Membership-concealing overlay networks

We introduce the concept of membership-concealing overlay networks (MCONs), which hide the real-world identities of participants. We argue that while membership concealment is orthogonal to anonymity and censorship resistance, pseudonymous communication and censorship resistance become much easier if done over a membership-concealing network. We formalize the concept of membership concealment, discuss a number of attacks against existing systems and present real-world attack results. We then propose three proof-of-concept MCON designs that resist those attacks: one that is more efficient, another that is more robust to membership churn, and a third that balances efficiency and robustness. We show theoretical and simulation results demonstrating the feasibility and performance of our schemes.

[1]  Andrew S. Tanenbaum,et al.  Safe and Private Data Sharing with Turtle: Friends Team-Up and Beat the System , 2004, Security Protocols Workshop.

[2]  Michael J. Freedman,et al.  A peer-to-peer anonymizing network layer , 2002 .

[3]  Pankaj Rohatgi,et al.  Can Pseudonymity Really Guarantee Privacy? , 2000, USENIX Security Symposium.

[4]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[5]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, EUROCRYPT.

[6]  Chandra Prakash,et al.  SybilInfer: Detecting Sybil Nodes using Social Networks , 2011 .

[7]  Gene Tsudik,et al.  Communication-Efficient Group Key Agreement , 2001, SEC.

[8]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense Against Sybil Attacks , 2010, IEEE/ACM Trans. Netw..

[9]  Paul England,et al.  The Darknet and the Future of Content Distribution , 2003 .

[10]  Oskar Sandberg,et al.  Distributed Routing in Small-World Networks , 2006, ALENEX.

[11]  Antony I. T. Rowstron,et al.  Virtual ring routing: network routing inspired by DHTs , 2006, SIGCOMM.

[12]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[13]  Ronald J. Deibert,et al.  Access Denied The Practice and Policy of Global Internet Filtering , 2008, CrimRxiv.

[14]  Jinyang Li,et al.  Pass it on: social networks stymie censors , 2008, IPTPS.

[15]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[16]  David R. Karger,et al.  Kademlia: A peer-to-peer information system based on the xor metric , 2003 .

[17]  R. Dingledine,et al.  Design of a blocking-resistant anonymity system , 2006 .

[18]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[19]  Benjamin Edelman,et al.  Internet Filtering in China , 2003, IEEE Internet Comput..

[20]  Matthias Bauer New covert channels in HTTP: adding unwitting Web browsers to anonymity sets , 2003, WPES '03.

[21]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[22]  A. Rowstron,et al.  Scalable, decentralized object location and routing for large-scale peer-to-peer systems , 2001 .

[23]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[24]  Micah Adler,et al.  An Analysis of the Degradation of Anonymous Protocols , 2002, NDSS.

[25]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[26]  David R. Karger,et al.  Chord: a scalable peer-to-peer lookup protocol for internet applications , 2003, TNET.

[27]  Nick Feamster,et al.  Infranet: Circumventing Web Censorship and Surveillance , 2002, USENIX Security Symposium.

[28]  George Danezis,et al.  Sybil-Resistant DHT Routing , 2005, ESORICS.

[29]  Riccardo Bettati,et al.  On countermeasures to traffic analysis attacks , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[30]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[31]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[32]  Andrei Serjantov,et al.  Nonesuch: a mix network with sender unobservability , 2006, WPES '06.

[33]  George Danezis,et al.  The Economics of Mass Surveillance and the Questionable Value of Anonymous Communications , 2006, WEIS.

[34]  David Mazières,et al.  Tangler: a censorship-resistant publishing system based on document entanglements , 2001, CCS '01.

[35]  David Mazières,et al.  The design, implementation and operation of an email pseudonym server , 1998, CCS '98.

[36]  Matthew K. Wright,et al.  Salsa: a structured approach to large-scale anonymity , 2006, CCS '06.

[37]  Krishna P. Gummadi,et al.  Measurement and analysis of online social networks , 2007, IMC '07.

[38]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[39]  Lili Qiu,et al.  Statistical identification of encrypted Web browsing traffic , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[40]  Peter Sewell,et al.  Passive-attack analysis for connection-based anonymity systems , 2004, International Journal of Information Security.

[41]  Robert Morris,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM 2001.

[42]  I. Clarke,et al.  A distributed anonymous information storage and retrievalsystem , 2000 .

[43]  Nick Feamster,et al.  Thwarting Web Censorship with Untrusted Messenger Discovery , 2003, Privacy Enhancing Technologies.

[44]  Jon M. Kleinberg,et al.  The small-world phenomenon: an algorithmic perspective , 2000, STOC '00.

[45]  Michael Kaminsky,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, S&P 2008.

[46]  G. Cox,et al.  ~ " " " ' l I ~ " " -" . : -· " J , 2006 .

[47]  Maxwell Young,et al.  Reducing communication costs in robust peer-to-peer networks , 2008, Inf. Process. Lett..

[48]  Antony Rowstron,et al.  Virtual ring routing: network routing inspired by DHTs , 2006, SIGCOMM 2006.

[49]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.