Network, a novel robust network infrastructure that provides privacy-preserving communication. STONe is the first network architecture based on attestation and strong process isolation in Trusted Computing. Using these features to protect the network stack against Byzantine failures, STONe is able to establish different protection techniques against common network attacks like denial-of-service, malicious routing updates or phishing attacks that disrupt network services and also intrude privacy. Further, to enhance privacy within the network it establishes novel measures against one of the most powerful attacks on privacy - traffic analysis. STONe makes three main contributions. First, STONe uses Trusted Computing to protect against Byzantine Failures on the network stack to provide an overlay network for scalable, efficient secure routing and end-to-end communication. Second, it is the first system to provide anonymous routing through load-balancing by random routing to preserve communication anonymity against a traffic analysis adversary. Third, on the application-level STONe provides trusted anonymous sockets (STONe Sockets) and a Trusted Name Service (TNS), an inexpensive trusted certification mechanism with one-way per-session authentication. Thus, it preserves privacy on the application-level and makes it hard for Internet spoofs like phishing to succeed. We implemented and evaluated a prototype of STONe on PlanetLab and show that it achieves its goals with reasonable impact on performance.