MorphIT: Morphing Packet Reports for Internet Transparency

Georgia Fragkouli 1 , Katerina Argyraki 1 , and Bryan Ford 1
  • 1 EPFL,


Can we improve Internet transparency without worsening user anonymity? For a long time, researchers have been proposing transparency systems, where traffic reports produced at strategic network points help assess network behavior and verify service-level agreements or neutrality compliance. However, such reports necessarily reveal when certain traffic appeared at a certain network point, and this information could, in principle, be used to compromise low-latency anonymity networks like Tor. In this paper, we examine whether more Internet transparency necessarily means less anonymity. We start from the information that a basic transparency solution would publish about a network and study how that would impact the anonymity of the network’s users. Then we study how to change, in real time, the time granularity of traffic reports in order to preserve both user anonymity and report utility. We evaluate with real and synthetic data and show that our algorithm can offer a good anonymity/utility balance, even in adversarial scenarios where aggregates consist of very few flows.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [2] CAIDA Traces.

  • [4] Comcast vs. Netflix: Is this really about Net neutrality?

  • [6] Tor: Anonymity Online.

  • [7] Mohammad Alaggan, Mathieu Cunche, and Sébastien Gambs. Privacy-preserving Wi-Fi Analytics. Proceedings on Privacy Enhancing Technologies, 2018(2):4–26, 2018.

  • [8] David G Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, and Scott Shenker. Accountable internet protocol (aip). In ACM SIGCOMM Computer Communication Review, volume 38, pages 339–350. ACM, 2008.

  • [9] Katerina Argyraki, Petros Maniatis, David Cheriton, and Scott Shenker. Providing packet obituaries. In ACM HotNets-III, 2004.

  • [10] Katerina Argyraki, Petros Maniatis, Olga Irzak, Subramanian Ashish, and Scott Shenker. Loss and delay accountability for the Internet. In 2007 IEEE International Conference on Network Protocols(ICNP), pages 194–205. IEEE, 2007.

  • [11] Katerina Argyraki, Petros Maniatis, and Ankit Singla. Verifiable network-performance measurements. In Proceedings of the 6th International COnference, Co-NEXT ’10, pages 1:1–1:12, New York, NY, USA, 2010. ACM.

  • [12] Boaz Barak, Sharon Goldberg, and David Xiao. Protocols and lower bounds for failure localization in the Internet. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 341–360. Springer, 2008.

  • [13] Martin Burkhart, Mario Strasser, Dilip Many, and Xenofontas Dimitropoulos. Sepia: Privacy-preserving aggregation of multi-domain network events and statistics. In Proceedings of the 19th USENIX Conference on Security, USENIX Security’10, pages 15–15, Berkeley, CA, USA, 2010. USENIX Association.

  • [14] Sambuddho Chakravarty, Marco V Barbera, Georgios Portokalidis, Michalis Polychronakis, and Angelos D Keromytis. On the effectiveness of traffic analysis against anonymity networks using flow records. In International conference on passive and active network measurement, pages 247–257. Springer, 2014.

  • [15] Ruichuan Chen, Alexey Reznichenko, Paul Francis, and Johanes Gehrke. Towards statistical queries over distributed private user data. In Presented as part of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12), pages 169–182, San Jose, CA, 2012. USENIX.

  • [16] David Clark. The design philosophy of the DARPA Internet protocols. ACM SIGCOMM Computer Communication Review, 18(4):106–114, 1988.

  • [17] George Danezis. The traffic analysis of continuous-time mixes. In International Workshop on Privacy Enhancing Technologies, pages 35–50. Springer, 2004.

  • [18] Goulet David, Johnson Aaron, Kadianakis George, and Loesing Karsten. Hidden-service statistics reported by relays. Tech. rep., The Tor Project, Inc., 2015.

  • [19] Cynthia Dwork, Krishnaram Kenthapadi, Frank McSherry, Ilya Mironov, and Moni Naor. Our data, ourselves: Privacy via distributed noise generation. In Advances in Cryptology (EUROCRYPT 2006), volume 4004, page 486–503, Saint Petersburg, Russia, May 2006. Springer Verlag.

  • [20] Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. Calibrating noise to sensitivity in private data analysis. In Theory of Cryptography Conference, pages 265–284. Springer, 2006.

  • [21] Cynthia Dwork, Moni Naor, Toniann Pitassi, Guy Rothblum, and Sergey Yekhanin. Pan-private streaming algorithms. In Proceedings of The First Symposium on Innovations in Computer Science (ICS 2010). Tsinghua University Press, January 2010.

  • [22] Tariq Elahi, George Danezis, and Ian Goldberg. PrivEx: Private Collection of Traffic Statistics for Anonymous Communication Networks. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14, pages 1068–1079, New York, NY, USA, 2014. ACM.

  • [23] Úlfar Erlingsson, Vasyl Pihur, and Aleksandra Korolova. Rappor: Randomized aggregatable privacy-preserving ordinal response. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14, pages 1054–1067, New York, NY, USA, 2014. ACM.

  • [24] Sharon Goldberg, David Xiao, Eran Tromer, Boaz Barak, and Jennifer Rexford. Path-quality monitoring in the presence of adversaries. In Proceedings of the 2008 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS ’08, pages 193–204, New York, NY, USA, 2008. ACM.

  • [25] Amir Houmansadr and Nikita Borisov. The need for flow fingerprints to link correlated network flows. In International Symposium on Privacy Enhancing Technologies Symposium, pages 205–224. Springer, 2013.

  • [26] Rob Jansen and Aaron Johnson. Safely Measuring Tor. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, pages 1553–1567, New York, NY, USA, 2016. ACM.

  • [27] Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul Syverson. Users get routed: Traffic correlation on tor by realistic adversaries. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pages 337–348. ACM, 2013.

  • [28] Thomas Karagiannis, Mart Molle, Michalis Faloutsos, and Andre Broido. A nonstationary Poisson view of Internet traffic. In INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies, volume 3, pages 1558–1569. IEEE, 2004.

  • [29] Stevens Le Blond, David Choffnes, Wenxuan Zhou, Peter Druschel, Hitesh Ballani, and Paul Francis. Towards efficient traffic-analysis resistant anonymity networks. In ACM SIGCOMM Computer Communication Review, volume 43, pages 303–314. ACM, 2013.

  • [30] Frank D McSherry. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In Proceedings of the 2009 ACM SIGMOD International Conference on Management of data, pages 19–30. ACM, 2009.

  • [31] Steven J Murdoch and Piotr Zieliński. Sampled traffic analysis by internet-exchange-level adversaries. In International Workshop on Privacy Enhancing Technologies, pages 167–183. Springer, 2007.

  • [32] David Naylor, Matthew K Mukerjee, and Peter Steenkiste. Balancing accountability and privacy in the network. In ACM SIGCOMM Computer Communication Review, volume 44, pages 75–86. ACM, 2014.

  • [33] Andreas Pfitzmann and Marit Köhntopp. Anonymity, unobservability, and pseudonymity – a proposal for terminology. In Designing privacy enhancing technologies, pages 1–9. Springer, 2001.

  • [34] Vibhor Rastogi and Suman Nath. Differentially private aggregation of distributed time-series with transformation and encryption. In Proceedings of the 2010 ACM SIGMOD International Conference on Management of data, pages 735–746. ACM, 2010.

  • [35] Vitaly Shmatikov and Ming-Hsiu Wang. Timing analysis in low-latency mix networks: Attacks and defenses. In European Symposium on Research in Computer Security, pages 18–33. Springer, 2006.

  • [36] Charles V Wright, Scott E Coull, and Fabian Monrose. Traffic morphing: An efficient defense against statistical traffic analysis. In NDSS, volume 9, 2009.

  • [37] Andrew C Yao. Protocols for secure computations. In Foundations of Computer Science, 1982. SFCS’08. 23rd Annual Symposium on, pages 160–164. IEEE, 1982.

  • [38] Xin Zhang, Hsu-Chun Hsiao, Geoffrey Hasker, Haowen Chan, Adrian Perrig, and David G Andersen. SCION: Scalability, control, and isolation on next-generation networks. In Security and Privacy (SP), 2011 IEEE Symposium on, pages 212–227. IEEE, 2011.

  • [39] Xin Zhang, Abhishek Jain, and Adrian Perrig. Packet-dropping adversary identification for data plane security. In Proceedings of the 2008 ACM CoNEXT Conference, CoNEXT ’08, pages 24:1–24:12, New York, NY, USA, 2008. ACM.

  • [40] Xin Zhang, Chang Lan, and Adrian Perrig. Secure and scalable fault localization under dynamic traffic patterns. In Security and Privacy (SP), 2012 IEEE Symposium on, pages 317–331. IEEE, 2012.

  • [41] Xin Zhang, Zongwei Zhou, Hsu-Chun Hsiao, Tiffany Hyun-Jin Kim, Adrian Perrig, and Patrick Tague. Shortmac: Efficient data-plane fault localization. In NDSS, 2012.


Journal + Issues