Tarzan: a peer-to-peer anonymizing network layer

Tarzan is a peer-to-peer anonymous IP network overlay. Because it provides IP service, Tarzan is general-purpose and transparent to applications. Organized as a decentralized peer-to-peer overlay, Tarzan is fault-tolerant, highly scalable, and easy to manage.Tarzan achieves its anonymity with layered encryption and multi-hop routing, much like a Chaumian mix. A message initiator chooses a path of peers pseudo-randomly through a restricted topology in a way that adversaries cannot easily influence. Cover traffic prevents a global observer from using traffic analysis to identify an initiator. Protocols toward unbiased peer-selection offer new directions for distributing trust among untrusted entities.Tarzan provides anonymity to either clients or servers, without requiring that both participate. In both cases, Tarzan uses a network address translator (NAT) to bridge between Tarzan hosts and oblivious Internet hosts.Measurements show that Tarzan imposes minimal overhead over a corresponding non-anonymous overlay route.

[1]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[2]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[3]  David R. Karger,et al.  Consistent hashing and random trees: distributed caching protocols for relieving hot spots on the World Wide Web , 1997, STOC '97.

[4]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[5]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[6]  David A. Wagner,et al.  TAZ Servers and the Rewebber Network: Enabling Anonymous Publishing on the World Wide Web , 1998, First Monday.

[7]  Mor Harchol-Balter,et al.  Resource discovery in distributed networks , 1999, PODC '99.

[8]  Riccardo Bettati,et al.  Preventing traffic analysis for real-time communication networks , 1999, MILCOM 1999. IEEE Military Communications. Conference Proceedings (Cat. No.99CH36341).

[9]  David Mazières,et al.  Separating key management from file system security , 1999, SOSP.

[10]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[11]  Roger Dingledine,et al.  The Free Haven Project: Distributed Anonymous Storage Service , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[12]  Aviel D. Rubin,et al.  Publius: a robust, tamper-evident, censorship-resistant web publishing system , 2000 .

[13]  I. Clarke,et al.  A distributed anonymous information storage and retrievalsystem , 2000 .

[14]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[15]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[16]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[17]  Hannes Federrath Designing Privacy Enhancing Technologies , 2001, Lecture Notes in Computer Science.

[18]  Hannes Federrath,et al.  International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability , 2001 .

[19]  Eric C. Rosen,et al.  Multiprotocol Label Switching Architecture , 2001, RFC.

[20]  David Mazières,et al.  Tangler: a censorship-resistant publishing system based on document entanglements , 2001, CCS '01.

[21]  David R. Karger,et al.  Wide-area cooperative storage with CFS , 2001, SOSP.

[22]  Robert Morris,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM 2001.

[23]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[24]  B. E. Eckbo,et al.  Appendix , 1826, Epilepsy Research.

[25]  Hannes Federrath,et al.  Designing Privacy Enhancing Technologies, International Workshop on Design Issues in Anonymity and Unobservability, Berkeley, CA, USA, July 25-26, 2000, Proceedings , 2001, International Workshop on Design Issues in Anonymity and Unobservability.

[26]  Andrew Schulman,et al.  Deanonymizing Users of the SafeWeb Anonymizing Service , 2002, USENIX Security Symposium.

[27]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[28]  Michael J. Freedman,et al.  A peer-to-peer anonymizing network layer , 2002 .

[29]  Micah Adler,et al.  An Analysis of the Degradation of Anonymous Protocols , 2002, NDSS.

[30]  Peter Sewell,et al.  Passive Attack Analysis for Connection-Based Anonymity Systems , 2003, ESORICS.

[31]  Dan S. Wallach,et al.  AP3: cooperative, decentralized anonymous communication , 2004, EW 11.

[32]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.