MIMIQ: Masking IPs with Migration in QUIC

The emerging QUIC transport protocol offers new opportunities to protect user privacy. We present MIMIQ, a privacyenhancing system that leverages QUIC to protect user identity and thwart traffic-analysis attacks. MIMIQ leverages QUIC’s connection migration capability to change a client’s IP address frequently—even within individual connections— without disrupting ongoing transfers or changing the client’s physical location. MIMIQ is readily deployable, requiring no cooperation from networks other than the trusted network where it runs. The trusted network facilitates routing of return traffic by running an address allocation server that assigns IP addresses to clients and forwarding rules to switches. By strategically choosing migration times, MIMIQ can defeat certain traffic-analysis attacks while incurring low performance overhead.

[1]  Chen Chen,et al.  PHI: Path-Hidden Lightweight Anonymity Protocol at Network Layer , 2017, Proc. Priv. Enhancing Technol..

[2]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[3]  Patrick Thiran,et al.  Protecting against Website Fingerprinting with Multihoming , 2020, Proc. Priv. Enhancing Technol..

[4]  Prateek Mittal,et al.  RAPTOR: Routing Attacks on Privacy in Tor , 2015, USENIX Security Symposium.

[5]  David Wetherall,et al.  Enlisting ISPs to Improve Online Privacy: IP Address Mixing by Default , 2009, Privacy Enhancing Technologies.

[6]  Akira Yamada,et al.  LAP: Lightweight Anonymity and Privacy , 2012, 2012 IEEE Symposium on Security and Privacy.

[7]  Thomas Engel,et al.  Website fingerprinting in onion routing based anonymization networks , 2011, WPES.

[8]  George Danezis,et al.  HORNET: High-speed Onion Routing at the Network Layer , 2015, CCS.

[9]  Mohsen Guizani,et al.  Empirical Performance Evaluation of QUIC Protocol for Tor Anonymity Network , 2019, 2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC).

[10]  Matthew K. Wright,et al.  Dovetail: Stronger Anonymity in Next-Generation Internet Routing , 2014, Privacy Enhancing Technologies.

[11]  Andrew Hintz,et al.  Fingerprinting Websites Using Traffic Analysis , 2002, Privacy Enhancing Technologies.

[12]  Nick Feamster,et al.  The Effect of DNS on Tor's Anonymity , 2016, NDSS.

[13]  Mohammad Saidur Rahman,et al.  Tik-Tok: The Utility of Packet Timing in Website Fingerprinting Attacks , 2019, Proc. Priv. Enhancing Technol..

[14]  Minlan Yu,et al.  SilkRoad: Making Stateful Layer-4 Load Balancing Fast and Cheap Using Switching ASICs , 2017, SIGCOMM.

[15]  Fan Yang,et al.  The QUIC Transport Protocol: Design and Internet-Scale Deployment , 2017, SIGCOMM.

[16]  Nick Feamster,et al.  SPINE: Surveillance Protection in the Network Elements , 2019, FOCI @ USENIX Security Symposium.

[17]  Hannes Federrath,et al.  Behavior-based tracking: Exploiting characteristic patterns in DNS traffic , 2013, Comput. Secur..

[18]  Carmela Troncoso,et al.  TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[19]  Hamed Haddadi,et al.  A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients , 2015, Proc. Priv. Enhancing Technol..

[20]  Martin Thomson,et al.  QUIC: A UDP-Based Multiplexed and Secure Transport , 2020, RFC.

[21]  Jan Rüth,et al.  A First Look at QUIC in the Wild , 2018, PAM.

[22]  Aditya Akella,et al.  Seeing through Network-Protocol Obfuscation , 2015, CCS.

[23]  Kouichi Sakurai,et al.  Analysis of Privacy Disclosure in DNS Query , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[24]  Mike Bishop,et al.  Hypertext Transfer Protocol Version 3 (HTTP/3) , 2020 .