PHI: Path-Hidden Lightweight Anonymity Protocol at Network Layer

Open access


We identify two vulnerabilities for existing highspeed network-layer anonymity protocols, such as LAP and Dovetail. First, the header formats of LAP and Dovetail leak path information, reducing the anonymity-set size when an adversary launches topological attacks. Second, ASes can launch session hijacking attacks to deanonymize destinations. HORNET addresses these problems but incurs additional bandwidth overhead and latency.

In this paper, we propose PHI, a Path-HIdden lightweight anonymity protocol that solves both challenges while maintaining the same level of efficiency as LAP and Dovetail. We present an efficient packet header format that hides path information and a new back-off setup method that is compatible with current and future network architectures. Our experiments demonstrate that PHI expands anonymity sets of LAP and Dovetail by over 30x and reaches 120 Gbps forwarding speed on a commodity software router.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] CAIDA AS-relationship dataset. data/as-relationships/.

  • [2] curve25519-donna.

  • [3] DPDK: Data Plane Development Kit.

  • [4] Global surveillance disclosures (2013-present).

  • [5] Intel AESNI Sample Library.

  • [6] The invisible internet project.

  • [7] iPlane dataset.

  • [8] JonDonym anonymous proxy servers.

  • [9] NSA collecting phone records of millions of verizon customers daily.

  • [10] RouteView project.

  • [11] Spirent TestCenter.

  • [12] The CAIDA UCSD Anonymized Internet Traces 2015 - equinix-chicago 2015-01-20.

  • [13] Tor metrics: Ddrect users by country. " Retrieved on Nov.3 2015.

  • [14] Tor project.

  • [15] B. Augustin X. Cuvellier B. Orgogozo F. Viger T. Friedman M. Latapy C. Magnien and R. Teixeira. Avoiding traceroute anomalies with Paris traceroute. In ACM IMC 2006.

  • [16] O. Berthold H. Federrath and S. Köpsell. Web mixes: A system for anonymous and unobservable internet access. In PETS 2001.

  • [17] S. Chakravarty M. V. Barbera G. Portokalidis M. Polychronakis and A. D. Keromytis. On the effectiveness of traffic analysis against anonymity networks using flow records. In PAM 2014.

  • [18] D. Chaum. The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of cryptology 1(1):65-75 1988.

  • [19] D. Chaum F. Javani A. Kate A. Krasnova J. de Ruiter and A. T. Sherman. cMix: Anonymization by highperformance scalable mixing. Technical report 2016.

  • [20] D. L. Chaum. Untraceable electronic mail return addresses and digital pseudonyms. Commun. ACM 24(2):84-88 Feb.1981.

  • [21] C. Chen D. E. Asoni D. Barrera G. Danezis and A. Perrig. HORNET: High-speed onion routing at the network layer. In ACM CCS 2015.

  • [22] G. Danezis. The traffic analysis of continuous-time mixes. In PETS 2004.

  • [23] G. Danezis C. Diaz C. Troncoso and B. Laurie. Drac: An architecture for anonymous low-volume communications. In PETS 2010.

  • [24] G. Danezis R. Dingledine and N. Mathewson. Mixminion: Design of a type III anonymous remailer protocol. In IEEE S&P 2003.

  • [25] G. Danezis and I. Goldberg. Sphinx: A compact and provably secure mix format. In IEEE S&P 2009.

  • [26] S. DiBenedetto P. Gasti G. Tsudik and E. Uzun. ANDaNA: Anonymous named data networking application. arXiv preprint arXiv:1112.2205 2011.

  • [27] R. Dingledine N. Mathewson and P. Syverson. Tor: The second-generation onion router. In USENIX Security 2004.

  • [28] R. Dingledine and S. J. Murdoch. Performance improvements on Tor or why Tor is slow and what we’re going to do about it. Online: 2009.

  • [29] M. J. Freedman and R. Morris. Tarzan: A peer-to-peer anonymizing network layer. In ACM CCS 2002.

  • [30] P. Godfrey I. Ganichev S. Shenker and I. Stoica. Pathlet routing. ACM SIGCOMM CCR 39(4):111-122 2009.

  • [31] C. Gülcü and G. Tsudik. Mixing email with babel. In NDSS 1996.

  • [32] N. Hopper E. Y. Vasserman and E. Chan-Tin. How much anonymity does network latency leak? ACM Transactions on Information and System Security 13(2) February 2010.

  • [33] A. Houmansadr N. Kiyavash and N. Borisov. RAINBOW: A robust and invisible non-blind watermark for network flows. In NDSS 2009.

  • [34] H. C. Hsiao T. H. J. Kim A. Perrig A. Yamada S. C. Nelson M. Gruteser and W. Meng. LAP: Lightweight anonymity and privacy. In IEEE Security & Privacy 2012.

  • [35] S. Le Blond D. Choffnes W. Caldwell P. Druschel and N. Merritt. Herd: A scalable traffic analysis resistant anonymity network for VoIP systems. In ACM SIGCOMM 2015.

  • [36] S. Le Blond D. Choffnes W. Zhou P. Druschel H. Ballani and P. Francis. Towards efficient traffic-analysis resistant anonymity networks. In ACM SIGCOMM 2013.

  • [37] V. Liu S. Han A. Krishnamurthy and T. Anderson. Tor instead of ip. In ACM HotNets 2011.

  • [38] P. Mahadevan D. Krioukov M. Fomenkov B. Huffaker X. Dimitropoulos k. claffy and A. Vahdat. The Internet AS-level topology: Three data sources and one definitive metric. ACM SIGCOMM CCR 36(1):17-26 Jan 2006.

  • [39] N. Mathewson and R. Dingledine. Practical traffic analysis: Extending and resisting statistical disclosure. In PETS 2005.

  • [40] P. Mittal A. Khurshid J. Juen M. Caesar and N. Borisov. Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting. In ACM CCS 2011.

  • [41] U. Möller L. Cottrell P. Palfrader and L. Sassaman. Mixmaster protocol (version 2). IETF Internet Draft July 2003.

  • [42] S. J. Murdoch and G. Danezis. Low-cost traffic analysis of Tor. In IEEE S&P 2005.

  • [43] L. Overlier and P. Syverson. Locating hidden servers. In IEEE S&P 2006.

  • [44] A. Pfitzmann and M. Köhntopp. Anonymity unobservability and pseudonymity - a proposal for terminology. In PETS 2001.

  • [45] Y. Rekhter and T. Li. A border gateway protocol 4 (BGP-4) 1995.

  • [46] J. Sankey and M. Wright. Dovetail: Stronger anonymity in next-generation internet routing. In PETS 2014.

  • [47] R. Sherwood B. Bhattacharjee and A. Srinivasan. P5: A protocol for scalable anonymous communication. In IEEE S&P 2002.

  • [48] D. I. Wolinsky H. Corrigan-Gibbs B. Ford and A. Johnson. Dissent in numbers: Making strong anonymity scale. In Usenix OSDI 2012.

  • [49] X. Yang D. Clark and A. W. Berger. NIRA: a new interdomain routing architecture. IEEE/ACM Transactions on Networking 15(4):775-788 2007.

  • [50] X. Zhang H.-C. Hsiao G. Hasker H. Chan A. Perrig and D. G. Andersen. SCION: Scalability control and isolation on next-generation networks. In IEEE S&P 2011.

Journal information
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 514 160 12
PDF Downloads 215 65 11