MIC: An Efficient Anonymous Communication System in Data Center Networks

With the rapid growth of application migration, the anonymity in data center networks becomes important in breaking attack chains and guaranteeing user privacy. However, existing anonymity systems are designed for the Internet environment, which suffer from high computational and network resource consumption and deliver low performance, thus failing to be directly deployed in data centers. In order to address this problem, this paper proposes an efficient and easily deployed anonymity scheme for SDN-based data centers, called MIC. The main idea behind MIC is to conceal the communication participants by modifying the source/destination addresses (such as MAC, IP and port) at switch nodes, so as to achieve anonymity. Compared with the traditional overlay-based approaches, our in-network scheme has shorter transmission paths and less intermediate operations, thus achieving higher performance with less overhead. We also propose a collision avoidance mechanism to ensure the correctness of routing, and two mechanisms to enhance the traffic-analysis resistance. Our security analysis demonstrates that MIC ensures unlinkability and improves traffic-analysis resistance. Our experiments show that MIC has extremely low overhead compared with the base-line TCP (or SSL), e.g., less than 1% overhead in terms of throughput.

[1]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[2]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[3]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[4]  Xin Wu,et al.  zUpdate: updating data center networks with zero loss , 2013, SIGCOMM.

[5]  Akira Yamada,et al.  LAP: Lightweight Anonymity and Privacy , 2012, 2012 IEEE Symposium on Security and Privacy.

[6]  Bernhard Plattner,et al.  Introducing MorphMix: peer-to-peer based anonymous Internet usage with collusion detection , 2002, WPES '02.

[7]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[8]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[9]  Haitao Wu,et al.  BCube: a high performance, server-centric network architecture for modular data centers , 2009, SIGCOMM '09.

[10]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[11]  Kang Chen,et al.  Fine-Grained Encountering Information Collection under Neighbor Anonymity in Mobile Opportunistic Social Networks , 2015, 2015 IEEE 23rd International Conference on Network Protocols (ICNP).

[12]  David Wolinsky,et al.  Dissent in Numbers: Making Strong Anonymity Scale , 2012, OSDI.

[13]  Fang Wang,et al.  MCTCP: Congestion-aware and robust multicast TCP in Software-Defined networks , 2016, 2016 IEEE/ACM 24th International Symposium on Quality of Service (IWQoS).

[14]  Kazue Sako,et al.  An Efficient Scheme for Proving a Shuffle , 2001, CRYPTO.

[15]  Weisong Shi,et al.  Mobile anonymity of dynamic groups in vehicular networks , 2008, Secur. Commun. Networks.

[16]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[17]  Gene Tsudik,et al.  Mixing E-mail with Babel , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[18]  Aravind Srinivasan,et al.  P/sup 5/ : a protocol for scalable anonymous communication , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[19]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[20]  John C. S. Lui,et al.  Identity attack and anonymity protection for P2P-VoD systems , 2011, 2011 IEEE Nineteenth IEEE International Workshop on Quality of Service.

[21]  Pavlin Radoslavov,et al.  ONOS: towards an open, distributed SDN OS , 2014, HotSDN.

[22]  Tao Zhang,et al.  Probabilistic Adaptive Anonymous Authentication in Vehicular Networks , 2008, Journal of Computer Science and Technology.

[23]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[24]  U Moeller,et al.  Mixmaster Protocol Version 2 , 2004 .

[25]  Sachin Katti,et al.  Information Slicing: Anonymity Using Unreliable Overlays , 2007, NSDI.

[26]  Peter Palfrader,et al.  Mixmaster protocol --- version 2 , 2000 .

[27]  Haiying Shen,et al.  ALERT: An Anonymous Location-Based Efficient Routing Protocol in MANETs , 2011, IEEE Transactions on Mobile Computing.

[28]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[29]  Amin Vahdat,et al.  Hedera: Dynamic Flow Scheduling for Data Center Networks , 2010, NSDI.

[30]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[31]  Nick McKeown,et al.  Reproducible network experiments using container-based emulation , 2012, CoNEXT '12.

[32]  Emin Gün Sirer,et al.  Herbivore: A Scalable and Efficient Protocol for Anonymous Communication , 2003 .

[33]  Aravind Srinivasan,et al.  P/sup 5/ : a protocol for scalable anonymous communication , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[34]  Paul Francis,et al.  Towards efficient traffic-analysis resistant anonymity networks , 2013, SIGCOMM.

[35]  Qi Li,et al.  Achieving Content-Oriented Anonymity with CRISP , 2017, IEEE Transactions on Dependable and Secure Computing.

[36]  Eric C. Rosen,et al.  Multiprotocol Label Switching Architecture , 2001, RFC.

[37]  Brian Neil Levine,et al.  Hordes: a Multicast-Based Protocol for Anonymity , 2002, J. Comput. Secur..

[38]  Stefan Savage,et al.  Herd : A Scalable , Traffic Analysis Resistant Anonymity Network for VoIP Systems , 2015 .

[39]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.