55 research outputs found
The Loopix Anonymity System
We present Loopix, a low-latency anonymous communication system that provides bi-directional 'third-party' sender and receiver anonymity and unobservability. Loopix leverages cover traffic and brief message delays to provide anonymity and achieve traffic analysis resistance, including against a global network adversary. Mixes and clients self-monitor the network via loops of traffic to provide protection against active attacks, and inject cover traffic to provide stronger anonymity and a measure of sender and receiver unobservability. Service providers mediate access in and out of a stratified network of Poisson mix nodes to facilitate accounting and off-line message reception, as well as to keep the number of links in the system low, and to concentrate cover traffic. We provide a theoretical analysis of the Poisson mixing strategy as well as an empirical evaluation of the anonymity provided by the protocol and a functional implementation that we analyze in terms of scalability by running it on AWS EC2. We show that a Loopix relay can handle upwards of 300 messages per second, at a small delay overhead of less than 1.5 ms on top of the delays introduced into messages to provide security. Overall message latency is in the order of seconds - which is low for a mix-system. Furthermore, many mix nodes can be securely added to a stratified topology to scale throughput without sacrificing anonymity
Low-latency mix networks for anonymous communication
Every modern online application relies on the network layer to transfer information, which exposes the metadata associated with digital communication. These distinctive characteristics encapsulate equally meaningful information as the content of the communication itself and allow eavesdroppers to uniquely identify users and their activities. Hence, by exposing the IP addresses and by analyzing patterns of the network traffic, a malicious entity can deanonymize most online communications. While content confidentiality has made significant progress over the years, existing solutions for anonymous communication which protect the network metadata still have severe limitations, including centralization, limited security, poor scalability, and high-latency. As the importance of online privacy increases, the need to build low-latency communication systems with strong security guarantees becomes necessary. Therefore, in this thesis, we address the problem of building multi-purpose anonymous networks that protect communication privacy. To this end, we design a novel mix network Loopix, which guarantees communication unlinkability and supports applications with various latency and bandwidth constraints. Loopix offers better security properties than any existing solution for anonymous communications while at the same time being scalable and low-latency. Furthermore, we also explore the problem of active attacks and malicious infrastructure nodes, and propose a Miranda mechanism which allows to efficiently mitigate them. In the second part of this thesis, we show that mix networks may be used as a building block in the design of a private notification system, which enables fast and low-cost online notifications. Moreover, its privacy properties benefit from an increasing number of users, meaning that the system can scale to millions of clients at a lower cost than any alternative solution
Stopping Silent Sneaks: Defending against Malicious Mixes with Topological Engineering
Mixnets provide strong meta-data privacy and recent academic research and
industrial projects have made strides in making them more secure, performance,
and scalable. In this paper, we focus our work on stratified Mixnets -- a
popular design with real-world adoption -- and identify that there still exist
heretofore inadequately explored practical aspects such as: relay sampling and
topology placement, network churn, and risks due to real-world usage patterns.
We show that, due to the lack of incorporating these aspects, Mixnets of this
type are far more susceptible to user deanonymization than expected. In order
to reason and resolve these issues, we model Mixnets as a three-stage
``Sample-Placement-Forward'' pipeline, and using the results of our evaluation
propose a novel Mixnet design, Bow-Tie. Bow-Tie mitigates user deanonymization
through a novel adaption of Tor's guard design with an engineered guard layer
and client guard-logic for stratified mixnets. We show that Bow-Tie has
significantly higher user anonymity in the dynamic setting, where the Mixnet is
used over a period of time, and is no worse in the static setting, where the
user only sends a single message. We show the necessity of both the guard layer
and client guard-logic in tandem as well as their individual effect when
incorporated into other reference designs. Ultimately, Bow-Tie is a significant
step towards addressing the gap between the design of Mixnets and practical
deployment and wider adoption because it directly addresses real-world user and
Mixnet operator concerns
MixFlow: Assessing Mixnets Anonymity with Contrastive Architectures and Semantic Network Information
Traffic correlation attacks have illustrated challenges with protecting communication meta-data, yet short flows as in messaging applications like Signal have been protected by practical Mixnets such as Loopix from prior traffic correlation attacks. This paper introduces a novel traffic correlation attack against short-flow applications like Signal that are tunneled through practical Mixnets like Loopix. We propose the MixFlow model, an approach for analyzing the unlinkability of communications through Mix networks. As a prominent example, we do our analysis on Loopix.
The MixFlow is a contrastive model that looks for semantic relationships between entry and exit flows, even if the traffic is tunneled through Mixnets that protect meta-data like Loopix via Poisson mixing delay and cover traffic.
We use the MixFlow model to evaluate the resistance of Loopix Mix networks against an adversary that observes only the inflow and outflow of Mixnet and tries to correlate communication flows. Our experiments indicate that the MixFlow model is exceptionally proficient in connecting end-to-end flows, even when the Poison delay and cover traffic are increased. These findings challenge the conventional notion that adding Poisson mixing delay and cover traffic can obscure the metadata patterns and relationships between communicating parties. Despite the implementation of Poisson mixing countermeasures in Mixnets, MixFlow is still capable of effectively linking end-to-end flows, enabling the extraction of meta-information and correlation between inflows and outflows. Our findings have important implications for existing Poisson-mixing techniques and open up new opportunities for analyzing the anonymity and unlinkability of communication protocols
Formal Foundations for Anonymous Communication
Mit jeder Online-Tätigkeit hinterlassen wir digitale Fußspuren. Unternehmen und Regierungen nutzen die privaten Informationen, die von den riesigen Datenmengen der Online-Spuren abgeleitet werden können, um ihre Nutzer und Büger zu manipulieren. Als Gegenmaßnahme wurden anonyme Kommunikationsnetze vorgeschlagen. Diesen fehlen jedoch umfassende formale Grundlagen und folglich ist der Vergleich zwischen verschiedenen Ansätzen nur sehr eingeschränkt möglich.
Mit einer gemeinsamen Grundlage zwischen allen Forschern und Entwicklern von anonymen Kommunikationsnetzen können Missverständnisse vermieden werden und die dringend benötigte Entwicklung von den Netzen wird beschleunigt. Mit Vergleichbarkeit zwischen den Lösungen, können die für den jeweiligen Anwendungsfall optimalen Netze besser identifiziert und damit die Entwicklungsanstrengungen gezielter auf Projekte verteilt werden. Weiterhin ermöglichen formale Grundlagen und Vergleichbarkeit ein tieferes Verständnis für die Grenzen und Effekte der eingesetzten Techniken zu erlangen.
Diese Arbeit liefert zuerst neue Erkenntnisse zu generellen Formalisierungen für anonyme Kommunikation, bevor sie sich dann auf die praktisch am meisten verbreitete Technik konzentriert: Onion Routing und Mix Netzwerke. Als erstes wird die Vergleichbarkeit zwischen Privatsphärezielen sichergestellt, indem sie formal definiert und miteinander verglichen werden. Dabei enteht eine umfangreiche Hierarchie von eindeutigen Privatsphärezielen. Als zweites werden vorgeschlagene Netzwerke analysiert, um deren Grundbausteine zu identifizieren und deren Schutz als Auswirkung in der Hierarchy zu untersuchen.
Diese Grunlagen erlauben Konflikte und Schwachstellen in existierenden Arbeiten zu entdecken und aufzuklären. Genauer zeigt sich damit, dass basierend of derselben informalen Definition verschieden stark schützende formale Versionen entstanden sind. Weiterhin werden in dieser Arbeit die Notions genutzt um existierende Unmöglichkeitsresultate für anonyme Kommunikation zu vergleichen. Dabei wird nicht nur die erste vollständige Sicht auf alle bekannten Schranken für anonyme Kommunikationsnetze gegeben, sondern mit einem tiefgründigen Ansatz werden die existierenden Schranken auch gestärkt und zu praktischen, dem Stand der Kunst entsprechenden Netzen in Bezug gesetzt. Letztlich konnten durch die generellen Betrachtungen von vorgeschlagenen Netzwerken und ihren Grundbausteinen, insbesondere auch Angriffe auf die vorherrschende Klasse von anonymen Kommunikationsnetzen gefunden werden: auf Onion Routing und Mix-Netzwerke.
Davon motiviert wurden als zweiter Teil dieser Arbeit die formalen Grundlagen und praktisch eingesetzten Lösungen for Onion Routing und Mix-Netzwerke untersucht. Dabei wurde festgestellt, dass die bereits erwähnten Angriffe teilweise auf eine fehlerhafte, aber weit verbreitete Beweisstrategie für solche Netze zurückzuführen sind und es wurde eine sichere Beweisstrategie als deren Ersatz vorgeschlagen. Weiterhin wurde die neue Strategie für ein vorgeschlagenes, aber bisher nicht weiter verwendetes Paketformat eingesetzt und dieses als sicher bewiesen. Dieses Paketformat unterstützt allerdings keine Rückantworten, was höchstwahrscheinlich der Grund ist, aus dem sich aktuelle Netze auf ein unsicheres Paketformat verlassen. Deshalb wurde im Rahmen dieser Arbeit eine konzeptuelle, sichere Lösung für Onion Routing mit Rückantworten entworfen.
Als weitere verwandte Beiträge, zeigt die Arbeit Beziehungen von Teilen der generellen Ergebnisse für anonyme Kommunikationsnetze zu ähnlichen, aber bisher hauptsächlich getrennt betrachteten Forschungsbereichen, wie Privatsphäre auf der Bitübertragungsschicht, Kontaktnachverfolgung und privatsphäre-schützenden, digitalen Bezahlsystemen
On Privacy Notions in Anonymous Communication
Many anonymous communication networks (ACNs) with different privacy goals
have been developed. However, there are no accepted formal definitions of
privacy and ACNs often define their goals and adversary models ad hoc. However,
for the understanding and comparison of different flavors of privacy, a common
foundation is needed. In this paper, we introduce an analysis framework for
ACNs that captures the notions and assumptions known from different analysis
frameworks. Therefore, we formalize privacy goals as notions and identify their
building blocks. For any pair of notions we prove whether one is strictly
stronger, and, if so, which. Hence, we are able to present a complete
hierarchy. Further, we show how to add practical assumptions, e.g. regarding
the protocol model or user corruption as options to our notions. This way, we
capture the notions and assumptions of, to the best of our knowledge, all
existing analytical frameworks for ACNs and are able to revise inconsistencies
between them. Thus, our new framework builds a common ground and allows for
sharper analysis, since new combinations of assumptions are possible and the
relations between the notions are known
Walking Onions: Scaling Distribution of Information Safely in Anonymity Networks
Scaling anonymity networks offers unique security challenges, as
attackers can exploit differing views of the network’s topology to
perform epistemic and route capture attacks. Anonymity networks in
practice, such as Tor, have opted for security over scalability by
requiring participants to share a globally consistent view of all relays
to prevent these kinds of attacks. Such an approach requires each user
to maintain up-to-date information about every relay, causing the total
amount of data each user must download every epoch to scale linearly
with the number of relays. As the number of clients increases, more
relays must be added to provide bandwidth, further exacerbating the
total load on the network.
In this work, we present Walking Onions, a set of protocols improving
scalability for anonymity networks. Walking Onions enables constant-size
scaling of the information each user must download in every epoch, even
as the number of relays in the network grows. Furthermore, we show how
relaxing the clients’ bandwidth growth from constant to logarithmic can
enable an outsized improvement to relays’ bandwidth costs. Notably,
Walking Onions offers the same security properties as current designs
that require a globally consistent network view. We present two protocol
variants. The first requires minimal changes from current onion-routing
systems. The second presents a more significant design change, thereby
reducing the latency required to establish a path through the network
while providing better forward secrecy than previous such constructions.
We evaluate Walking Onions against a generalized onion-routing anonymity
network and discuss tradeoffs among the approaches
Hydra: practical metadata security for contact discovery, messaging, and voice calls
Protecting communications’ metadata can be as important as protecting their content, i.e., recognizing someone contacting a medical service may already allow to infer sensitive information. There are numerous proposals to implement anonymous communications, yet none provides it in a strong (but feasible) threat model in an efficient way. We propose Hydra, an anonymity system that is able to efficiently provide metadata security for a wide variety of applications. Main idea is to use latency-aware, padded, and onion-encrypted circuits even for connectionless applications. This allows to implement strong metadata security for contact discovery and text-based messages with relatively low latency. Furthermore, circuits can be upgraded to support voice calls, real-time chat sessions, and file transfers - with slightly reduced anonymity in presence of global observers. We evaluate Hydra using an analytical model as well as call simulations. Compared to other systems for text-based messaging, Hydra is able to decrease end-to-end latencies by an order of magnitude without degrading anonymity. Using a dataset generated by performing latency measurements in the Tor network, we further show that Hydra is able to support anonymous voice calls with acceptable quality of service in real scenarios. A first prototype of Hydra is published as open source
- …