TARANET: Traffic-Analysis Resistant Anonymity at the NETwork layer

Modern low-latency anonymity systems, no matter whether constructed as an overlay or implemented at the network layer, offer limited security guarantees against traffic analysis. On the other hand, high-latency anonymity systems offer strong security guarantees at the cost of computational overhead and long delays, which are excessive for interactive applications. We propose TARANET, an anonymity system that implements protection against traffic analysis at the network layer, and limits the incurred latency and overhead. In TARANET's setup phase, traffic analysis is thwarted by mixing. In the data transmission phase, end hosts and ASes coordinate to shape traffic into constant-rate transmission using packet splitting. Our prototype implementation shows that TARANET can forward anonymous traffic at over 50~Gbps using commodity hardware

Hummingbird: A Flexible and Lightweight Inter-Domain Bandwidth-Reservation System

The current Internet lacks a bandwidth-reservation infrastructure that enables fine-grained inter-domain reservations for end hosts. This is hindering the provisioning of quality-of-service guarantees for real-time applications like video calls and gaming, cloud-based systems, financial transactions, telesurgery, and other remote applications that benefit from reliable communication. This paper introduces Hummingbird, a novel lightweight inter-domain bandwidth-reservation system that addresses several shortcomings of previous designs. Hummingbird supports flexible and composable reservations and enables end-to-end guarantees without requiring autonomous systems to manage reservations for their endhosts. Previous systems tied reservations to autonomous-system numbers or network addresses, which limits the flexibility of reservations. In contrast, our system decouples reservations from network identities and, as a result, the control plane from the data plane. This design choice facilitates multiple co-existing control-plane mechanisms and enables innovative approaches, such as a control plane based on blockchain smart contracts that offers tradeable bandwidth-reservation assets and end-to-end guarantees. The data-plane design ensures simplicity for efficient processing on border routers, which streamlines implementation, deployment, and traffic policing while maintaining robust security properties.Comment: 14 pages, 7 figure

TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer

Modern low-latency anonymity systems, no matter whether constructed as an overlay or implemented at the network layer, offer limited security guarantees against traffic analysis. On the other hand, high-latency anonymity systems offer strong security guarantees at the cost of computational overhead and long delays, which are excessive for interactive applications. We propose TARANET, an anonymity system that implements protection against traffic analysis at the network layer, and limits the incurred latency and overhead. In TARANET's setup phase, traffic analysis is thwarted by mixing. In the data transmission phase, end hosts and ASes coordinate to shape traffic into constant-rate transmission using packet splitting. Our prototype implementation shows that TARANET can forward anonymous traffic at over 50 Gbps using commodity hardware