Herd: A Scalable, Traffic Analysis Resistant Anonymity Network for VoIP Systems

Effectively anonymizing Voice-over-IP (VoIP) calls requires a scalable anonymity network that is resilient to traffic analysis and has sufficiently low delay for high-quality voice calls. The popular Tor anonymity network, for instance, is not designed for the former and cannot typically achieve the latter. In this paper, we present the design, implementation, and experimental evaluation of Herd, an anonymity network where a set of dedicated, fully interconnected cloud-based proxies yield suitably low-delay circuits, while untrusted superpeers add scalability. Herd provides caller/callee anonymity among the clients within a trust zone (e.g., jurisdiction) and under a strong adversarial model. Simulations based on a trace of 370 million mobile phone calls among 10.8 million users indicate that Herd achieves anonymity among millions of clients with low bandwidth requirements, and that superpeers decrease the bandwidth and CPU requirements of the trusted infrastructure by an order of magnitude. Finally, experiments using a prototype deployment on Amazon EC2 show that Herd has a delay low enough for high-quality calls in most cases.

[1]  Arnaud Legout,et al.  Studying social networks at scale: macroscopic anatomy of the twitter social graph , 2014, SIGMETRICS '14.

[2]  Krishna P. Gummadi,et al.  Understanding and Specifying Social Access Control Lists , 2014, SOUPS.

[3]  Paul Francis,et al.  Towards efficient traffic-analysis resistant anonymity networks , 2013, SIGCOMM.

[4]  David Wolinsky,et al.  Dissent in Numbers: Making Strong Anonymity Scale , 2012, OSDI.

[5]  Akira Yamada,et al.  LAP: Lightweight Anonymity and Privacy , 2012, 2012 IEEE Symposium on Security and Privacy.

[6]  Walid Dabbous,et al.  I know where you are and what you are sharing: exploiting P2P communications to invade users' privacy , 2011, IMC '11.

[7]  Matthew K. Wright,et al.  Empirical tests of anonymous voice over IP , 2011, J. Netw. Comput. Appl..

[8]  Carmela Troncoso,et al.  Drac: An Architecture for Anonymous Low-Volume Communications , 2010, Privacy Enhancing Technologies.

[9]  Krishna P. Gummadi,et al.  Measuring User Influence in Twitter: The Million Follower Fallacy , 2010, ICWSM.

[10]  Andriy Panchenko,et al.  Performance Analysis of Anonymous Communication Channels Provided by Tor , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[11]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[12]  Aravind Srinivasan,et al.  P/sup 5/ : a protocol for scalable anonymous communication , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[13]  U Moeller,et al.  Mixmaster Protocol Version 2 , 2004 .

[14]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[15]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[16]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[17]  Aravind Srinivasan,et al.  P/sup 5/ : a protocol for scalable anonymous communication , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[18]  Robert G. Cole,et al.  Voice over IP performance monitoring , 2001, CCRV.

[19]  Andreas Pfitzmann,et al.  The Disadvantages of Free MIX Routes and how to Overcome Them , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[20]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[21]  Birgit Pfitzmann,et al.  Real-time mixes: a bandwidth-efficient anonymity protocol , 1998, IEEE J. Sel. Areas Commun..

[22]  Gene Tsudik,et al.  Mixing E-mail with Babel , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[23]  Birgit Pfitzmann,et al.  ISDN-MIXes: Untraceable Communication with Small Bandwidth Overhead , 1991, Kommunikation in Verteilten Systemen.

[24]  Richard M. Karp,et al.  An optimal algorithm for on-line bipartite matching , 1990, STOC '90.

[25]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.