Proposal, design and evaluation of a mechanism to limit the length of anonymous overlay network paths

An alternative to guarantee anonymity in overlay networks may be achieved by building a multi-hop path between the initiator and the destination. Random walks (also known by means of the Crowds algorithm) have been widely used for this purpose in IP networks. Therefore, we explore the use of a Crowds-based mechanism to provide anonymity in overlay networks. However, the original algorithm does not limit the length of the paths, and in an overlay network the associated costs may grow excessively. Thus, controlling the length of the Crowds-based paths is a crucial issue in this scenario. A straightforward implementation makes use of a time-to-live (TTL) field. However, this implementation will immediately reveal whether the predecessor node is the initiator or not. This paper presents a novel mechanism to control the path length without using the TTL field. We propose an analytical model to evaluate the degree of anonymity when the path length is limited using our scheme. We conclude that limiting the multi-hop path length does not have any relevant impact over the degree of anonymity. We also prove that the new mechanism does not increase the vulnerability of Crowds over the traffic analysis and predecessor attacks.

[1]  Tianbo Lu,et al.  Performance analysis of WonGoo system , 2005, The Fifth International Conference on Computer and Information Technology (CIT'05).

[2]  P. Mahalanobis On the generalized distance in statistics , 1936 .

[3]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[4]  T. Kailath The Divergence and Bhattacharyya Distance Measures in Signal Selection , 1967 .

[5]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[6]  U Moeller,et al.  Mixmaster Protocol Version 2 , 2004 .

[7]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[8]  P. Meer,et al.  Retrieval performance improvement through low rank corrections , 1999, Proceedings IEEE Workshop on Content-Based Access of Image and Video Libraries (CBAIVL'99).

[9]  Simone Fischer-Hübner,et al.  mCrowds : Anonymity for the Mobile Internet , 2003 .

[10]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[11]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[12]  Eric Brewer,et al.  Anonymous routing in structured peer-to-peer overlays , 2005 .

[13]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[14]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[15]  Pablo Rodriguez,et al.  Advances in Peer-to-Peer Streaming Systems [Guest Editorial] , 2007, IEEE J. Sel. Areas Commun..

[16]  Brian Neil Levine,et al.  Hordes: a Multicast-Based Protocol for Anonymity , 2002, J. Comput. Secur..

[17]  Jianxin Wang,et al.  A scalable anonymous communication system based on two-layers management scheme , 2006, 2006 International Conference on Communication Technology.

[18]  Dan S. Wallach,et al.  AP3: cooperative, decentralized anonymous communication , 2004, EW 11.

[19]  David A. Wagner,et al.  Privacy-enhancing technologies for the Internet , 1997, Proceedings IEEE COMPCON 97. Digest of Papers.

[20]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[21]  Micah Adler,et al.  Passive-Logging Attacks Against Anonymous Communications Systems , 2008, TSEC.

[22]  Micah Adler,et al.  The predecessor attack: An analysis of a threat to anonymous communications systems , 2004, TSEC.

[23]  P. Bhattacharya,et al.  Statistical similarity measures in image retrieval systems with categorization & block based partition , 2005, IEEE International Workshop on Imaging Systems and Techniques, 2005.

[24]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.