Hordes: a Multicast-Based Protocol for Anonymity

With widespread acceptance of the Internet as a public medium for communication and information retrieval, there has been rising concern that the personal privacy of users can be eroded by cooperating network entities. A technical solution to maintaining privacy is to provide anonymity. We present a protocol for initiator anonymity called Hordes, which uses forwarding mechanisms similar to those used in previous protocols for sending data, but is the first protocol to make use of multicast routing to anonymously receive data. We show this results in shorter transmission latencies and requires less work of the protocol participants, in terms of the messages processed. We also present a comparison of the security and anonymity of Hordes with previous protocols, using the first quantitative definition of anonymity and unlinkability. Our analysis shows that Hordes provides anonymity in a degree similar to that of Crowds and Onion Routing, but also that Hordes has numerous performance advantages.

[1]  David Thaler,et al.  Protocol Independent Multicast-Sparse Mode (PIM-SM): Protocol Specification , 1997, RFC.

[2]  Kevin C. Almeroth,et al.  The evolution of multicast: from the MBone to interdomain multicast to Internet2 deployment , 2000, IEEE Netw..

[3]  Randy H. Katz,et al.  The effects of asymmetry on TCP performance , 1997, MobiCom '97.

[4]  Stuart Staniford-Chen,et al.  Holding intruders accountable on the Internet , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[5]  Sanjoy Paul,et al.  Multicasting on the Internet and its Applications , 1998, Springer US.

[6]  Rob Kling,et al.  Anonymous Communication Policies for the Internet: Results and Recommendations of the AAAS Conference , 1999, Inf. Soc..

[7]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[8]  Yin Zhang,et al.  Detecting Stepping Stones , 2000, USENIX Security Symposium.

[9]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[10]  Tony Ballardie,et al.  Core Based Trees (CBT version 2) Multicast Routing - Protocol Specification - , 1997, RFC.

[11]  Christophe Diot,et al.  Deployment issues for the IP multicast service and architecture , 2000, IEEE Netw..

[12]  Paul F. Syverson,et al.  Proxies for anonymous routing , 1996, Proceedings 12th Annual Computer Security Applications Conference.

[13]  Brian Neil Levine,et al.  A protocol for anonymous communication over the Internet , 2000, CCS.

[14]  Avideh Zakhor,et al.  Real-Time Internet Video Using Error Resilient Scalable Compression and TCP-Friendly Transport Protocol , 1999, IEEE Trans. Multim..

[15]  Nei Kato,et al.  Towards trapping wily intruders in the large , 2000, Recent Advances in Intrusion Detection.

[16]  Paul F. Syverson,et al.  Group Principals and the Formalization of Anonymity , 1999, World Congress on Formal Methods.

[17]  Ellen W. Zegura,et al.  A quantitative comparison of graph-based models for Internet topology , 1997, TNET.

[18]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[19]  Bill Fenner,et al.  Multicast Source Discovery Protocol (MSDP) , 2003, RFC.

[20]  Ellen W. Zegura,et al.  How to model an internetwork , 1996, Proceedings of IEEE INFOCOM '96. Conference on Computer Communications.

[21]  D. Estrin,et al.  The MASC/BGMP architecture for inter-domain multicast routing , 1998, SIGCOMM '98.

[22]  J. J. Garcia-Luna-Aceves,et al.  Organizing multicast receivers deterministically by packet-loss correlation , 1998, MULTIMEDIA '98.

[23]  Daniel A. Spielman,et al.  Practical loss-resilient codes , 1997, STOC '97.

[24]  Rob Kling,et al.  Assessing Anonymous Communication on the Internet: Policy Deliberations , 1999, Inf. Soc..

[25]  Birgit Pfitzmann,et al.  The Dining Cryptographers in the Disco - Underconditional Sender and Recipient Untraceability with Computationally Secure Serviceability (Abstract) , 1990, EUROCRYPT.

[26]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[27]  Deborah Estrin,et al.  Protocol Independent Multicast Version 2 Dense Mode Specification , 1999 .