Yunhao Liu,Jinsong Han

DOI: https://doi.org/10.14711/thesis-b987542

2007-01-01

Abstract:Peer-to-Peer (P2P) model has become the mainstream of the applications in current and future Internet. Being effective in utilizing and managing globally distributed information over Internet, however, most current P2P systems do not provide protection to their users against the increasing threat from selfish peers or malicious adversaries. Anonymous and trustworthy computing hereby has continuously gained importance because it meets the users’ demands of privacy, fairness, trust, and reliability. In order to construct anonymous and trustworthy P2P systems, we must address several crucial challenges including (1) reliably and efficiently anonymizing the P2P network; (2) authenticating users’ identities; (3) enabling trust management in anonymous environments. Most existing approaches achieve anonymity via fixed paths, which are unreliable and inefficient in dynamic P2P systems. We propose two non-path based protocols to anonymize P2P systems. The results of trace driven simulations show that our proposed protocols are reliable, scalable and effective, and significantly reduce cryptographic overhead. The second issue is that the current authentication approaches face a dilemma in anonymous environments: authenticating other users needs their real identities; while the anonymity requires those users to hide their real identities. We propose a Zero-knowledge based protocol to allow users authenticate with each other without exposing their real identities. We show the effectiveness of our proposed protocol by simulation studies and prototype implementation. We solve the third issue by constructing a reputation based trust management architecture. We particularly focus on the feedback quality problem. In shorting of trusted authority centers in P2P systems, the feedback quality are easily wrecked by the dishonest feedback from malicious peers, which further degrades the computation accuracy of users’ reputation. Our proposed architecture effectively alleviates the damage on computing reputation caused by the feedback cheating. We believe that widely employing above proposed approaches will make P2P systems more secure and reliable. We also extend our study to other distributed systems and propose a privacy-preserving authentication protocol for RFID systems. Keywords: Peer-to-Peer, Anonymity, Privacy-Preserving, Authentication, Key Updating, Secret Sharing, Random Walk, Selected Flooding, Trustworthy Computing, Feedback Quality, Trust Management, Trace Driven Simulation, Zero-Knowledge Proof, Man-in-middle-attack

Jing Tian,Gaopeng Gou,Yangyang Guan,Wei Xia,Gang Xiong,Chang Liu

DOI: https://doi.org/10.1109/milcom52596.2021.9653038

2021-01-01

Abstract:Tor is an important tool for anonymous communication. However, due to its popularity, Tor is also concerned by censors or other malicious attackers. A large body of existing work examines Tor's susceptibility to flow correlation attacks, which are a form of deanonymization attack. Currently, a variety of traffic obfuscation plugs are deployed on Tor to defeat flow correlation attacks. However, whether plug-based defense can effectively resist those attacks has not been tested and verified. This paper focuses on how to effectively defeat the threat of flow correlation attacks on Tor. We first conduct experiments to illustrate the actual defense effect of obfuscation plugs against flow correlation attacks, and the results show their effectiveness. However, the obfuscation-based defense also faces many other problems such as censorship. So we explore the techniques used in differential privacy ($FPA_{k}$ and $d^{\ast}$-private) to apply a tiny perturbation on Tor traffic. Our findings on differential privacy suggest that the perturbations generated by the two mechanisms can successfully flaw the existing flow correlation attacks on Tor.

Alex Biryukov,Dmitry Khovratovich,Ivan Pustogarov

DOI: https://doi.org/10.48550/arXiv.1405.7418

2014-07-05

Abstract:Bitcoin is a digital currency which relies on a distributed set of miners to mint coins and on a peer-to-peer network to broadcast transactions. The identities of Bitcoin users are hidden behind pseudonyms (public keys) which are recommended to be changed frequently in order to increase transaction unlinkability. We present an efficient method to deanonymize Bitcoin users, which allows to link user pseudonyms to the IP addresses where the transactions are generated. Our techniques work for the most common and the most challenging scenario when users are behind NATs or firewalls of their ISPs. They allow to link transactions of a user behind a NAT and to distinguish connections and transactions of different users behind the same NAT. We also show that a natural countermeasure of using Tor or other anonymity services can be cut-off by abusing anti-DoS countermeasures of the bitcoin network. Our attacks require only a few machines and have been experimentally verified. We propose several countermeasures to mitigate these new attacks.

Cryptography and Security

Piyush Kumar Sharma,Devashish Gosain,Claudia Diaz

DOI: https://doi.org/10.48550/arXiv.2201.11860

2022-01-27

Cryptography and Security

Abstract:Cryptocurrency systems can be subject to deanonimization attacks by exploiting the network-level communication on their peer-to-peer network. Adversaries who control a set of colluding node(s) within the peer-to-peer network can observe transactions being exchanged and infer the parties involved. Thus, various network anonymity schemes have been proposed to mitigate this problem, with some solutions providing theoretical anonymity guarantees. In this work, we model such peer-to-peer network anonymity solutions and evaluate their anonymity guarantees. To do so, we propose a novel framework that uses Bayesian inference to obtain the probability distributions linking transactions to their possible originators. We characterize transaction anonymity with those distributions, using entropy as metric of adversarial uncertainty on the originator's identity. In particular, we model Dandelion, Dandelion++ and Lightning Network. We study different configurations and demonstrate that none of them offers acceptable anonymity to their users. For instance, our analysis reveals that in the widely deployed Lightning Network, with 1% strategically chosen colluding nodes the adversary can uniquely determine the originator for about 50% of the total transactions in the network. In Dandelion, an adversary that controls 15% of the nodes has on average uncertainty among only 8 possible originators. Moreover, we observe that due to the way Dandelion and Dandelion++ are designed, increasing the network size does not correspond to an increase in the anonymity set of potential originators. Alarmingly, our longitudinal analysis of Lightning Network reveals rather an inverse trend -- with the growth of the network the overall anonymity decreases.

Rolf Jagerman,Wendo Sabée,Laurens Versluis,Martijn de Vos,Johan Pouwelse

DOI: https://doi.org/10.48550/arXiv.1404.4818

2014-04-18

Computers and Society

Abstract:Ever since the introduction of the internet, it has been void of any privacy. The majority of internet traffic currently is and always has been unencrypted. A number of anonymous communication overlay networks exist whose aim it is to provide privacy to its users. However, due to the nature of the internet, there is major difficulty in getting these networks to become both decentralized and anonymous. We list reasons for having anonymous networks, discern the problems in achieving decentralization and sum up the biggest initiatives in the field and their current status. To do so, we use one exemplary network, the Tor network. We explain how Tor works, what vulnerabilities this network currently has, and possible attacks that could be used to violate privacy and anonymity. The Tor network is used as a key comparison network in the main part of the report: a tabular overview of the major anonymous networking technologies in use today.

Adam Back,Ulf Möller,Anton Stiglic

DOI: https://doi.org/10.1007/3-540-45496-9_18

2001-01-01

Abstract:We discuss problems and trade-offs with systems providing anonymity for web browsing (or more generally any communication system that requires low latency interaction). We focus on two main systems: the Freedom network [12] and PipeNet [8]. Although Freedom is efficient and reasonably secure against denial of service attacks, it is vulnerable to some generic traffic analysis attacks, which we describe. On the other hand, we look at PipeNet, a simple theoretical model which protects against the traffic analysis attacks we point out, but is vulnerable to denial of services attacks and has efficiency problems. In light of these observations, we discuss the trade-offs that one faces when trying to construct an efficient low latency communication system that protects users anonymity.

Jianming Lv,Tieying Zhang,Zhenhua Li,Xueqi Cheng

DOI: https://doi.org/10.1016/j.comnet.2014.08.015

IF: 5.493

2014-01-01

Computer Networks

Abstract:Existing anonymous communication systems mask the identities of users by adopting intermediary nodes to transform message flows. However, some recently presented traffic analysis algorithms are still able to undermine the anonymity of these systems. The traditional flow transformation strategies fail to completely eliminate the traffic correlation between adjacent communication links to prevent such attacks. To address this problem, we propose a novel parasitic anonymous communication system, named PACOM. Each PACOM client is parasitic in the BitTorrent network which is the most popular Peer-to-Peer file sharing network, and conceals the communication path in the request driven traffic compatible with the BitTorrent protocol. The traffic patterns of adjacent communication links can be proved to be statistically independent, which effectively resists the traffic analysis attacks. Meanwhile, the “effective anonymity set size” of the system can be extended enormously by mixing the PACOM clients with other millions of BitTorrent clients in the Internet. To validate the PACOM solution, we analyse the anonymity of PACOM theoretically and conduct comprehensive simulations and emulations to test the scalability and effectiveness of PACOM against various attacks.

Xinyuan Wang,Shiping Chen,Sushil Jajodia

DOI: https://doi.org/10.1145/1102120.1102133

2005-01-01

Abstract:Peer-to-peer VoIP calls are becoming increasingly popular due to their advantages in cost and convenience. When these calls are encrypted from end to end and anonymized by low latency anonymizing network, they are considered by many people to be both secure and anonymous.In this paper, we present a watermark technique that could be used for effectively identifying and correlating encrypted, peer-to-peer VoIP calls even if they are anonymized by low latency anonymizing networks. This result is in contrast to many people's perception. The key idea is to embed a unique watermark into the encrypted VoIP flow by slightly adjusting the timing of selected packets. Our analysis shows that it only takes several milliseconds time adjustment to make normal VoIP flows highly unique and the embedded watermark could be preserved across the low latency anonymizing network if appropriate redundancy is applied. Our analytical results are backed up by the real-time experiments performed on leading peer-to-peer VoIP client and on a commercially deployed anonymizing network. Our results demonstrate that (1) tracking anonymous peer-to-peer VoIP calls on the Internet is feasible and (2) low latency anonymizing networks are susceptible to timing attacks.

Tian Yunfan,Zhang Xiang

DOI: https://doi.org/10.48550/arXiv.1812.06226

2018-12-15

Abstract:Over the last two decades, the scale and complexity of Anonymous networks and its associated technologies grows exponentially as privacy has become a major concern of individuals. Also, some cyber attackers make use of privacy infrastructures including botnets and Tor to do illegal activities like drug, contraband or DDoS attack. However, anonymous networks are not perfect, there are some methods could exploit the vulnerabilities and track user information. In this paper, we analyze few of privacy infrastructures and their vulnerabilities.

Cryptography and Security

Karwan Mustafa Kareem

2024-05-12

Abstract:Onion routing networks, also known as darknets, are private networks that enable anonymous communication over the Internet. They are used by individuals and organizations to protect their privacy, but they also attract cybercriminals who exploit the anonymity provided by these networks for illegal activities. This paper comprehensively analyzes cybercrime threats and countermeasures in onion routing networks. We review the various types of cybercrime that occur in these networks, including drug trafficking, fraud, hacking, and other illicit activities. We then discuss the challenges associated with detecting and mitigating cybercrime in onion routing networks, such as the difficulty of tracing illegal activities back to their source due to the strong anonymity guarantees provided by these networks. We also explore the countermeasures that have been proposed and implemented to combat cybercrime in onion routing networks, including law enforcement efforts, technological solutions, and policy interventions. Finally, we highlight the limitations of existing countermeasures and identify potential directions for future research in this area, including the need for interdisciplinary approaches that combine technical, legal, and social perspectives to effectively combat cybercrime in onion routing networks.

Cryptography and Security,Networking and Internet Architecture

Avinash Srinivasan,Hatoon Aldharrab

DOI: https://doi.org/10.1007/s12083-018-0645-1

2018-03-28

Abstract:Today, peer-to-peer (P2P) networks have risen to the top echelon of information sharing on the Internet. Consequently, it is a daunting task to prevent sharing of both legitimate and illegitimate information such as—music, movies, software, and child pornography—on P2P overt channels. Considering that, preventing covert channel information sharing is inconceivable given even its detection is near impossible. The standard P2P bit-torrent peer wire communication protocol uses a very simple handshake process and as such does not provide peer authentication service. In this paper, we propose XTRA—a framework for covert communication using the standard bit-torrent protocol with a robust handshake process for authentication among covert peers. Under this framework, covert peers authenticate each other prior to covert message exchanges. Participating peers send data over an encrypted covert channel making use of only the standard bit-torrent message types. We have validated the performance XTRA through a working prototype implementation and present results comparing it with two state-of-the-art techniques. Finally, we have analyzed the robustness of XTRA to popular security attacks.

computer science, information systems,telecommunications

Anirban Banerjee,Michalis Faloutsos,Laxmi Bhuyan

DOI: https://doi.org/10.1007/978-3-540-72606-7_94

2007-01-01

Abstract:In an effort to prosecute P2P users, RIAA and MPAA have reportedly started to create decoy users: they participate in P2P networks in order to identify illegal sharing of content. This has reportedly scared some users who are afraid of being caught. The question we attempt to answer is how prevalent is this phenomenon: how likely is it that a user will run into such a “fake user” and thus run the risk of a lawsuit? The first challenge is identifying these “fake users”. We collect this information from a number of free open source software projects which are trying to identify such IP address ranges by forming the so-called blocklists. The second challenge is running a large scale experiment in order to obtain reliable and diverse statistics. Using Planetlab, we conduct active measurements, spanning a period of 90 days, from January to March 2006, spread over 3 continents. Analyzing over a 100 GB of TCP header data, we quantify the probability of a P2P user of being contacted by such entities. We observe that 100% of our nodes run into entities in these lists. In fact, 12 to 17% of all distinct IPs contacted by any node were listed on blocklists. Interestingly, a little caution can have significant effect: the top five most prevalent blocklisted IP ranges contribute to nearly 94% of all blocklisted IPs and avoiding these can reduce the probability of encountering blocklisted IPs to about 1%. In addition, we examine other factors that affect the probability of encountering blocklisted IPs, such as the geographical location of the users. Finally, we find another surprising result: less than 0.5% of all unique blocklisted IPs contacted are owned explicitly by media companies.

Ehsan Saboori,Shahriar Mohammadi

DOI: https://doi.org/10.48550/arXiv.1208.3192

2012-08-15

Networking and Internet Architecture

Abstract:One of the most important issues in peer-to-peer networks is anonymity. The major anonymity for peer-to-peer users concerned with the users' identities and actions which can be revealed by any other members. There are many approaches proposed to provide anonymous peer-to-peer communications. An intruder can get information about the content of the data, the sender's and receiver's identities. Anonymous approaches are designed with the following three goals: to protect the identity of provider, to protect the identity of requester and to protect the contents of transferred data between them. This article presents a new peer-to-peer approach to achieve anonymity between a requester and a provider in peer-to-peer networks with trusted servers called suppernode so that the provider will not be able to identify the requester and no other peers can identify the two communicating parties with certainty. This article shows that the proposed algorithm improved reliability and has more security. This algorithm, based on onion routing and randomization, protects transferring data against traffic analysis attack. The ultimate goal of this anonymous communications algorithm is to allow a requester to communicate with a provider in such a manner that nobody can determine the requester's identity and the content of transferred data.

Yixin Sun,Anne Edmundson,Laurent Vanbever,Oscar Li,Jennifer Rexford,Mung Chiang,Prateek Mittal

DOI: https://doi.org/10.48550/arXiv.1503.03940

2015-03-13

Abstract:The Tor network is a widely used system for anonymous communication. However, Tor is known to be vulnerable to attackers who can observe traffic at both ends of the communication path. In this paper, we show that prior attacks are just the tip of the iceberg. We present a suite of new attacks, called Raptor, that can be launched by Autonomous Systems (ASes) to compromise user anonymity. First, AS-level adversaries can exploit the asymmetric nature of Internet routing to increase the chance of observing at least one direction of user traffic at both ends of the communication. Second, AS-level adversaries can exploit natural churn in Internet routing to lie on the BGP paths for more users over time. Third, strategic adversaries can manipulate Internet routing via BGP hijacks (to discover the users using specific Tor guard nodes) and interceptions (to perform traffic analysis). We demonstrate the feasibility of Raptor attacks by analyzing historical BGP data and Traceroute data as well as performing real-world attacks on the live Tor network, while ensuring that we do not harm real users. In addition, we outline the design of two monitoring frameworks to counter these attacks: BGP monitoring to detect control-plane attacks, and Traceroute monitoring to detect data-plane anomalies. Overall, our work motivates the design of anonymity systems that are aware of the dynamics of Internet routing.

Networking and Internet Architecture,Cryptography and Security

An'an Luo,LiQin Tian,Chuang Lin

DOI: https://doi.org/10.1109/ITAPP.2010.5566399

2010-01-01

Abstract:Being a new Internet application, social-based P2P network, which merges P2P file sharing technology and social network, is drawn more and more attention. However, it also brings in new challenges when facing the problems of trust management and personal privacy protection. In this paper, we aim at social-based P2P, and design a set of trust management mechanisms with peer uncertain risk evaluation and personal privacy preserving, which is able to encourage peers cooperation and defend Bad-Mouth attack from malicious peers. Another advantage of our solution is that it is very flexible for users to define fine-grit access control policy.

Sergio Castillo-Perez,Joaquin Garcia-Alfaro

DOI: https://doi.org/10.48550/arXiv.1208.3730

2012-08-18

Cryptography and Security

Abstract:The use of anonymity-based infrastructures and anonymisers is a plausible solution to mitigate privacy problems on the Internet. Tor (short for The onion router) is a popular low-latency anonymity system that can be installed as an end-user application on a wide range of operating systems to redirect the traffic through a series of anonymising proxy circuits. The construction of these circuits determines both the latency and the anonymity degree of the Tor anonymity system. While some circuit construction strategies lead to delays which are tolerated for activities like Web browsing, they can make the system vulnerable to linking attacks. We evaluate in this paper three classical strategies for the construction of Tor circuits, with respect to their de-anonymisation risk and latency performance. We then develop a new circuit selection algorithm that considerably reduces the success probability of linking attacks while keeping a good degree of performance. We finally conduct experiments on a real-world Tor deployment over PlanetLab. Our experimental results confirm the validity of our strategy and its performance increase for Web browsing.

Gabriela Gheorghe,Renato Lo Cigno,Alberto Montresor

DOI: https://doi.org/10.1007/s12083-010-0070-6

2010-04-23

Abstract:Streaming applications over Peer-To-Peer (P2P) systems have gained an enormous popularity. Success always implies increased concerns about security, protection, privacy and all the other ‘side’ properties that transform an experimental application into a service. Research on security for P2P streaming started to flourish, but no comprehensive security analysis over the current P2P solutions has yet been attempted. There are no best practices in system design, no (widely) accepted attack models, no measurement-based studies on security threats to P2P streaming, nor even general surveys investigating specific security aspects for these systems. This paper addresses this last aspect. Starting from existing analyses and security models in the related literature, we give an overview on security and privacy considerations for P2P streaming systems. Our analysis emphasizes two major facts: (i) the Byzantine–Altruistic–Rational (BAR) model offers stronger security guarantees compared to other approaches, at the cost of higher complexity and overhead; and (ii) the general perception (not necessarily the truth, but a commonplace belief) that it is necessary to sacrifice accuracy or performance in order to tolerate faults or misbehaviors, is not always true.

computer science, information systems,telecommunications

Taylor Henderson,Eric Osterweil,Pavan Kumar Dinesh,Robert Simon

2023-10-04

Abstract:Preserving privacy is an undeniable benefit to users online. However, this benefit (unfortunately) also extends to those who conduct cyber attacks and other types of malfeasance. In this work, we consider the scenario in which Privacy Preserving Technologies (PPTs) have been used to obfuscate users who are communicating online with ill intentions. We present a novel methodology that is effective at deobfuscating such sources by synthesizing measurements from key locations along protocol transaction paths. Our approach links online personas with their origin IP addresses based on a Pattern of Life (PoL) analysis, and is successful even when different PPTs are used. We show that, when monitoring in the correct places on the Internet, DNS over HTTPS (DoH) and DNS over TLS (DoT) can be deobfuscated with up to 100% accuracy, when they are the only privacy-preserving technologies used. Our evaluation used multiple simulated monitoring points and communications are sampled from an actual multiyear-long social network message board to replay actual user behavior. Our evaluation compared plain old DNS, DoH, DoT, and VPN in order to quantify their relative privacy-preserving abilities and provide recommendations for where ideal monitoring vantage points would be in the Internet to achieve the best performance. To illustrate the utility of our methodology, we created a proof-of-concept cybersecurity analyst dashboard (with backend processing infrastructure) that uses a search engine interface to allow analysts to deobfuscate sources based on observed screen names and by providing packet captures from subsets of vantage points.

Cryptography and Security,Networking and Internet Architecture

Christoph Döpmann,Maximilian Weisenseel,Florian Tschorsch

2024-10-11

Abstract:Streams of data have become the ubiquitous communication model on today's Internet. For strong anonymous communication, this conflicts with the traditional notion of single, independent messages, as assumed e.g. by many mixnet designs. In this work, we investigate the anonymity factors that are inherent to stream communication. We introduce Progressive Pruning}, a methodology suitable for estimating the anonymity level of streams. By mimicking an intersection attack, it captures the susceptibility of streams against traffic analysis attacks. We apply it to simulations of tailored examples of stream communication as well as to large-scale simulations of Tor using our novel TorFS simulator, finding that the stream length, the number of users, and how streams are distributed over the network have interdependent impacts on anonymity. Our work draws attention to challenges that need to be solved in order to provide strong anonymity for stream-based communication in the future.

Cryptography and Security,Networking and Internet Architecture

Zhichun Li,Anup Goyal,Yan Chen,Aleksandar Kuzmanovic

DOI: https://doi.org/10.1109/mnet.2011.5772057

IF: 10.294

2011-01-01

IEEE Network

Abstract:Misconfigured P2P traffic caused by bugs in volunteer-developed P2P software or by attackers is prevalent. It influences both end users and ISPs. In this paper, we discover and study address-misconfigured P2P traffic, a major class of such misconfiguration. P2P address misconfiguration is a phenomenon in which a large number of peers send P2P file downloading requests to a ``random'' target on the Internet. On measuring three Honeynet datasets spanning four years and across five different /8 networks, we find address-misconfigured P2P traffic on average contributes 38.9% of Internet background radiation, increasing by more than 100% every year. In this paper, we design the P2PScope, a measurement tool, to detect and diagnose such unwanted traffic. We find, in all the P2P systems, address misconfiguration is caused by resource mapping contamination, i.e., the sources returned for a given file ID through P2P indexing are not valid. Different P2P systems have different reasons for such contamination. For eMule, we find that the root cause is mainly a network byte ordering problem in the eMule Source Exchange protocol. For BitTorrent misconfiguration, one reason is that anti-P2P companies actively inject bogus peers into the P2P system. Another reason is that the KTorrent implementation has a byte order problem. We also design approaches to detect anti-P2P peers without false positives.