Towards efficient traffic-analysis resistant anonymity networks

Authors:
Stevens Le Blond

MPI-SWS, Kaiserslautern, WA, USA

MPI-SWS, Kaiserslautern, WA, USA
View Profile

,
David Choffnes

University of Washington / Northeastern University, Seattle / Boston, USA

University of Washington / Northeastern University, Seattle / Boston, USA
View Profile

,
Wenxuan Zhou

UIUC, Urbana-Champaign, USA

UIUC, Urbana-Champaign, USA
View Profile

,
Peter Druschel

MPI-SWS, Saarbrucken, Germany

MPI-SWS, Saarbrucken, Germany
View Profile

,
Hitesh Ballani

Microsoft research, Cambridge, United Kingdom

Microsoft research, Cambridge, United Kingdom
View Profile

,
Paul Francis

MPI-SWS, Kaiserslautern, Germany

MPI-SWS, Kaiserslautern, Germany
View Profile

ACM SIGCOMM Computer Communication Review Volume 43 Issue 4October 2013pp 303–314https://doi.org/10.1145/2534169.2486002

Published:27 August 2013Publication History

ACM SIGCOMM Computer Communication Review

Abstract

Existing IP anonymity systems tend to sacrifice one of low latency, high bandwidth, or resistance to traffic-analysis. High-latency mix-nets like Mixminion batch messages to resist traffic-analysis at the expense of low latency. Onion routing schemes like Tor deliver low latency and high bandwidth, but are not designed to withstand traffic analysis. Designs based on DC-nets or broadcast channels resist traffic analysis and provide low latency, but are limited to low bandwidth communication.

In this paper, we present the design, implementation, and evaluation of Aqua, a high-bandwidth anonymity system that resists traffic analysis. We focus on providing strong anonymity for BitTorrent, and evaluate the performance of Aqua using traces from hundreds of thousands of actual BitTorrent users. We show that Aqua achieves latency low enough for efficient bulk TCP flows, bandwidth sufficient to carry BitTorrent traffic with reasonable efficiency, and resistance to traffic analysis within anonymity sets of hundreds of clients. We conclude that Aqua represents an interesting new point in the space of anonymity network designs.

References

HideMyAss.com doesn't hide logs from the FBI. http://blog.hidemyass.com/2011/09/23/lulzsec-fiasco/.Google Scholar
Private communication with a large European ISP, 2012.Google Scholar
Bamford, J. The NSA Is Building the Country's Biggest Spy Center (Watch What You Say), 2012. http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1.Google Scholar
Berthold, O., Federrath, H., and Köpsell, S. Web MIXes: A system for anonymous and unobservable Internet access. In Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability (July 2000), H. Federrath, Ed., Springer-Verlag, LNCS 2009, pp. 115--129. Google ScholarDigital Library
Chaum, D. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24, 2 (February 1981). Google ScholarDigital Library
Chaum, D. The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1 (1988), 65--75. Google ScholarCross Ref
Choffnes, D. R., and Bustamante, F. E. Taming the torrent: A practical approach to reducing cross-ISP traffic in P2P systems. In Proceedings of SIGCOMM (August 2008). Google ScholarDigital Library
Dai, W. Pipenet 1.1. Post to Cypherpunks mailing list, November 1998.Google Scholar
Danezis, G. The traffic analysis of continuous-time mixes. In Proceedings of Privacy Enhancing Technologies workshop (PET 2004) (May 2004), vol. 3424 of LNCS, pp. 35--50. Google ScholarDigital Library
Danezis, G., Dingledine, R., and Mathewson, N. Mixminion: Design of a Type III Anonymous Remailer Protocol. In Proceedings of the 2003 IEEE Symposium on Security and Privacy (May 2003), pp. 2--15. Google ScholarDigital Library
Dingledine, R., Mathewson, N., and Syverson, P. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium (August 2004). Google ScholarDigital Library
Freedman, M. J., and Morris, R. Tarzan: A peer-to-peer anonymizing network layer. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002) (Washington, DC, November 2002). Google ScholarDigital Library
Furukawa, J., and Sako, K. An efficient scheme for proving a shuffle. In In Proceedings of CRYPTO'01 (2001), Springer-Verlag, pp. 368--387. Google ScholarDigital Library
Goldschlag, D. M., Reed, M. G., and Syverson, P. F. Hiding Routing Information. In Proceedings of Information Hiding: First International Workshop (May 1996), R. Anderson, Ed., Springer-Verlag, LNCS 1174, pp. 137--150. Google ScholarDigital Library
Gülcü, C., and Tsudik, G. Mixing E-mail with Babel. In Proceedings of the Network and Distributed Security Symposium - NDSS '96 (February 1996), IEEE, pp. 2--16. Google ScholarDigital Library
Juels, A. Dining cryptographers revisited. In Advances in Cryptology (EUROCRYPT 2004), Springer LNCS 3027 (2004), pp. 456--473.Google Scholar
Katti, S., Jeff, J. C., and Katabi, D. Information slicing: anonymity using unreliable overlays. In Proceedings of the 4th USENIX conference on Networked systems design & implementation (Berkeley, CA, USA, 2007), NSDI'07, USENIX Association, pp. 4--4. Google ScholarDigital Library
Landsiedel, O., Pimenidis, L., Wehrle, K., Niedermayer, H., and Carle, G. Dynamic multipath onion routing in anonymous peer-to-peer overlay networks. In Proceedings of GLOBECOM (2007), pp. 64--69.Google ScholarCross Ref
Larsson, S., Svensson, M., de Kaminski, M., Rönkkö, K., and Olsson, J. A. Law, Norms, Piracy and Online Anonymity: Practices of De-identification in the Global File Sharing Community. Proceedings of Journal of Research in Interactive Marketing 6, 4 (2012).Google Scholar
Levine, B. N., Reiter, M. K., Wang, C., and Wright, M. K. Timing attacks in low-latency mix-based systems. In Proceedings of Financial Cryptography (FC '04) (February 2004), A. Juels, Ed., Springer-Verlag, LNCS 3110, pp. 251--265.Google ScholarCross Ref
Möller, U., Cottrell, L., Palfrader, P., and Sassaman, L. Mixmaster Protocol -- Version 2. IETF Internet Draft, July 2003.Google Scholar
Neff, C. A. A verifiable secret shuffle and its application to e-voting. ACM Press, pp. 116--125. Google ScholarDigital Library
Øverlier, L., and Syverson, P. Locating hidden servers. In Proceedings of the 2006 IEEE Symposium on Security and Privacy (May 2006), IEEE CS. Google ScholarDigital Library
Rennhard, M., and Plattner, B. Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2002) (Washington, DC, USA, November 2002). Google ScholarDigital Library
Shane, S., and Burns, J. F. U.S. Subpoenas Twitter Over WikiLeaks Supporters, 2011. http://www.nytimes.com/2011/01/09/world/09wiki.html.Google Scholar
Sherwood, R., Bhattacharjee, B., and Srinivasan, A. P5: A protocol for scalable anonymous communication. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (May 2002). Google ScholarDigital Library
Shostack, A., and Goldberg, I. Freedom systems 1.0 security issues and analysis. White paper, Zero Knowledge Systems, Inc., October 2001.Google Scholar
Syverson, P., Tsudik, G., Reed, M., and Landwehr, C. Towards an Analysis of Onion Routing Security. In Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability (July 2000), H. Federrath, Ed., Springer-Verlag, LNCS 2009, pp. 96--114. Google ScholarDigital Library
Wang, X., Chen, S., and Jajodia, S. Tracking anonymous peer-to-peer voip calls on the internet. In Proceedings of the ACM Conference on Computer and Communications Security (November 2005), pp. 81--91. Google ScholarDigital Library
Wolinsky, D. I., Corrigan-Gibbs, H., and Ford, B. Dissent in numbers: Making strong anonymity scale. In Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation (October 2012). Google ScholarDigital Library
Yang, Z., Zhong, S., and Wright, R. N. Anonymity-preserving data collection. In Proceedings of the 11th ACM SIGKDD International Conference on Knowledge Discovery in Data Mining (2005), pp. 334--343. Google ScholarDigital Library
Zhu, Y., and Bettati, R. Unmixing mix traffic. In Proceedings of Privacy Enhancing Technologies workshop (PET 2005) (May 2005), pp. 110--127. Google ScholarDigital Library
Zhu, Y., Fu, X., Graham, B., Bettati, R., and Zhao, W. On flow correlation attacks and countermeasures in mix networks. In Proceedings of Privacy Enhancing Technologies workshop (PET 2004) (May 2004), vol. 3424 of LNCS, pp. 207--225. Google ScholarDigital Library

Index Terms

Towards efficient traffic-analysis resistant anonymity networks
1. Networks
  1. Network architectures

Recommendations

Herd: A Scalable, Traffic Analysis Resistant Anonymity Network for VoIP Systems
SIGCOMM '15: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication

Effectively anonymizing Voice-over-IP (VoIP) calls requires a scalable anonymity network that is resilient to traffic analysis and has sufficiently low delay for high-quality voice calls. The popular Tor anonymity network, for instance, is not designed ...
Read More
Towards efficient traffic-analysis resistant anonymity networks
SIGCOMM '13: Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM

Existing IP anonymity systems tend to sacrifice one of low latency, high bandwidth, or resistance to traffic-analysis. High-latency mix-nets like Mixminion batch messages to resist traffic-analysis at the expense of low latency. Onion routing schemes ...
Read More
Conditional anonymity with non-probabilistic adversary

We propose a new notion of anonymity, called set-theoretic conditional anonymity.We compare the hierarchy of strong anonymity and the hierarchy of conditional anonymity.We define a metric for set-theoretic conditional anonymity.We improve an existing ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM SIGCOMM Computer Communication Review Volume 43, Issue 4
October 2013
595 pages
ISSN:0146-4833
DOI:10.1145/2534169
Issue’s Table of Contents
SIGCOMM '13: Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
August 2013
580 pages
ISBN:9781450320566
DOI:10.1145/2486001
General Chairs:
Dah Ming Chiu
Chinese University of Hong Kong, China
,
Jia Wang
AT&T Labs - Research, USA
,
Program Chairs:
Paul Barford
University of Wisconsin, USA
,
Srinivasan Seshan
Carnegie Mellon University, USA
Copyright © 2013 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 27 August 2013
Check for updates
Author Tags
anonymity networks
p2p file sharing
strong anonymity
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 38
  Total Citations
  View Citations
- 1,436
  Total Downloads
- Downloads (Last 12 months)135
- Downloads (Last 6 weeks)22
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Towards efficient traffic-analysis resistant anonymity networks

ACM SIGCOMM Computer Communication Review

Abstract

References

Cited By

Index Terms

Recommendations

Herd: A Scalable, Traffic Analysis Resistant Anonymity Network for VoIP Systems

Towards efficient traffic-analysis resistant anonymity networks

Conditional anonymity with non-probabilistic adversary