Infrastructure-based Anonymous Communication Protocols in Future Internet Architectures
2018-10-17T16:26:46Z (GMT) by
User anonymity faces increasing threats from private companies, network service providers, and governmental<br>surveillance programs. Current anonymous communication systems running as overlay networks offer neither satisfactory performance to support diverse Internet applications nor strong security guarantees. As Future Internet Architectures emerge and propose to equip routers with cryptographic operations, this thesis aims to answer the question: what level of security guarantee and performance can anonymous communication system offer if designed as a service of the network infrastructure?<br>This thesis thus presents three scalable and highly efficient infrastructure-based anonymous communication<br>systems, HORNET, PHI, and TARANET, defeating adversaries ranging from a single malicious<br>Internet Service Provider to governments conducting mass surveillance. Our contributions are summarized<br>below:<br>1. We present HORNET, a low-latency onion routing system that operates at the network layer thus<br>enabling a wide range of applications. HORNET uses only symmetric cryptography for data forwarding<br>and requires no per-flow state on intermediate routers to achieve high scalability. This<br>design enables HORNET routers implemented on off-the-shelf workstation to process anonymous<br>traffic at over 93 Gb/s.<br>2. We propose PHI, a Path-HIdden lightweight anonymity protocol that fixes two vulnerabilities of<br>LAP and Dovetail. We present an efficient packet header format that hides path information and a<br>new back-off setup method that is compatible with current and future network architectures. Our<br>experiments demonstrate that PHI expands anonymity sets of LAP and Dovetail by over 30x and<br>reaches 120 Gb/s forwarding speed on a commodity software router.<br>3. We propose TARANET, an anonymity system that implements protection against traffic analysis<br>at the network layer, and limits the incurred latency and overhead. In TARANET’s setup phase,<br>traffic analysis is thwarted by mixing. In the data transmission phase, end hosts and Autonomous<br>Systems coordinate to shape traffic into constant-rate transmission using packet splitting. Our prototype<br>implementation shows that TARANET can forward anonymous traffic at over 50 Gb/s using<br>commodity hardware.<br>In summary, this thesis demonstrates that it is not only viable but also beneficial to build infrastructurebased<br>anonymous communication systems. The proposed schemes achieve a new level of scalability and<br>performance and characterize a general trade-off between anonymity guarantees and performance that<br>guides future infrastructure-based anonymous communication system designs.