Protecting anonymity in dynamic peer-to-peer networks

Peer-to-peer anonymous networks offer the resources to support todaypsilas Internet applications. In todaypsilas dynamic networks, the key challenge to these systems arises from node dynamics and failures that disrupt anonymous routing paths, forcing them to be frequently rebuilt. Not only do these path rebuilds interrupt application sessions, but they also leak information to logging attacks such as the predecessor attack, leading to significant degradation of anonymity over long sessions. In this paper, we propose Bluemoon, a new anonymous protocol that provides strong resilience against the predecessor attack through the use of persistent anonymous links called hooks. When chained together, these links create robust anonymous paths that avoid path disruptions and rebuilds across node failures. Through detailed analysis, we show that relative to prior approaches, Bluemoon provides significantly stronger resistance against predecessor attacks. Finally, we implement and deploy a prototype on both local and Internet-scale network testbeds, and show that it provides high throughput even in high-load environments such as PlanetLab.

[1]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[2]  Antony I. T. Rowstron,et al.  Cashmere: resilient anonymous routing , 2005, NSDI.

[3]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[4]  Micah Adler,et al.  The predecessor attack: An analysis of a threat to anonymous communications systems , 2004, TSEC.

[5]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[6]  G. Danezis,et al.  Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity , 2007 .

[7]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[8]  Miguel Castro,et al.  Security for Structured Peer-to-peer Overlay Networks , 2004 .

[9]  Micah Adler,et al.  Defending anonymous communications against passive logging attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[10]  Peter Druschel,et al.  Pastry: Scalable, distributed object location and routing for large-scale peer-to- , 2001 .

[11]  Apu Kapadia,et al.  Halo: High-Assurance Locate for Distributed Hash Tables , 2008, NDSS.

[12]  Dirk Grunwald,et al.  Low-resource routing attacks against tor , 2007, WPES '07.

[13]  Aravind Srinivasan,et al.  P/sup 5/ : a protocol for scalable anonymous communication , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[14]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[15]  Andreas Haeberlen,et al.  Efficient Replica Maintenance for Distributed Storage Systems , 2006, NSDI.

[16]  Xiaojuan Cai,et al.  Measuring Anonymity , 2009, ISPEC.

[17]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[18]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[19]  Scott Shenker,et al.  Internet indirection infrastructure , 2004, IEEE/ACM Transactions on Networking.

[20]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[21]  Robert Morris,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM 2001.

[22]  Michael J. Freedman,et al.  A peer-to-peer anonymizing network layer , 2002 .

[23]  Roger Dingledine,et al.  Reliable MIX Cascade Networks through Reputation , 2002, Financial Cryptography.

[24]  George Danezis Mix-Networks with Restricted Routes , 2003, Privacy Enhancing Technologies.

[25]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[26]  Aravind Srinivasan,et al.  P/sup 5/ : a protocol for scalable anonymous communication , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[27]  Stefan Saroiu,et al.  A Measurement Study of Peer-to-Peer File Sharing Systems , 2001 .

[28]  Scott Shenker,et al.  Internet indirection infrastructure , 2002, SIGCOMM 2002.

[29]  B. Bhattacharjee,et al.  A Protocol for Scalable Anonymous Communication , 1999 .

[30]  Miguel Castro,et al.  Performance and dependability of structured peer-to-peer overlays , 2004, International Conference on Dependable Systems and Networks, 2004.

[31]  Matthew K. Wright,et al.  Salsa: a structured approach to large-scale anonymity , 2006, CCS '06.

[32]  Emin Gün Sirer,et al.  Eluding carnivores: file sharing with strong anonymity , 2004, EW 11.

[33]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[34]  Ben Y. Zhao,et al.  Towards a Common API for Structured Peer-to-Peer Overlays , 2003, IPTPS.

[35]  Ben Y. Zhao,et al.  Securing Structured Overlays against Identity Attacks , 2009, IEEE Transactions on Parallel and Distributed Systems.

[36]  Russ Bubley,et al.  Randomized algorithms , 1995, CSUR.

[37]  Micah Adler,et al.  An Analysis of the Degradation of Anonymous Protocols , 2002, NDSS.

[38]  Rajeev Motwani,et al.  Randomized algorithms , 1996, CSUR.

[39]  S. Krause,et al.  OverSim: A Flexible Overlay Network Simulation Framework , 2007, 2007 IEEE Global Internet Symposium.