Adam Back,Ulf Möller,Anton Stiglic

DOI: https://doi.org/10.1007/3-540-45496-9_18

2001-01-01

Abstract:We discuss problems and trade-offs with systems providing anonymity for web browsing (or more generally any communication system that requires low latency interaction). We focus on two main systems: the Freedom network [12] and PipeNet [8]. Although Freedom is efficient and reasonably secure against denial of service attacks, it is vulnerable to some generic traffic analysis attacks, which we describe. On the other hand, we look at PipeNet, a simple theoretical model which protects against the traffic analysis attacks we point out, but is vulnerable to denial of services attacks and has efficiency problems. In light of these observations, we discuss the trade-offs that one faces when trying to construct an efficient low latency communication system that protects users anonymity.

Yanfei Fan,Yixin Jiang,Haojin Zhu,Jiming Chen,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/twc.2011.122010.100087

IF: 10.4

2010-01-01

IEEE Transactions on Wireless Communications

Abstract:Privacy threat is one of the critical issues in multi-hop wireless networks, where attacks such as traffic analysis and flow tracing can be easily launched by a malicious adversary due to the open wireless medium. Network coding has the potential to thwart these attacks since the coding/mixing operation is encouraged at intermediate nodes. However, the simple deployment of network coding cannot achieve the goal once enough packets are collected by the adversaries. On the other hand, the coding/mixing nature precludes the feasibility of employing the existing privacy-preserving techniques, such as Onion Routing. In this paper, we propose a novel network coding based privacy-preserving scheme against traffic analysis in multi-hop wireless networks. With homomorphic encryption on Global Encoding Vectors (GEVs), the proposed scheme offers two significant privacy-preserving features, packet flow untraceability and message content confidentiality, for efficiently thwarting the traffic analysis attacks. Moreover, the proposed scheme keeps the random coding feature, and each sink can recover the source packets by inverting the GEVs with a very high probability. Theoretical analysis and simulative evaluation demonstrate the validity and efficiency of the proposed scheme.

Xiang Chen,Hongyan Liu,Wenbin Zhang,Qun Huang,Dong Zhang,Haifeng Zhou,Xuan Liu,Chunming Wu

DOI: https://doi.org/10.1109/tnet.2024.3421327

2024-01-01

Abstract:In modern data center networks (DCNs), network-stack processing denotes a large portion of the end-to-end latency of TCP flows. So profiling network-stack latency anomalies has been considered as a crucial part in DCN performance diagnosis and troubleshooting. In particular, such profiling requires full coverage (i.e., profiling every TCP packet) and low overhead (i.e., profiling should avoid high CPU consumption in end-hosts). However, existing solutions rely on system calls or tracepoints in end-hosts to implement network-stack latency profiling, leading to either low coverage or high overhead. We propose Torp, a framework that offers full-coverage and low-overhead profiling of network-stack latency. Our key idea is to offload as much of the profiling from costly system calls or tracepoints to the Torp agent built on eBPF modules, and further to include a Torp handler on the ToR switch to accelerate the remaining profiling operations. Torp efficiently coordinates the ToR switch and the Torp agent on end-hosts to jointly execute the entire latency profiling task. We have implemented Torp on $32\times 100$ Gbps Tofino switches. Testbed experiments indicate that Torp achieves full coverage and orders of magnitude lower host-side overhead compared to other solutions.

Francesco Buccafurri,Vincenzo De Angelis,Sara Lazzaro

DOI: https://doi.org/10.48550/arXiv.2208.14920

2022-08-31

Networking and Internet Architecture

Abstract:Sender anonymity in network communication is an important problem, widely addressed in the literature. Mixnets, combined with onion routing, represent certainly the most concrete and effective approach achieving the above goal. In general, the drawback of these approaches is that anonymity has a price in terms of traffic overhead and latency. On the Internet, to achieve scalability and not to require relevant infrastructure and network-protocol changes, only P2P overlay protocols can be adopted. Among these, the most representative proposal is certainly Tarzan, which is designed to obtain strong anonymity still preserving low-latency applications. In recent years, we are witnessing a change in Internet traffic. Due to IoT, cloud storage, WSN, M2M, uplink traffic is more and more increasing. An interesting question is whether this new traffic configuration may enable new strategies to improve the effectiveness of Tarzan-like approaches. In this paper, we investigate this problem, by proposing \textit{C-Tarzan}, an anonymous overlay P2P routing protocol. Through a deep experimental analysis, we show that C-Tarzan outperforms Tarzan in the case of uplink-intensive applications.

Hooman Mohajeri Moghaddam,Arsalan Mosenia

DOI: https://doi.org/10.48550/arXiv.1911.09642

2019-11-21

Cryptography and Security

Abstract:In an era of pervasive online surveillance, Internet users are in need of better anonymity solutions for online communications without sacrificing performance. Existing overlay anonymity tools, such as the Tor network, suffer from performance limitations and recent proposals to embed anonymity into Internet protocols face fundamental deployment challenges. In this paper, we introduce Practical Anonymity at the NEtwork Level (PANEL), a practical light-weight anonymity solution based on hardware switching. We implement a prototype of PANEL on a high-performance hardware switch (namely, Barefoot Tofino) using P4 network programming language, and examine the validity and performance of the prototype. Based on our empirical results, PANEL achieves 96% of the actual throughput of the switch and adds a low-latency overhead (e.g., 3% overhead in Skype calls), while offering partial deployablility and transparency (i.e., PANEL requires neither client-side nor server-side modifications).

Qingfeng Tan,Xuebin Wang,Wei Shi,Jian Tang,Zhihong Tian

DOI: https://doi.org/10.1109/tnet.2022.3174003

2022-01-01

IEEE/ACM Transactions on Networking

Abstract:Privacy is currently one of the most concerned issues in Cyberspace. Tor is the most widely used system in the world for anonymously accessing Internet. However, Tor is known to be vulnerable to end-to-end traffic correlation attacks when an adversary is able to monitor traffic at both communication endpoints. In this paper, we present a set of novel Trapper Attacks that can be used to deanonymize user activities by both AS-level adversaries and Node-level adversaries in a Tor network. First, AS-level adversaries can exploit the occasional failures of censored network to selectively control entry guards of the Tor users. Second, the adversaries can exploit poor reliability of the Tor communication (e.g., natural churn) to compromise the exiting nodes and the anonymous path. Once the adversaries gain control of the routes, they can identify and inspect any traffic entering and leaving the Tor network, consequently, deanonymize a Tor user's activity in the network. To demonstrate the effectiveness and feasibility of this attacks, we implemented a tool that can launch the proposed Trapper Attacks to automatic reveal communication relationships between a Tor user and its destinations running on a live Tor network. We also present a formal analysis framework to evaluate the integrity of the Tor network. With this framework, we successfully obtained quantitative estimates of Tor's security vulnerability. The proposed Trapper Attacks are also designed to scale up in real-world Tor networks. Namely, it allows an adversary to perform deanonymization in honey relays effectively, and compromise the anonymity of Tor clients in real time. Our experimental results show that the proposed attacks succeed in less than 40 seconds achieving a 100% accuracy rate and a false positive rate close to 0.

Mian Cheng,Baokang Zhao,Jinshu Su

DOI: https://doi.org/10.1007/978-3-319-49145-5_23

2016-01-01

Abstract:With the advancement of mobile telecommunication technologies, the effective mining of user data is regard as an very important requirement. However, due to the original data may contain sensitive information about individuals, sharing user dataset can lead to serious privacy breaches, such as the notorious scandal, the privacy leakage of American on Line (AOL). Up to now, there are already existing several available tools or libraries for packet anonymization, like PktAnon, Anonym, Pcaplib. But little research has actually gone into supporting packets in high speed mobile core network which contains several packet encapsulation structure. In this paper, we propose a real-time processing system called ANTW for providing packet anonymization on mobile core network. It involves two mechanisms: First, real-time packet processing, such as decapsulation, decompression and PPP character unescape. Second, packet anonymization which protects the privacy in the sensitive fields of each packet while preserving the utility. We evaluated the performance and availability of ANTW over a wide-area real network. Evaluation results indicate that our system can achieve more than 10Gbps.

Chen Chen,Adrian Perrig

DOI: https://doi.org/10.1515/popets-2017-0007

2016-12-22

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract We identify two vulnerabilities for existing highspeed network-layer anonymity protocols, such as LAP and Dovetail. First, the header formats of LAP and Dovetail leak path information, reducing the anonymity-set size when an adversary launches topological attacks. Second, ASes can launch session hijacking attacks to deanonymize destinations. HORNET addresses these problems but incurs additional bandwidth overhead and latency. In this paper, we propose PHI, a Path-HIdden lightweight anonymity protocol that solves both challenges while maintaining the same level of efficiency as LAP and Dovetail. We present an efficient packet header format that hides path information and a new back-off setup method that is compatible with current and future network architectures. Our experiments demonstrate that PHI expands anonymity sets of LAP and Dovetail by over 30x and reaches 120 Gbps forwarding speed on a commodity software router.

James K Holland,Jason Carpenter,Se Eun Oh,Nicholas Hopper

2023-09-23

Abstract:While anonymity networks like Tor aim to protect the privacy of their users, they are vulnerable to traffic analysis attacks such as Website Fingerprinting (WF) and Flow Correlation (FC). Recent implementations of WF and FC attacks, such as Tik-Tok and DeepCoFFEA, have shown that the attacks can be effectively carried out, threatening user privacy. Consequently, there is a need for effective traffic analysis defense. There are a variety of existing defenses, but most are either ineffective, incur high latency and bandwidth overhead, or require additional infrastructure. As a result, we aim to design a traffic analysis defense that is efficient and highly resistant to both WF and FC attacks. We propose DeTorrent, which uses competing neural networks to generate and evaluate traffic analysis defenses that insert 'dummy' traffic into real traffic flows. DeTorrent operates with moderate overhead and without delaying traffic. In a closed-world WF setting, it reduces an attacker's accuracy by 61.5%, a reduction 10.5% better than the next-best padding-only defense. Against the state-of-the-art FC attacker, DeTorrent reduces the true positive rate for a $10^{-5}$ false positive rate to about .12, which is less than half that of the next-best defense. We also demonstrate DeTorrent's practicality by deploying it alongside the Tor network and find that it maintains its performance when applied to live traffic.

Cryptography and Security

Lu Yu,Qing Wang,Geddings Barrineau,Jon Oakley,Richard R. Brooks,Kuang-Ching Wang

DOI: https://doi.org/10.1109/MALWARE.2017.8323961

2017-09-04

Abstract:Destination IP prefix-based routing protocols are core to Internet routing today. Internet autonomous systems (AS) possess fixed IP prefixes, while packets carry the intended destination AS's prefix in their headers, in clear text. As a result, network communications can be easily identified using IP addresses and become targets of a wide variety of attacks, such as DNS/IP filtering, distributed Denial-of-Service (DDoS) attacks, man-in-the-middle (MITM) attacks, etc. In this work, we explore an alternative network architecture that fundamentally removes such vulnerabilities by disassociating the relationship between IP prefixes and destination networks, and by allowing any end-to-end communication session to have dynamic, short-lived, and pseudo-random IP addresses drawn from a range of IP prefixes rather than one. The concept is seemingly impossible to realize in todays Internet. We demonstrate how this is doable today with three different strategies using software defined networking (SDN), and how this can be done at scale to transform the Internet addressing and routing paradigms with the novel concept of a distributed software defined Internet exchange (SDX). The solution works with both IPv4 and IPv6, whereas the latter provides higher degrees of IP addressing freedom. Prototypes based on OpenvSwitches (OVS) have been implemented for experimentation across the PEERING BGP testbed. The SDX solution not only provides a technically sustainable pathway towards large-scale traffic analysis resistant network (TARN) support, it also unveils a new business model for customer driven, customizable and trustable end-to-end network services.

Networking and Internet Architecture

Jia Zhang,Haixin Duan,Jianping Wu

DOI: https://doi.org/10.1109/iccee.2008.32

2008-01-01

Abstract:Compared with traditional anonymous communication systems, the low-latency anonymous communication system can provide more practical services. However, because of its low latency, the anonymity is subject to traffic analysis attack. In this paper, we take Tor, a low-latency anonymous communication network as an example and present an improved algorithm of queue scheduling and resource allocation for anonymous communication systems. Experiment shows that through this simple priority-queue scheduling and resource allocation strategy, we can solve latency increase caused by resource exclusion effectively. This improvement not only optimizes the overall performance of the anonymous communication network, but also increases anonymity of the network.

Hamish Haughey,Gregory Epiphaniou,Haider Al-Khateeb,Ali Dehghantanha

DOI: https://doi.org/10.1007/978-3-319-73951-9_10

2018-08-03

Abstract:Darknet technology such as Tor has been used by various threat actors for organising illegal activities and data exfiltration. As such, there is a case for organisations to block such traffic, or to try and identify when it is used and for what purposes. However, anonymity in cyberspace has always been a domain of conflicting interests. While it gives enough power to nefarious actors to masquerade their illegal activities, it is also the cornerstone to facilitate freedom of speech and privacy. We present a proof of concept for a novel algorithm that could form the fundamental pillar of a darknet-capable Cyber Threat Intelligence platform. The solution can reduce anonymity of users of Tor, and considers the existing visibility of network traffic before optionally initiating targeted or widespread BGP interception. In combination with server HTTP response manipulation, the algorithm attempts to reduce the candidate data set to eliminate client-side traffic that is most unlikely to be responsible for server-side connections of interest. Our test results show that MITM manipulated server responses lead to expected changes received by the Tor client. Using simulation data generated by shadow, we show that the detection scheme is effective with false positive rate of 0.001, while sensitivity detecting non-targets was 0.016+-0.127. Our algorithm could assist collaborating organisations willing to share their threat intelligence or cooperate during investigations.

Cryptography and Security

Parvathinathan Venkitasubramaniam,Ting He,Lang Tong

DOI: https://doi.org/10.1109/tit.2008.921660

IF: 2.5

2008-06-01

IEEE Transactions on Information Theory

Abstract:The problem of security against packet timing based traffic analysis in wireless networks is considered in this work. An analytical measure of “anonymity” of routes in eavesdropped networks is proposed using the information-theoretic equivocation. for a physical layer with orthogonal transmitter directed signaling, scheduling and relaying techniques are designed to maximize achievable network performance for any desired level of anonymity. the network performance is measured by the total rate of packets delivered from the sources to destinations under strict latency and medium access constraints. in particular, analytical results are presented for two scenarios: For a single relay that forwards packets from $m$ users, relaying strategies are provided that minimize the packet drops when the source nodes and the relay generate independent transmission schedules. A relay using such an independent scheduling strategy is undetectable by an eavesdropper and is referred to as a covert relay. Achievable rate regions are characterized under strict and average delay constraints on the traffic, when schedules are independent Poisson processes. For a multihop network with an arbitrary anonymity requirement, the problem of maximizing the sum-rate of flows (network throughput) is considered. A randomized selection strategy to choose covert relays as a function of the routes is designed for this purpose. Using the analytical results for a single covert relay, the strategy is optimized to obtain the maximum achievable throughput as a function of the desired level of anonymity. in particular, the throughput–anonymity relation for the proposed strategy is shown to be equivalent to an information-theoretic rate–distortion function.

computer science, information systems,engineering, electrical & electronic

Florentin Rochet,Jules Dejaeghere,Tariq Elahi

DOI: https://doi.org/10.1145/3689943.3695038

2024-09-23

Abstract:Anonymous Communication designs such as Tor build their security on distributed trust over many volunteers running relays in diverse global locations. In practice, this distribution leads to a heterogeneous network in which many versions of the Tor software co-exist, each with differing sets of protocol features. Because of this heterogeneity, Tor developers employ forward-compatible protocol design as a strategy to maintain network extensibility. This strategy aims to guarantee that different versions of the Tor software interact without unrecoverable errors. In this work, we cast protocol tolerance that is enabled by forward-compatible protocol considerations as a fundamental security issue. We argue that, while being beneficial for the developers, protocol tolerance has resulted in a number of strong attacks against Tor in the past fifteen years. To address this issue, we propose Flexible Anonymous Network (FAN), a new software architecture for volunteer-based distributed networks that shifts the dependence away from protocol tolerance without losing the ability for developers to ensure the continuous evolution of their software. We i) instantiate an implementation, ii) evaluate its overheads and, iii) experiment with several of FAN's benefits to defend against a severe attack still applicable to Tor today.

Cryptography and Security

Ludovic Barman,Italo Dacosta,Mahdi Zamani,Ennan Zhai,Apostolos Pyrgelis,Bryan Ford,Joan Feigenbaum,Jean-Pierre Hubaux

DOI: https://doi.org/10.2478/popets-2020-0061

2020-08-17

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Organizational networks are vulnerable to trafficanalysis attacks that enable adversaries to infer sensitive information fromnetwork traffic—even if encryption is used. Typical anonymous communication networks are tailored to the Internet and are poorly suited for organizational networks.We present PriFi, an anonymous communication protocol for LANs, which protects users against eavesdroppers and provides high-performance traffic-analysis resistance. PriFi builds onDining Cryptographers networks (DC-nets), but reduces the high communication latency of prior designs via a new client/relay/server architecture, in which a client’s packets remain on their usual network path without additional hops, and in which a set of remote servers assist the anonymization process without adding latency. PriFi also solves the challenge of equivocation attacks, which are not addressed by related work, by encrypting traffic based on communication history. Our evaluation shows that PriFi introduces modest latency overhead (≈ 100ms for 100 clients) and is compatible with delay-sensitive applications such as Voice-over-IP.

Sergio Castillo-Perez,Joaquin Garcia-Alfaro

DOI: https://doi.org/10.48550/arXiv.1208.3730

2012-08-18

Cryptography and Security

Abstract:The use of anonymity-based infrastructures and anonymisers is a plausible solution to mitigate privacy problems on the Internet. Tor (short for The onion router) is a popular low-latency anonymity system that can be installed as an end-user application on a wide range of operating systems to redirect the traffic through a series of anonymising proxy circuits. The construction of these circuits determines both the latency and the anonymity degree of the Tor anonymity system. While some circuit construction strategies lead to delays which are tolerated for activities like Web browsing, they can make the system vulnerable to linking attacks. We evaluate in this paper three classical strategies for the construction of Tor circuits, with respect to their de-anonymisation risk and latency performance. We then develop a new circuit selection algorithm that considerably reduces the success probability of linking attacks while keeping a good degree of performance. We finally conduct experiments on a real-world Tor deployment over PlanetLab. Our experimental results confirm the validity of our strategy and its performance increase for Web browsing.

Taiyu Wong,Hongyan Cui,Yuepeng Shen,Wenqi Lin,Tao Yu

DOI: https://doi.org/10.1109/uv.2018.8642139

2018-01-01

Abstract:As more and more personal information is used in network services, network anonymity has received more and more attention. Attackers could endanger the victims’ privacy by attacking or eavesdropping nodes during the networks routing. For example, attackers could retrieve the IP and MAC address of victims from network traffics, and use it to corelate the network behavior to individuals. The emerging Software Defined Network (SDN) technique provides a pretty flexible platform that can control the whole network by software programming, which propose a new solution to realize the network anonymity problem. In this paper, we propose a solution based on SDN to anonymize both MAC and IP addresses of network traffics in order to mitigate the privacy threats, and programing it. Furthermore, we test the anonymity function on our SDN Testbed. Our solution supports two working modes: a two-way anonymous mode which anonymizes the IP and MAC addresses of all data packets, and an one-way anonymous mode which anonymizes MAC and IP addresses of senders.

Ke Liu,Adnan Majeed,Nael B. Abu-Ghazaleh

DOI: https://doi.org/10.48550/arXiv.cs/0605088

2006-05-20

Abstract:Traffic analysis in Multi-hop Wireless Networks can expose the structure of the network allowing attackers to focus their efforts on critical nodes. For example, jamming the only data sink in a sensor network can cripple the network. We propose a new communication protocol that is part of the MAC layer, but resides conceptually between the routing layer and MAC, that is resilient to traffic analysis. Each node broadcasts the data that it has to transmit according to a fixed transmission schedule that is independent of the traffic being generated, making the network immune to time correlation analysis. The transmission pattern is identical, with the exception of a possible time shift, at all nodes, removing spatial correlation of transmissions to network strucutre. Data for all neighbors resides in the same encrypted packet. Each neighbor then decides which subset of the data in a packet to forward onwards using a routing protocol whose details are orthogonal to the proposed scheme. We analyze the basic scheme, exploring the tradeoffs in terms of frequency of transmission and packet size. We also explore adaptive and time changing patterns and analyze their performance under a number of representative scenarios.

Networking and Internet Architecture,Cryptography and Security

Xiance Meng,Mangui Liang

DOI: https://doi.org/10.1109/ICCCS61882.2024.10602902

2024-04-19

Abstract:As the most renowned anonymous network, Tor has a broad user base. However, with the increase in users, it faces some performance issues. For instance, relays may become overloaded as more users connect to Tor, leading to network con-gestion. Additionally, changes in network conditions may increase circuit construction latency. These issues severely impact user experience. Studies indicate that the latency for Tor clients is five times higher than for direct connections. This dissatisfaction leads to decreased active users, reducing the network's anonymity. User experience in network access is mainly concerned with network response and data download time. We represent response time by Time to First Byte (TTFB) and Time to Last Byte (TTLB) as the download time. This paper proposes a Multi-Metrics Node Selection (MMNS) method, considering node bandwidth, uptime, and circuit build time. Experimental results show that our proposed method significantly improves network response and data download time, especially for low-latency response applications. Furthermore, we analyzed anonymity and security, confirming that this method ensures security and anonymity for an anonymous communication network.

Engineering,Computer Science

Xiaogang Wang,Junzhou Luo,Ming Yang,Zhen Ling

DOI: https://doi.org/10.1016/j.future.2010.04.007

IF: 7.307

2011-01-01

Future Generation Computer Systems

Abstract:Tor has become one of the most popular overlay networks for anonymizing TCP traffic, however, the anonymity of Tor clients is threatened by various attacks exploiting traffic analysis or Tor's design features. Although considerable effort has been made to secure and improve Tor networks, little attention has been paid to various application-level attacks against Tor. In this paper, we present a potential HTTP-based application-level attack against Tor, which exploits both Tor's design features and HTTP's vulnerability to man-in-the-middle attacks. Such an application-level attack can efficiently and effectively compromise the anonymity of clients without using invasive plugins like Java or any other active content systems in a web browser, posing a serious threat to Tor. Our analytical and empirical results validate the feasibility and effectiveness of the attack. Based on our analysis of the potential attack mechanism, we propose corresponding countermeasures to thwart such potential application-level attacks against Tor, thereby effectively securing and improving Tor networks. Since the fundamental vulnerability exposed by this paper is not specific to web browsing via Tor but rather to the problem of other low-latency applications based on TCP streams, our study is critical for securing and improving low-latency anonymous communication systems.