No right to remain silent: Isolating Malicious Mixes

Mix networks are a key technology to achieve network anonymity, private messaging, voting and database lookups. However, simple mix networks are vulnerable to malicious mixes, which may drop or delay packets to facilitate traffic analysis attacks. Mix networks with provable robustness address this drawback through complex and expensive proofs of correct shuffling, but come at a great cost and make limiting or unrealistic systems assumptions. We present Miranda, a synchronous mix network mechanism, which is provably secure against malicious mixes attempting active attacks to de-anonymize users, while retaining the simplicity, efficiency and practicality of mix networks designs. Miranda derives a robust mix reputation through the first-hand experience of mix node unreliability, reported by clients or other mixes. As a result, each active attack – including dropping packets – leads to reduced connectivity for malicious mixes and reduces their ability to attack. We show, through experiments, the effectiveness and practicality of Miranda by demonstrating that attacks are neutralized early, and that performance does not suffer.

[1]  Feller William,et al.  An Introduction To Probability Theory And Its Applications , 1950 .

[2]  Kaoru Kurosawa,et al.  Attack for Flash MIX , 2000, ASIACRYPT.

[3]  Jens Groth,et al.  Efficient Zero-Knowledge Argument for Correctness of a Shuffle , 2012, EUROCRYPT.

[4]  Harald Niederreiter,et al.  Probability and computing: randomized algorithms and probabilistic analysis , 2006, Math. Comput..

[5]  Daniel P. Heyman,et al.  Stochastic processes and operating characteristics , 2004 .

[6]  J. Markus,et al.  Millimix: Mixing in Small Batches , 1999 .

[7]  Srinivas Devadas,et al.  Atom: Horizontally Scaling Strong Anonymity , 2016, SOSP.

[8]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[9]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[10]  B. Melamed,et al.  Traffic modeling for telecommunications networks , 1994, IEEE Communications Magazine.

[11]  B. Harshbarger An Introduction to Probability Theory and its Applications, Volume I , 1958 .

[12]  Mike Perry,et al.  TorFlow: Tor Network Analysis , 2009 .

[13]  Roger Dingledine,et al.  Reliable MIX Cascade Networks through Reputation , 2002, Financial Cryptography.

[14]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[15]  Nickolai Zeldovich,et al.  Vuvuzela: scalable private messaging resistant to traffic analysis , 2015, SOSP.

[16]  Marko Vukolic,et al.  XFT: Practical Fault Tolerance beyond Crashes , 2015, OSDI.

[17]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[18]  Amir Herzberg,et al.  Two Cents for Strong Anonymity: The Anonymous Post-office Protocol , 2016, IACR Cryptol. ePrint Arch..

[19]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[20]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[21]  George Danezis,et al.  Sphinx: A Compact and Provably Secure Mix Format , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[22]  Peter Palfrader,et al.  Mixmaster protocol --- version 2 , 2000 .

[23]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[24]  Roger Dingledine,et al.  From a Trickle to a Flood: Active Attacks on Several Mix Types , 2002, Information Hiding.

[25]  George Danezis,et al.  The Loopix Anonymity System , 2017, USENIX Security Symposium.

[26]  Aziz Mohaisen,et al.  On the mixing time of directed social graphs and security implications , 2012, ASIACCS '12.

[27]  Aziz Mohaisen,et al.  Measuring the mixing time of social graphs , 2010, IMC '10.

[28]  Yvo Desmedt,et al.  How to Break a Practical MIX and Design a New One , 2000, EUROCRYPT.

[29]  Hugo Krawczyk,et al.  Robust Threshold DSS Signatures , 1996, Inf. Comput..

[30]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[31]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[32]  Andreas Pfitzmann,et al.  The Disadvantages of Free MIX Routes and how to Overcome Them , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[33]  Luigi Rizzo,et al.  Effective erasure codes for reliable computer communication protocols , 1997, CCRV.

[34]  Dan Boneh,et al.  Riposte: An Anonymous Messaging System Handling Millions of Users , 2015, 2015 IEEE Symposium on Security and Privacy.

[35]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[36]  George Danezis,et al.  Heartbeat traffic to counter (n-1) attacks: red-green-black mixes , 2003, WPES '03.

[37]  Vitaly Shmatikov,et al.  Synchronous Batching: From Cascades to Free Routes , 2004, Privacy Enhancing Technologies.

[38]  George Danezis,et al.  Sybil-Resistant DHT Routing , 2005, ESORICS.

[39]  Markus Jakobsson,et al.  Flash mixing , 1999, PODC '99.

[40]  Mihir Bellare,et al.  Distributed pseudo-random bit generators—a new way to speed-up shared coin tossing , 1996, PODC '96.

[41]  Steven J. Murdoch,et al.  Hot or not: revealing hidden services by their clock skew , 2006, CCS '06.

[42]  Shahram Khazaei,et al.  Randomized Partial Checking Revisited , 2013, CT-RSA.

[43]  Masayuki Abe,et al.  Mix-Networks on Permutation Networks , 1999, ASIACRYPT.

[44]  George Danezis,et al.  Denial of service or denial of security? , 2007, CCS '07.

[45]  Chandra Prakash,et al.  SybilInfer: Detecting Sybil Nodes using Social Networks , 2011 .

[46]  Dogan Kesdogan,et al.  Measuring Anonymity: The Disclosure Attack , 2003, IEEE Secur. Priv..

[47]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[48]  Roger Dingledine,et al.  A Reputation System to Increase MIX-Net Reliability , 2001, Information Hiding.

[49]  Ralf Küsters,et al.  Formal Analysis of Chaumian Mix Nets with Randomized Partial Checking , 2014, 2014 IEEE Symposium on Security and Privacy.

[50]  Markus Jakobsson,et al.  Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking , 2002, USENIX Security Symposium.

[51]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[52]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.