An anonymity layer for JXTA service

Open Access Documen

Blindspot: Indistinguishable Anonymous Communications

Communication anonymity is a key requirement for individuals under targeted surveillance. Practical anonymous communications also require indistinguishability - an adversary should be unable to distinguish between anonymised and non-anonymised traffic for a given user. We propose Blindspot, a design for high-latency anonymous communications that offers indistinguishability and unobservability under a (qualified) global active adversary. Blindspot creates anonymous routes between sender-receiver pairs by subliminally encoding messages within the pre-existing communication behaviour of users within a social network. Specifically, the organic image sharing behaviour of users. Thus channel bandwidth depends on the intensity of image sharing behaviour of users along a route. A major challenge we successfully overcome is that routing must be accomplished in the face of significant restrictions - channel bandwidth is stochastic. We show that conventional social network routing strategies do not work. To solve this problem, we propose a novel routing algorithm. We evaluate Blindspot using a real-world dataset. We find that it delivers reasonable results for applications requiring low-volume unobservable communication.Comment: 13 Page

Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview of key systems, as well as key insights for designers of future systems. We show that decentralized designs can enhance privacy, integrity, and availability but also require careful trade-offs in terms of system complexity, properties provided, and degree of decentralization. These trade-offs need to be understood and navigated by designers. We argue that a combination of insights from cryptography, distributed systems, and mechanism design, aligned with the development of adequate incentives, are necessary to build scalable and successful privacy-preserving decentralized systems

Seeking Anonymity in an Internet Panopticon

Obtaining and maintaining anonymity on the Internet is challenging. The state of the art in deployed tools, such as Tor, uses onion routing (OR) to relay encrypted connections on a detour passing through randomly chosen relays scattered around the Internet. Unfortunately, OR is known to be vulnerable at least in principle to several classes of attacks for which no solution is known or believed to be forthcoming soon. Current approaches to anonymity also appear unable to offer accurate, principled measurement of the level or quality of anonymity a user might obtain. Toward this end, we offer a high-level view of the Dissent project, the first systematic effort to build a practical anonymity system based purely on foundations that offer measurable and formally provable anonymity properties. Dissent builds on two key pre-existing primitives - verifiable shuffles and dining cryptographers - but for the first time shows how to scale such techniques to offer measurable anonymity guarantees to thousands of participants. Further, Dissent represents the first anonymity system designed from the ground up to incorporate some systematic countermeasure for each of the major classes of known vulnerabilities in existing approaches, including global traffic analysis, active attacks, and intersection attacks. Finally, because no anonymity protocol alone can address risks such as software exploits or accidental self-identification, we introduce WiNon, an experimental operating system architecture to harden the uses of anonymity tools such as Tor and Dissent against such attacks.Comment: 8 pages, 10 figure

Maintaining unlinkability in group based P2P environments

In the wake of the success of Peer-to-Peer (P2P) networking, security has arisen as one of its main concerns, becoming a key issue when evaluating a P2P system. Unfortunately, some systems' design focus targeted issues such as scalabil-ity or overall performance, but not security. As a result, security mechanisms must be provided at a later stage, after the system has already been designed and partially (or even fully) implemented, which may prove a cumbersome proposition. This work exposes how a security layer was provided under such circumstances for a specic Java based P2P framework: JXTA-Overlay.Arran de l'èxit de (P2P) peer-to-peer, la seguretat ha sorgit com una de les seves principals preocupacions, esdevenint una qüestió clau en l'avaluació d'un sistema P2P. Malauradament, alguns sistemes de disseny apunten focus de problemes com l'escalabilitat o l'acompliment general, però no de seguretat. Com a resultat d'això, els mecanismes de seguretat s¿han de proporcionar en una etapa posterior, després que el sistema ja ha estat dissenyat i parcialment (o fins i tot totalment) implementat, la qual cosa pot ser una proposició incòmode. Aquest article exposa com es va proveir una capa de seguretat sota aquestes circumstàncies per un Java específic basat en un marc P2P: JXTA-superposició.A raíz del éxito de (P2P) peer-to-peer, la seguridad ha surgido como una de sus principales preocupaciones, convirtiéndose en una cuestión clave en la evaluación de un sistema P2P. Desgraciadamente, algunos sistemas de diseño apuntan un foco de problemas como la escalabilidad o el desempeño general, pero no de seguridad. Como resultado de ello, los mecanismos de seguridad se proporcionarán en una etapa posterior, después de que el sistema ya ha sido diseñado y parcialmente (o incluso totalmente) implementado, lo que puede ser una proposición incómodo. Este artículo expone cómo se proveyó una capa de seguridad bajo estas circunstancias por un Java específico basado en un marco P2P: JXTA-superposición

Social networking for anonymous communication systems: a survey

Anonymous communication systems have been around for sometime, providing anonymity, enhanced privacy, and censorship circumvention. A lot has been done, since Chaum's seminal paper on mix networks, in preventing attacks able to undermine the anonymity provided by these systems. This, however, is goal difficult to achieve due to the de-centralized nature of these systems. In the end it boils down to finding a subset of trusted nodes to be placed in critical positions of the communication path. But the question remains: "How to know if a given node can be trusted?". In this paper we present a survey of a new research area which goal is to exploit trust in social links to solve some of the shortcomings of anonymous communication systems. Recent research shows that by using social networking features it is possible to prevent traffic analysis attacks and even detect Sybil attacks