A Privacy Evaluation of Nyx

Author

Savannah A. Norem, University of Tennessee, KnoxvilleFollow

Date of Award

8-2020

Degree Type

Thesis

Degree Name

Master of Science

Major

Computer Science

Major Professor

Maxfield J. Schuchard

Committee Members

Maxfield J. Schuchard, Scott I. Ruoti, Michael R. Jantz

Abstract

For this project, I will be analyzing the privacy leakage in a certain DDoS mitigation system. Nyx has been shown both in simulation and over live internet traffic to mitigate the effects of DDoS without any cooperation from downstream ASes and without any modifications to current routing protocols. However it does this through BPG-poisoning, which can unintentionally advertise information. This project explores what the traffic from Nyx looks like and what information can be gathered from it. Specifically, Nyx works by defining a deployer/critical relationship whose traffic is moved to maintain even under DDoS circumstances, and I will be evaluating how often that relationship can be discovered.

This project will analyze the privacy leakage in the Nyx DDoS mitigation system. Nyx's effectiveness in rerouting critical traffic around congestion has been demonstrated both in simulation and in practice. Importantly, Nyx functions without cooperation from downstream ASes or modifications to current routing protocols. However, Nyx achieves routing based DDoS mitigation through BGP poisoning, which can unintentionally advertise information. This project will analyze Nyx's BPG advertisements to evaluate its privacy implications. Specifically, this work studies whether an adversary can determine the critical relationship that the AS deploying Nyx has defined. We find that in the authors initial naive approach, finding this relationship is essentially trivial and an adversary can narrow down the critical relationship to a maximum of 4 out of 9,767 autonomous systems in the active internet topology. In their more complex approach found in we find that the critical relationship is more difficult to determine with significant accuracy, with our anonymity sets ranging from 3 to 7,788. This project then explores why that range is so large in an attempt to highlight how Nyx could become more privacy focused.

Recommended Citation

Norem, Savannah A., "A Privacy Evaluation of Nyx. " Master's Thesis, University of Tennessee, 2020.
https://trace.tennessee.edu/utk_gradthes/6245