3 research outputs found
TARANET: Traffic-Analysis Resistant Anonymity at the NETwork layer
Modern low-latency anonymity systems, no matter whether constructed as an
overlay or implemented at the network layer, offer limited security guarantees
against traffic analysis. On the other hand, high-latency anonymity systems
offer strong security guarantees at the cost of computational overhead and long
delays, which are excessive for interactive applications. We propose TARANET,
an anonymity system that implements protection against traffic analysis at the
network layer, and limits the incurred latency and overhead. In TARANET's setup
phase, traffic analysis is thwarted by mixing. In the data transmission phase,
end hosts and ASes coordinate to shape traffic into constant-rate transmission
using packet splitting. Our prototype implementation shows that TARANET can
forward anonymous traffic at over 50~Gbps using commodity hardware
Hummingbird: A Flexible and Lightweight Inter-Domain Bandwidth-Reservation System
The current Internet lacks a bandwidth-reservation infrastructure that
enables fine-grained inter-domain reservations for end hosts. This is hindering
the provisioning of quality-of-service guarantees for real-time applications
like video calls and gaming, cloud-based systems, financial transactions,
telesurgery, and other remote applications that benefit from reliable
communication. This paper introduces Hummingbird, a novel lightweight
inter-domain bandwidth-reservation system that addresses several shortcomings
of previous designs.
Hummingbird supports flexible and composable reservations and enables
end-to-end guarantees without requiring autonomous systems to manage
reservations for their endhosts. Previous systems tied reservations to
autonomous-system numbers or network addresses, which limits the flexibility of
reservations. In contrast, our system decouples reservations from network
identities and, as a result, the control plane from the data plane. This design
choice facilitates multiple co-existing control-plane mechanisms and enables
innovative approaches, such as a control plane based on blockchain smart
contracts that offers tradeable bandwidth-reservation assets and end-to-end
guarantees. The data-plane design ensures simplicity for efficient processing
on border routers, which streamlines implementation, deployment, and traffic
policing while maintaining robust security properties.Comment: 14 pages, 7 figure
TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer
Modern low-latency anonymity systems, no matter whether constructed as an overlay or implemented at the network layer, offer limited security guarantees against traffic analysis. On the other hand, high-latency anonymity systems offer strong security guarantees at the cost of computational overhead and long delays, which are excessive for interactive applications. We propose TARANET, an anonymity system that implements protection against traffic analysis at the network layer, and limits the incurred latency and overhead. In TARANET's setup phase, traffic analysis is thwarted by mixing. In the data transmission phase, end hosts and ASes coordinate to shape traffic into constant-rate transmission using packet splitting. Our prototype implementation shows that TARANET can forward anonymous traffic at over 50 Gbps using commodity hardware