4 research outputs found
TARANET: Traffic-Analysis Resistant Anonymity at the NETwork layer
Modern low-latency anonymity systems, no matter whether constructed as an
overlay or implemented at the network layer, offer limited security guarantees
against traffic analysis. On the other hand, high-latency anonymity systems
offer strong security guarantees at the cost of computational overhead and long
delays, which are excessive for interactive applications. We propose TARANET,
an anonymity system that implements protection against traffic analysis at the
network layer, and limits the incurred latency and overhead. In TARANET's setup
phase, traffic analysis is thwarted by mixing. In the data transmission phase,
end hosts and ASes coordinate to shape traffic into constant-rate transmission
using packet splitting. Our prototype implementation shows that TARANET can
forward anonymous traffic at over 50~Gbps using commodity hardware
Low-Rate Overuse Flow Tracer (LOFT): An Efficient and Scalable Algorithm for Detecting Overuse Flows
Current probabilistic flow-size monitoring can only detect heavy hitters
(e.g., flows utilizing 10 times their permitted bandwidth), but cannot detect
smaller overuse (e.g., flows utilizing 50-100% more than their permitted
bandwidth). Thus, these systems lack accuracy in the challenging environment of
high-throughput packet processing, where fast-memory resources are scarce.
Nevertheless, many applications rely on accurate flow-size estimation, e.g. for
network monitoring, anomaly detection and Quality of Service.
We design, analyze, implement, and evaluate LOFT, a new approach for
efficiently detecting overuse flows that achieves dramatically better
properties than prior work. LOFT can detect 1.5x overuse flows in one second,
whereas prior approaches fail to detect 2x overuse flows within a timeout of
300 seconds. We demonstrate LOFT's suitability for high-speed packet processing
with implementations in the DPDK framework and on an FPGA
On Building Onion Routing into Future Internet Architectures
Part 3: Anonymous CommunicationInternational audienceUser privacy on the Internet has become a pressing concern in recent years largely due to the revelations of large scale network surveillance programs. Research initiatives around future Internet architectures (FIAs) offer a unique opportunity to integrate privacy protection measures into the architecture of the network itself. In this paper, we survey the main design challenges of network layer onion routing protocols in FIAs. We empirically investigate the requirements and trade-offs of different design choices. Our goal is to identify promising research directions and incentivize further exploration of the field