Abstract
Existing IP anonymity systems tend to sacrifice one of low latency, high bandwidth, or resistance to traffic-analysis. High-latency mix-nets like Mixminion batch messages to resist traffic-analysis at the expense of low latency. Onion routing schemes like Tor deliver low latency and high bandwidth, but are not designed to withstand traffic analysis. Designs based on DC-nets or broadcast channels resist traffic analysis and provide low latency, but are limited to low bandwidth communication.
In this paper, we present the design, implementation, and evaluation of Aqua, a high-bandwidth anonymity system that resists traffic analysis. We focus on providing strong anonymity for BitTorrent, and evaluate the performance of Aqua using traces from hundreds of thousands of actual BitTorrent users. We show that Aqua achieves latency low enough for efficient bulk TCP flows, bandwidth sufficient to carry BitTorrent traffic with reasonable efficiency, and resistance to traffic analysis within anonymity sets of hundreds of clients. We conclude that Aqua represents an interesting new point in the space of anonymity network designs.
- HideMyAss.com doesn't hide logs from the FBI. http://blog.hidemyass.com/2011/09/23/lulzsec-fiasco/.Google Scholar
- Private communication with a large European ISP, 2012.Google Scholar
- Bamford, J. The NSA Is Building the Country's Biggest Spy Center (Watch What You Say), 2012. http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1.Google Scholar
- Berthold, O., Federrath, H., and Köpsell, S. Web MIXes: A system for anonymous and unobservable Internet access. In Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability (July 2000), H. Federrath, Ed., Springer-Verlag, LNCS 2009, pp. 115--129. Google ScholarDigital Library
- Chaum, D. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24, 2 (February 1981). Google ScholarDigital Library
- Chaum, D. The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1 (1988), 65--75. Google ScholarCross Ref
- Choffnes, D. R., and Bustamante, F. E. Taming the torrent: A practical approach to reducing cross-ISP traffic in P2P systems. In Proceedings of SIGCOMM (August 2008). Google ScholarDigital Library
- Dai, W. Pipenet 1.1. Post to Cypherpunks mailing list, November 1998.Google Scholar
- Danezis, G. The traffic analysis of continuous-time mixes. In Proceedings of Privacy Enhancing Technologies workshop (PET 2004) (May 2004), vol. 3424 of LNCS, pp. 35--50. Google ScholarDigital Library
- Danezis, G., Dingledine, R., and Mathewson, N. Mixminion: Design of a Type III Anonymous Remailer Protocol. In Proceedings of the 2003 IEEE Symposium on Security and Privacy (May 2003), pp. 2--15. Google ScholarDigital Library
- Dingledine, R., Mathewson, N., and Syverson, P. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium (August 2004). Google ScholarDigital Library
- Freedman, M. J., and Morris, R. Tarzan: A peer-to-peer anonymizing network layer. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002) (Washington, DC, November 2002). Google ScholarDigital Library
- Furukawa, J., and Sako, K. An efficient scheme for proving a shuffle. In In Proceedings of CRYPTO'01 (2001), Springer-Verlag, pp. 368--387. Google ScholarDigital Library
- Goldschlag, D. M., Reed, M. G., and Syverson, P. F. Hiding Routing Information. In Proceedings of Information Hiding: First International Workshop (May 1996), R. Anderson, Ed., Springer-Verlag, LNCS 1174, pp. 137--150. Google ScholarDigital Library
- Gülcü, C., and Tsudik, G. Mixing E-mail with Babel. In Proceedings of the Network and Distributed Security Symposium - NDSS '96 (February 1996), IEEE, pp. 2--16. Google ScholarDigital Library
- Juels, A. Dining cryptographers revisited. In Advances in Cryptology (EUROCRYPT 2004), Springer LNCS 3027 (2004), pp. 456--473.Google Scholar
- Katti, S., Jeff, J. C., and Katabi, D. Information slicing: anonymity using unreliable overlays. In Proceedings of the 4th USENIX conference on Networked systems design & implementation (Berkeley, CA, USA, 2007), NSDI'07, USENIX Association, pp. 4--4. Google ScholarDigital Library
- Landsiedel, O., Pimenidis, L., Wehrle, K., Niedermayer, H., and Carle, G. Dynamic multipath onion routing in anonymous peer-to-peer overlay networks. In Proceedings of GLOBECOM (2007), pp. 64--69.Google ScholarCross Ref
- Larsson, S., Svensson, M., de Kaminski, M., Rönkkö, K., and Olsson, J. A. Law, Norms, Piracy and Online Anonymity: Practices of De-identification in the Global File Sharing Community. Proceedings of Journal of Research in Interactive Marketing 6, 4 (2012).Google Scholar
- Levine, B. N., Reiter, M. K., Wang, C., and Wright, M. K. Timing attacks in low-latency mix-based systems. In Proceedings of Financial Cryptography (FC '04) (February 2004), A. Juels, Ed., Springer-Verlag, LNCS 3110, pp. 251--265.Google ScholarCross Ref
- Möller, U., Cottrell, L., Palfrader, P., and Sassaman, L. Mixmaster Protocol -- Version 2. IETF Internet Draft, July 2003.Google Scholar
- Neff, C. A. A verifiable secret shuffle and its application to e-voting. ACM Press, pp. 116--125. Google ScholarDigital Library
- Øverlier, L., and Syverson, P. Locating hidden servers. In Proceedings of the 2006 IEEE Symposium on Security and Privacy (May 2006), IEEE CS. Google ScholarDigital Library
- Rennhard, M., and Plattner, B. Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2002) (Washington, DC, USA, November 2002). Google ScholarDigital Library
- Shane, S., and Burns, J. F. U.S. Subpoenas Twitter Over WikiLeaks Supporters, 2011. http://www.nytimes.com/2011/01/09/world/09wiki.html.Google Scholar
- Sherwood, R., Bhattacharjee, B., and Srinivasan, A. P5: A protocol for scalable anonymous communication. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (May 2002). Google ScholarDigital Library
- Shostack, A., and Goldberg, I. Freedom systems 1.0 security issues and analysis. White paper, Zero Knowledge Systems, Inc., October 2001.Google Scholar
- Syverson, P., Tsudik, G., Reed, M., and Landwehr, C. Towards an Analysis of Onion Routing Security. In Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability (July 2000), H. Federrath, Ed., Springer-Verlag, LNCS 2009, pp. 96--114. Google ScholarDigital Library
- Wang, X., Chen, S., and Jajodia, S. Tracking anonymous peer-to-peer voip calls on the internet. In Proceedings of the ACM Conference on Computer and Communications Security (November 2005), pp. 81--91. Google ScholarDigital Library
- Wolinsky, D. I., Corrigan-Gibbs, H., and Ford, B. Dissent in numbers: Making strong anonymity scale. In Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation (October 2012). Google ScholarDigital Library
- Yang, Z., Zhong, S., and Wright, R. N. Anonymity-preserving data collection. In Proceedings of the 11th ACM SIGKDD International Conference on Knowledge Discovery in Data Mining (2005), pp. 334--343. Google ScholarDigital Library
- Zhu, Y., and Bettati, R. Unmixing mix traffic. In Proceedings of Privacy Enhancing Technologies workshop (PET 2005) (May 2005), pp. 110--127. Google ScholarDigital Library
- Zhu, Y., Fu, X., Graham, B., Bettati, R., and Zhao, W. On flow correlation attacks and countermeasures in mix networks. In Proceedings of Privacy Enhancing Technologies workshop (PET 2004) (May 2004), vol. 3424 of LNCS, pp. 207--225. Google ScholarDigital Library
Index Terms
- Towards efficient traffic-analysis resistant anonymity networks
Recommendations
Herd: A Scalable, Traffic Analysis Resistant Anonymity Network for VoIP Systems
SIGCOMM '15: Proceedings of the 2015 ACM Conference on Special Interest Group on Data CommunicationEffectively anonymizing Voice-over-IP (VoIP) calls requires a scalable anonymity network that is resilient to traffic analysis and has sufficiently low delay for high-quality voice calls. The popular Tor anonymity network, for instance, is not designed ...
Towards efficient traffic-analysis resistant anonymity networks
SIGCOMM '13: Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMMExisting IP anonymity systems tend to sacrifice one of low latency, high bandwidth, or resistance to traffic-analysis. High-latency mix-nets like Mixminion batch messages to resist traffic-analysis at the expense of low latency. Onion routing schemes ...
Conditional anonymity with non-probabilistic adversary
We propose a new notion of anonymity, called set-theoretic conditional anonymity.We compare the hierarchy of strong anonymity and the hierarchy of conditional anonymity.We define a metric for set-theoretic conditional anonymity.We improve an existing ...
Comments