Link Us if You Can: Enabling Unlinkable Communication on the Internet

For online conversations with top privacy, we often need to erase the existing contact behavior. Thus we want communications in which adversaries can not link you to the person you contact, namely communications with unlinkability. However, most current communication systems including variations of Mix networks fail to maintain unlinkability against global active adversaries (GAA) who can monitor global traffic and easily compromise clients and infrastructures. Therefore, designing an unlinkable communication system against GAA is challenging. By analyzing limitations of current communication systems, we propose two other features to assure unlinkability: covertness and deniability. In this paper, we design HTor, a novel and practical communication system with unlinkability, via a single web server. HTor interpolates the server to cut off the direct connection between two people in one communication and exploits covert channels (CCs) to hide communications between clients and the server. Considering servers might be corrupted, HTor utilizes a group mechanism to protect the receiver for each message. By extensive large-scale evaluations, we show that communications over HTor are robust and difficult to detect. Besides, HTor is easily implemented and, with multiple servers, it can provide enough bandwidth and relatively low latency for chatting.

[1]  P. Syverson Sleeping dogs lie on a bed of onions but wake when mixed , 2011 .

[2]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[3]  Daryl Johnson,et al.  A HTTP cookie covert channel , 2011, SIN '11.

[4]  Thomas Engel,et al.  Unlinkable Communication , 2008, 2008 Sixth Annual Conference on Privacy, Security and Trust.

[5]  Daryl Johnson,et al.  Covert Channel in HTTP User-Agents , 2016 .

[6]  Steven Gianvecchio,et al.  Detecting covert timing channels: an entropy-based approach , 2007, CCS '07.

[7]  Prateek Mittal,et al.  Anonymity on QuickSand: Using BGP to Compromise Tor , 2014, HotNets.

[8]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[9]  Volker Fusenig Anonymity and Unlinkability in Electronic Communications , 2009 .

[10]  Bo Yuan,et al.  Covert channels in the HTTP network protocol: Channel characterization and detecting man-in-the-middle attacks , 2010 .

[11]  Kevin Borders,et al.  Web tap: detecting covert web traffic , 2004, CCS '04.

[12]  James T. Kwok,et al.  Mining customer product ratings for personalized marketing , 2003, Decis. Support Syst..

[13]  Roy T. Fielding,et al.  Hypertext Transfer Protocol (HTTP/1.1): Caching , 2014, RFC.

[14]  Daryl Johnson,et al.  Behavior-Based Covert Channel in Cyberspace , 2009 .

[15]  Prateek Mittal,et al.  RAPTOR: Routing Attacks on Privacy in Tor , 2015, USENIX Security Symposium.

[16]  Krzysztof Szczypiorski,et al.  The covert channel over HTTP protocol , 2016, Symposium on Photonics Applications in Astronomy, Communications, Industry, and High-Energy Physics Experiments (WILGA).

[17]  Nikita Borisov,et al.  Off-the-record communication, or, why not to use PGP , 2004, WPES '04.

[18]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[19]  Nick Feamster,et al.  Infranet: Circumventing Web Censorship and Surveillance , 2002, USENIX Security Symposium.