Anonymous Stochastic Routing.

We propose and analyze a recipient-anonymous stochastic routing model to study a fundamental trade-off between anonymity and routing delay. An agent wants to quickly reach a goal vertex in a network through a sequence of routing actions, while an overseeing adversary observes the agent's entire trajectory and tries to identify her goal among those vertices traversed. We are interested in understanding the probability that the adversary can correctly identify the agent's goal (anonymity), as a function of the time it takes the agent to reach it (delay). A key feature of our model is the presence of intrinsic uncertainty in the environment, so that each of the agent's intended steps is subject to random perturbation and thus may not materialize as planned. Using large-network asymptotics, our main results provide near-optimal characterization of the anonymity-delay trade-off under a number of network topologies. We establish an asymptotically tight characterization of the anonymity-delay trade-off in complete graphs, showing that (1) any level of intrinsic uncertainty will lead to a strictly positive delay overhead for the agent, even as her delay budget tends to infinity, and (2) a carefully designed routing policy can ensure the overhead is only additive with respect to the level of the uncertainty. We further extend the results to networks generated by random graph models, and settings where the network structure can be designed. In both cases, we show it is possible to achieve an additive overhead even for relatively sparse, non-complete networks. Our main technical contributions are centered around a new class of "noise-harnessing" routing strategies that adaptively combine intrinsic uncertainty from the environment with additional artificial randomization to achieve provably efficient obfuscation.

[1]  Giulia Fanti,et al.  Privacy-Utility Tradeoffs in Routing Cryptocurrency over Payment Channel Networks , 2020, SIGMETRICS.

[2]  César A. Hidalgo,et al.  Unique in the Crowd: The privacy bounds of human mobility , 2013, Scientific Reports.

[3]  John C. Mitchell,et al.  Evaluating the privacy properties of telephone metadata , 2016, Proceedings of the National Academy of Sciences.

[4]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[5]  Christos Dimitrakakis,et al.  Algorithms for Differentially Private Multi-Armed Bandits , 2015, AAAI.

[6]  Avrim Blum,et al.  Privacy-Preserving Public Information for Sequential Games , 2014, ITCS.

[7]  John N. Tsitsiklis,et al.  Delay-Predictability Trade-offs in Reaching a Secret Goal , 2018, Oper. Res..

[8]  Jim Kurose,et al.  Computer Networking: A Top-Down Approach , 1999 .

[9]  Beng Chin Ooi,et al.  Peer-to-Peer Computing - Principles and Applications , 2009 .

[10]  Kuang Xu,et al.  Query Complexity of Bayesian Private Learning , 2019, NeurIPS.

[11]  John N. Tsitsiklis,et al.  An Analysis of Stochastic Shortest Path Problems , 1991, Math. Oper. Res..

[12]  Sudeep Kamath,et al.  An operational measure of information leakage , 2016, 2016 Annual Conference on Information Science and Systems (CISS).

[13]  Bryan Ford,et al.  Dissent: accountable anonymous group messaging , 2010, CCS '10.

[14]  Ana Paula Barbosa-Póvoa,et al.  Location-allocation approaches for hospital network planning under uncertainty , 2015, Eur. J. Oper. Res..

[15]  Yehuda Lindell,et al.  Secure Multiparty Computation for Privacy-Preserving Data Mining , 2009, IACR Cryptol. ePrint Arch..

[16]  Srinivas Devadas,et al.  Atom: Horizontally Scaling Strong Anonymity , 2016, SOSP.

[17]  Emin Gün Sirer,et al.  Herbivore: A Scalable and Efficient Protocol for Anonymous Communication , 2003 .

[18]  Ivan Stojmenovic,et al.  Ad hoc Networking , 2004 .

[19]  Ian T. Foster,et al.  Mapping the Gnutella Network: Macroscopic Properties of Large-Scale Peer-to-Peer Systems , 2002, IPTPS.

[20]  Patrick Jaillet,et al.  Routing Optimization Under Uncertainty , 2016, Oper. Res..

[21]  Pramod Viswanath,et al.  Spy vs. Spy , 2014, SIGMETRICS.

[22]  Volkan Sezer,et al.  Towards autonomous navigation of unsignalized intersections under uncertainty of human driver intent , 2015, 2015 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS).

[23]  Muriel Médard,et al.  Fundamental limits of perfect privacy , 2015, 2015 IEEE International Symposium on Information Theory (ISIT).

[24]  Wuqiong Luo,et al.  Infection Spreading and Source Identification: A Hide and Seek Game , 2015, IEEE Transactions on Signal Processing.

[25]  Vitaly Shmatikov,et al.  Privacy-preserving deep learning , 2015, 2015 53rd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[26]  J. Croucher A note on the stochastic shortest‐route problem , 1978 .

[27]  Patrick Jaillet,et al.  Robust Adaptive Routing Under Uncertainty , 2014, Oper. Res..

[28]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[29]  Dan Boneh,et al.  Riposte: An Anonymous Messaging System Handling Millions of Users , 2015, 2015 IEEE Symposium on Security and Privacy.

[30]  Adaptive least-expected time paths in stochastic, time-varying transportation and data networks , 2001 .

[31]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[32]  L. A. Zadeh,et al.  Optimal Pursuit Strategies in Discrete-State Probabilistic Systems , 1962 .

[33]  John N. Tsitsiklis,et al.  Private Sequential Learning , 2018, COLT.

[34]  Aaron L. Bodoh-Creed,et al.  To reveal or not to reveal: Privacy preferences and economic frictions , 2017, Games Econ. Behav..

[35]  Piotr Sapiezynski,et al.  Quantifying Surveillance in the Networked Age: Node-based Intrusions and Group Privacy , 2018, ArXiv.

[36]  Adam Wierman,et al.  The Empirical Implications of Privacy-Aware Choice , 2016, Oper. Res..

[37]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[38]  Erico Guizzo The Rise of the Machines , 2008, IEEE Spectrum.

[39]  Rann Smorodinsky,et al.  Perception Games and Privacy , 2014, Games Econ. Behav..