Hybrid Routing: Towards Resilient Routing in Anonymous Communication Networks

Anonymous communication networks (ACNs) are intended to protect the metadata during communication. As classic ACNs, onion mix-nets are famous for strong anonymity, in which the source defines a static path and wraps the message multi-times with the public keys of nodes on the path, through which the message is relayed to the destination. However, onion mix-nets lacks in resilience when the static on-path mixes fail. Mix failure easily results in message loss, communication failure, and even specific attacks. Therefore, it is desirable to achieve resilient routing in onion mix-nets, providing persistent routing capability even though node failure. The state-of-theart solutions mainly adopt mix groups and thus need to share secret keys among all the group members which may cause single point of failure. To address this problem, in this work we propose a hybrid routing approach, which embeds the onion mix-net with hop-by-hop routing to increase routing resilience. Furthermore, we propose the threshold hybrid routing to achieve better key management and avoid single point of failure. As for experimental evaluations, we conduct quantitative analysis of the resilience and realize a local T-hybrid routing prototype to test performance. The experimental results show that our proposed routing strategy increases routing resilience effectively, at the expense of acceptable latency.

[1]  Xiaogang Wang,et al.  A Resilient P2P Anonymous Routing Approach Employing Collaboration Scheme , 2009, J. Univers. Comput. Sci..

[2]  Yiming Hu,et al.  Making Peer-to-Peer Anonymous Routing Resilient to Failures , 2007, 2007 IEEE International Parallel and Distributed Processing Symposium.

[3]  Ilsun You,et al.  ePASS: An expressive attribute-based signature scheme with privacy and an unforgeability guarantee for the Internet of Things , 2014, Future Gener. Comput. Syst..

[4]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[5]  Xiaodong Lin,et al.  An Efficient Pseudonymous Authentication Scheme With Strong Privacy Preservation for Vehicular Communications , 2010, IEEE Transactions on Vehicular Technology.

[6]  Nickolai Zeldovich,et al.  Stadium: A Distributed Metadata-Private Messaging System , 2017, IACR Cryptol. ePrint Arch..

[7]  Peng Liu,et al.  A Node-failure-resilient Anonymous Communication Protocol through Commutative Path Hopping , 2010, 2010 Proceedings IEEE INFOCOM.

[8]  George Danezis,et al.  Denial of service or denial of security? , 2007, CCS '07.

[9]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[10]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[11]  Jan Camenisch,et al.  A Formal Treatment of Onion Routing , 2005, CRYPTO.

[12]  George Danezis,et al.  Sphinx: A Compact and Provably Secure Mix Format , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[13]  Nickolai Zeldovich,et al.  Vuvuzela: scalable private messaging resistant to traffic analysis , 2015, SOSP.

[14]  George Danezis,et al.  The Loopix Anonymity System , 2017, USENIX Security Symposium.

[15]  George Danezis,et al.  Route Fingerprinting in Anonymous Communications , 2006, Sixth IEEE International Conference on Peer-to-Peer Computing (P2P'06).

[16]  Stephen Farrell,et al.  Pervasive Monitoring Is an Attack , 2014, RFC.

[17]  Ari Juels,et al.  Parallel mixing , 2004, CCS '04.

[18]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[19]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, Journal of Cryptology.

[20]  Dan Boneh,et al.  Chosen Ciphertext Secure Public Key Threshold Encryption Without Random Oracles , 2006, CT-RSA.

[21]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[22]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[23]  George Danezis,et al.  Statistical Disclosure or Intersection Attacks on Anonymity Systems , 2004, Information Hiding.

[24]  Claudia Díaz,et al.  Towards Measuring Resilience in Anonymous Communication Networks , 2015, WPES@CCS.

[25]  Jens Groth,et al.  Efficient Zero-Knowledge Argument for Correctness of a Shuffle , 2012, EUROCRYPT.

[26]  Antony I. T. Rowstron,et al.  Cashmere: resilient anonymous routing , 2005, NSDI.

[27]  George Danezis Breaking four mix-related schemes based on Universal Re-encryption , 2007, International Journal of Information Security.

[28]  Roger Dingledine,et al.  From a Trickle to a Flood: Active Attacks on Several Mix Types , 2002, Information Hiding.