Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation

Open access


The peer-assisted CDN is a new content distribution paradigm supported by CDNs (e.g., Akamai), which enables clients to cache and distribute web content on behalf of a website. Peer-assisted CDNs bring significant bandwidth savings to website operators and reduce network latency for users. In this work, we show that the current designs of peer-assisted CDNs expose clients to privacy-invasive attacks, enabling one client to infer the set of browsed resources of another client. To alleviate this, we propose an anonymous peer-assisted CDN (APAC), which employs content delivery while providing initiator anonymity (i.e., hiding who sends the resource request) and responder anonymity (i.e., hiding who responds to the request) for peers. APAC can be a web service, compatible with current browsers and requiring no client-side changes. Our anonymity analysis shows that our APAC design can preserve a higher level of anonymity than state-of-the-art peer-assisted CDNs. In addition, our evaluation demonstrates that APAC can achieve desired performance gains.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Akamai. Accessed: 2015.

  • [2] Akamai netsession interface. Accessed: 2015.

  • [3] Bemtv. Accessed: 2015.

  • [4] Cloudflare. Accessed: 2015.

  • [5] crypto-js: Javascript implementations of standard and secure cryptographic algorithms. Accessed: 2015.

  • [6] The "data" url scheme. Accessed: 2015.

  • [7] Datagram transport layer security. Accessed: 2015.

  • [8] Freenet: The free network. Accessed: 2015.

  • [9] Geolocation api specification. Accessed: 2015.

  • [10] htop - an interactive process viewer for unix. Accessed: 2016.

  • [11] I2p: The invisible internet project. Accessed: 2015.

  • [12] iftop: display bandwidth usage on an interface. http://www.exparrot. com/pdw/iftop/. Accessed: 2016.

  • [13] Indexed database api. Accessed: 2015.

  • [14] Network address translation. Accessed: 2015.

  • [15] Octoshape. Accessed: 2015.

  • [16] P2psp. Accessed: 2015.

  • [17] Peercdn.

  • [18] The peerjs library. Accessed: 2015.

  • [19] Session traversal utilities for nat (stun). Accessed: 2015.

  • [20] Swarmify. Accessed: 2015.

  • [21] Tor: Hidden service protocol. Accessed: 2015.

  • [22] Total transfer size & total requests. Accessed: 2016.

  • [23] The transport layer security (tls) protocol. Accessed: 2015.

  • [24] Tribler. Accessed: 2015.

  • [25] Velocix. Accessed: 2014.

  • [26] Webrtc. Accessed: 2015.

  • [27] The weibull distribution. Accessed: 2015.

  • [28] Wireshark. Accessed: 2015.

  • [29] P. Aditya M. Zhao Y. Lin A. Haeberlen P. Druschel B. M. Maggs and B. Wishon. Reliable client accounting for p2pinfrastructure hybrids. In NSDI 2012.

  • [30] M. Akhoondi C. Yu and H. V. Madhyastha. Lastor: A lowlatency as-aware tor client. In IEEE S&P 2012.

  • [31] R. Annessi and M. Schmiedecker. Navigator: Finding faster paths to anonymity. In IEEE Euro S&P 2016.

  • [32] K. Bauer D. McCoy D. Grunwald and D. Sicker. Bitblender: Light-weight anonymity for bittorrent. In AIPACa 2008.

  • [33] P. Boucher A. Shostack and I. Goldberg. Freedom systems 2.0 architecture. Zero Knowledge Systems Inc 2000.

  • [34] J. Boyan. The anonymizer: Protecting user privacy on the web. Computer-Mediated Communication Magazine 1997.

  • [35] F. Burgstaller A. Derler S. Kern G. Schanner and A. Reiter. Anonymous communication in the browser via onion-routing.

  • [36] F. Cangialosi D. Levin and N. Spring. Ting: Measuring and exploiting latencies between all tor nodes. In IMC 2015.

  • [37] J. Daemen and V. Rijmen. The design of Rijndael: AES-the advanced encryption standard. 2002.

  • [38] G. Danezis R. Dingledine and N. Mathewson. Mixminion: Design of a type iii anonymous remailer protocol. In IEEE S&P 2003.

  • [39] G. Danezis C. Lesniewski-Laas M. F. Kaashoek and R. Anderson. Sybil-resistant dht routing. In ESORICS. 2005.

  • [40] C. Diaz S. Seys J. Claessens and B. Preneel. Towards measuring anonymity. In PET 2003.

  • [41] R. Dingledine N. Mathewson and P. F. Syverson. Tor: The second-generation onion router. In USENIX Security 2004.

  • [42] J. R. Douceur. The sybil attack. In Peer-to-peer Systems. 2002.

  • [43] M. El Dick E. Pacitti and B. Kemme. Flower-cdn: a hybrid p2p overlay for efficient query processing in cdn. In EDBT 2009.

  • [44] M. J. Freedman. Experiences with coralcdn: A five-year operational view. In NSDI 2010.

  • [45] M. J. Freedman E. Freudenthal and D. Mazières. Democratizing content publication with coral. In NSDI 2004.

  • [46] M. J. Freedman and R. Morris. Tarzan: A peer-to-peer anonymizing network layer. In CCS 2002.

  • [47] Y. Gao L. Deng A. Kuzmanovic and Y. Chen. Internet cache pollution attacks and countermeasures. In ICNP 2006.

  • [48] C. Huang A. Wang J. Li and K. W. Ross. Understanding hybrid cdn-p2p: why limelight needs its own red swoosh. In NOSSDAV 2008.

  • [49] T. Isdal M. Piatek A. Krishnamurthy and T. Anderson. Privacy-preserving p2p data sharing with oneswarm. In CCR 2010.

  • [50] S. Iyer A. Rowstron and P. Druschel. Squirrel: A decentralized peer-to-peer web cache. In PODC 2002.

  • [51] Y. Jia Y. Chen X. Dong P. Saxena J. Mao and Z. Liang. Man-in-the-browser-cache: Persisting https attacks via browser cache poisoning. Computers & Security 2015.

  • [52] Y. Jia X. Dong Z. Liang and P. Saxena. I know where you’ve been: Geo-inference attacks via the browser cache. IEEE Internet Computing 2014.

  • [53] T. Karagiannis P. Rodriguez and K. Papagiannaki. Should internet service providers fear peer-assisted content distribution? In SIGCOMM 2005.

  • [54] S. Le Blond A. Uritesc C. Gilbert Z. L. Chua P. Saxena and E. Kirda. A look at targeted attacks through the lense of an ngo. In USENIX Security 2014.

  • [55] C. Liu R. W. White and S. Dumais. Understanding web browsing behaviors through weibull analysis of dwell time. In SIGIR 2010.

  • [56] A. Mislove G. Oberoi A. Post C. Reis P. Druschel and D. S. Wallach. Ap3: Cooperative decentralized anonymous communication. In SIGOPS European Workshop 2004.

  • [57] P. Mittal and N. Borisov. Shadowwalker: peer-to-peer anonymous communication using redundant structured topologies. In CCS 2009.

  • [58] P. Mittal F. Olumofin C. Troncoso N. Borisov and I. Goldberg. Pir-tor: scalable anonymous communication using private information retrieval. In USENIX Security 2011.

  • [59] P. Mittal M. Wright and N. Borisov. Pisces: Anonymous communication using social networks. In NDSS 2012.

  • [60] U. Möller L. Cottrell P. Palfrader and L. Sassaman. Mixmaster protocol-version 2. 2003.

  • [61] G. Nakibly J. Schcolnik and Y. Rubin. Website-targeted false content injection by network operators. arXiv preprint arXiv:1602.07128 2016.

  • [62] A. Nambiar and M. Wright. Salsa: a structured approach to large-scale anonymity. In CCS 2006.

  • [63] T. Peng C. Leckie and K. Ramamohanarao. Survey of network-based defense mechanisms countering the dos and ddos problems. CSUR 2007.

  • [64] M. G. Reed P. F. Syverson and D. M. Goldschlag. Anonymous connections and onion routing. J-SAC 1998.

  • [65] M. K. Reiter and A. D. Rubin. Crowds: Anonymity for web transactions. TISSEC 1998.

  • [66] M. Rennhard and B. Plattner. Introducing morphmix: peer-topeer based anonymous internet usage with collusion detection. In WPES 2002.

  • [67] V. Scarlata B. N. Levine and C. Shields. Responder anonymity and anonymous peer-to-peer file sharing. In ICNP 2001.

  • [68] D. Stutzbach and R. Rejaie. Understanding churn in peer-topeer networks. In Proceedings of the 6th ACM SIGCOMM conference on Internet measurement pages 189-202. ACM 2006.

  • [69] J. Terrace H. Laidlaw H. E. Liu S. Stern and M. J. Freedman. Bringing p2p to the web: Security and privacy in the firecoral network. In IPTPS 2009.

  • [70] L. Vu I. Gupta K. Nahrstedt and J. Liang. Understanding overlay characteristics of a large-scale peer-to-peer iptv system. TOMCCAP 2010.

  • [71] T. Wang K. Bauer C. Forero and I. Goldberg. Congestionaware path selection for tor. In FC. 2012.

  • [72] G. Wondracek T. Holz E. Kirda and C. Kruegel. A practical attack to de-anonymize social network users. In IEEE S&P 2010.

  • [73] H. Yin X. Liu T. Zhan V. Sekar F. Qiu C. Lin H. Zhang and B. Li. Design and deployment of a hybrid cdn-p2p system for live video streaming: experiences with livesky. In MM 2009.

  • [74] H. Yu C. Shi M. Kaminsky P. B. Gibbons and F. Xiao. Dsybil: Optimal sybil-resistance for recommendation systems. In IEEE S&P 2009.

  • [75] J. Zhang H. Duan W. Liu and J. Wu. Anonymity analysis of p2p anonymous communication systems. Computer Communications 2011.

  • [76] L. Zhang F. Zhou A. Mislove and R. Sundaram. Maygh: Building a cdn from client web browsers. In EuroSys 2013.

  • [77] M. Zhao P. Aditya A. Chen Y. Lin A. Haeberlen P. Druschel B. Maggs B. Wishon and M. Ponec. Peer-assisted content distribution in akamai netsession. In IMC 2013.

Journal information
Cited By
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 484 237 5
PDF Downloads 133 63 1