3,698 research outputs found
Routing for Security in Networks with Adversarial Nodes
We consider the problem of secure unicast transmission between two nodes in a
directed graph, where an adversary eavesdrops/jams a subset of nodes. This
adversarial setting is in contrast to traditional ones where the adversary
controls a subset of links. In particular, we study, in the main, the class of
routing-only schemes (as opposed to those allowing coding inside the network).
Routing-only schemes usually have low implementation complexity, yet a
characterization of the rates achievable by such schemes was open prior to this
work. We first propose an LP based solution for secure communication against
eavesdropping, and show that it is information-theoretically rate-optimal among
all routing-only schemes. The idea behind our design is to balance information
flow in the network so that no subset of nodes observe "too much" information.
Interestingly, we show that the rates achieved by our routing-only scheme are
always at least as good as, and sometimes better, than those achieved by
"na\"ive" network coding schemes (i.e. the rate-optimal scheme designed for the
traditional scenario where the adversary controls links in a network rather
than nodes.) We also demonstrate non-trivial network coding schemes that
achieve rates at least as high as (and again sometimes better than) those
achieved by our routing schemes, but leave open the question of characterizing
the optimal rate-region of the problem under all possible coding schemes. We
then extend these routing-only schemes to the adversarial node-jamming
scenarios and show similar results. During the journey of our investigation, we
also develop a new technique that has the potential to derive non-trivial
bounds for general secure-communication schemes
Introducing Accountability to Anonymity Networks
Many anonymous communication (AC) networks rely on routing traffic through
proxy nodes to obfuscate the originator of the traffic. Without an
accountability mechanism, exit proxy nodes risk sanctions by law enforcement if
users commit illegal actions through the AC network. We present BackRef, a
generic mechanism for AC networks that provides practical repudiation for the
proxy nodes by tracing back the selected outbound traffic to the predecessor
node (but not in the forward direction) through a cryptographically verifiable
chain. It also provides an option for full (or partial) traceability back to
the entry node or even to the corresponding user when all intermediate nodes
are cooperating. Moreover, to maintain a good balance between anonymity and
accountability, the protocol incorporates whitelist directories at exit proxy
nodes. BackRef offers improved deployability over the related work, and
introduces a novel concept of pseudonymous signatures that may be of
independent interest.
We exemplify the utility of BackRef by integrating it into the onion routing
(OR) protocol, and examine its deployability by considering several
system-level aspects. We also present the security definitions for the BackRef
system (namely, anonymity, backward traceability, no forward traceability, and
no false accusation) and conduct a formal security analysis of the OR protocol
with BackRef using ProVerif, an automated cryptographic protocol verifier,
establishing the aforementioned security properties against a strong
adversarial model
Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments
Decentralized systems are a subset of distributed systems where multiple
authorities control different components and no authority is fully trusted by
all. This implies that any component in a decentralized system is potentially
adversarial. We revise fifteen years of research on decentralization and
privacy, and provide an overview of key systems, as well as key insights for
designers of future systems. We show that decentralized designs can enhance
privacy, integrity, and availability but also require careful trade-offs in
terms of system complexity, properties provided, and degree of
decentralization. These trade-offs need to be understood and navigated by
designers. We argue that a combination of insights from cryptography,
distributed systems, and mechanism design, aligned with the development of
adequate incentives, are necessary to build scalable and successful
privacy-preserving decentralized systems
How to Specify and How to Prove Correctness of Secure Routing Protocols for MANET
Secure routing protocols for mobile ad hoc networks have been developed
recently, yet, it has been unclear what are the properties they achieve, as a
formal analysis of these protocols is mostly lacking. In this paper, we are
concerned with this problem, how to specify and how to prove the correctness of
a secure routing protocol. We provide a definition of what a protocol is
expected to achieve independently of its functionality, as well as
communication and adversary models. This way, we enable formal reasoning on the
correctness of secure routing protocols. We demonstrate this by analyzing two
protocols from the literature
HORNET: High-speed Onion Routing at the Network Layer
We present HORNET, a system that enables high-speed end-to-end anonymous
channels by leveraging next generation network architectures. HORNET is
designed as a low-latency onion routing system that operates at the network
layer thus enabling a wide range of applications. Our system uses only
symmetric cryptography for data forwarding yet requires no per-flow state on
intermediate nodes. This design enables HORNET nodes to process anonymous
traffic at over 93 Gb/s. HORNET can also scale as required, adding minimal
processing overhead per additional anonymous channel. We discuss design and
implementation details, as well as a performance and security evaluation.Comment: 14 pages, 5 figure
- …