1,987 research outputs found
Introducing Accountability to Anonymity Networks
Many anonymous communication (AC) networks rely on routing traffic through
proxy nodes to obfuscate the originator of the traffic. Without an
accountability mechanism, exit proxy nodes risk sanctions by law enforcement if
users commit illegal actions through the AC network. We present BackRef, a
generic mechanism for AC networks that provides practical repudiation for the
proxy nodes by tracing back the selected outbound traffic to the predecessor
node (but not in the forward direction) through a cryptographically verifiable
chain. It also provides an option for full (or partial) traceability back to
the entry node or even to the corresponding user when all intermediate nodes
are cooperating. Moreover, to maintain a good balance between anonymity and
accountability, the protocol incorporates whitelist directories at exit proxy
nodes. BackRef offers improved deployability over the related work, and
introduces a novel concept of pseudonymous signatures that may be of
independent interest.
We exemplify the utility of BackRef by integrating it into the onion routing
(OR) protocol, and examine its deployability by considering several
system-level aspects. We also present the security definitions for the BackRef
system (namely, anonymity, backward traceability, no forward traceability, and
no false accusation) and conduct a formal security analysis of the OR protocol
with BackRef using ProVerif, an automated cryptographic protocol verifier,
establishing the aforementioned security properties against a strong
adversarial model
Seeking Anonymity in an Internet Panopticon
Obtaining and maintaining anonymity on the Internet is challenging. The state
of the art in deployed tools, such as Tor, uses onion routing (OR) to relay
encrypted connections on a detour passing through randomly chosen relays
scattered around the Internet. Unfortunately, OR is known to be vulnerable at
least in principle to several classes of attacks for which no solution is known
or believed to be forthcoming soon. Current approaches to anonymity also appear
unable to offer accurate, principled measurement of the level or quality of
anonymity a user might obtain.
Toward this end, we offer a high-level view of the Dissent project, the first
systematic effort to build a practical anonymity system based purely on
foundations that offer measurable and formally provable anonymity properties.
Dissent builds on two key pre-existing primitives - verifiable shuffles and
dining cryptographers - but for the first time shows how to scale such
techniques to offer measurable anonymity guarantees to thousands of
participants. Further, Dissent represents the first anonymity system designed
from the ground up to incorporate some systematic countermeasure for each of
the major classes of known vulnerabilities in existing approaches, including
global traffic analysis, active attacks, and intersection attacks. Finally,
because no anonymity protocol alone can address risks such as software exploits
or accidental self-identification, we introduce WiNon, an experimental
operating system architecture to harden the uses of anonymity tools such as Tor
and Dissent against such attacks.Comment: 8 pages, 10 figure
Blindspot: Indistinguishable Anonymous Communications
Communication anonymity is a key requirement for individuals under targeted
surveillance. Practical anonymous communications also require
indistinguishability - an adversary should be unable to distinguish between
anonymised and non-anonymised traffic for a given user. We propose Blindspot, a
design for high-latency anonymous communications that offers
indistinguishability and unobservability under a (qualified) global active
adversary. Blindspot creates anonymous routes between sender-receiver pairs by
subliminally encoding messages within the pre-existing communication behaviour
of users within a social network. Specifically, the organic image sharing
behaviour of users. Thus channel bandwidth depends on the intensity of image
sharing behaviour of users along a route. A major challenge we successfully
overcome is that routing must be accomplished in the face of significant
restrictions - channel bandwidth is stochastic. We show that conventional
social network routing strategies do not work. To solve this problem, we
propose a novel routing algorithm. We evaluate Blindspot using a real-world
dataset. We find that it delivers reasonable results for applications requiring
low-volume unobservable communication.Comment: 13 Page
TARANET: Traffic-Analysis Resistant Anonymity at the NETwork layer
Modern low-latency anonymity systems, no matter whether constructed as an
overlay or implemented at the network layer, offer limited security guarantees
against traffic analysis. On the other hand, high-latency anonymity systems
offer strong security guarantees at the cost of computational overhead and long
delays, which are excessive for interactive applications. We propose TARANET,
an anonymity system that implements protection against traffic analysis at the
network layer, and limits the incurred latency and overhead. In TARANET's setup
phase, traffic analysis is thwarted by mixing. In the data transmission phase,
end hosts and ASes coordinate to shape traffic into constant-rate transmission
using packet splitting. Our prototype implementation shows that TARANET can
forward anonymous traffic at over 50~Gbps using commodity hardware
- âŠ