research-article

NISAN: network information service for anonymization networks

Authors:

Andriy Panchenko,

Stefan Richter,

Arne RacheAuthors Info & Claims

CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Pages 141 - 150

https://doi.org/10.1145/1653662.1653681

Published: 09 November 2009 Publication History

Abstract

Network information distribution is a fundamental service for any anonymization network. Even though anonymization and information distribution about the network are two orthogonal issues, the design of the distribution service has a direct impact on the anonymization. Requiring each node to know about all other nodes in the network (as in Tor and AN.ON -- the most popular anonymization networks) limits scalability and offers a playground for intersection attacks. The distributed designs existing so far fail to meet security requirements and have therefore not been accepted in real networks.

In this paper, we combine probabilistic analysis and simulation to explore DHT-based approaches for distributing network information in anonymization networks. Based on our findings we introduce NISAN, a novel approach that tries to scalably overcome known security problems. It allows for selecting nodes uniformly at random from the full set of all available peers, while each of the nodes has only limited knowledge about the network. We show that our scheme has properties similar to a centralized directory in terms of preventing malicious nodes from biasing the path selection. This is done, however, without requiring to trust any third party. At the same time our approach provides high scalability and adequate performance. Additionally, we analyze different design choices and come up with diverse proposals depending on the attacker model. The proposed combination of security, scalability, and simplicity, to the best of our knowledge, is not available in any other existing network information distribution system.

References

[1]

B. Awerbuch and C. Scheideler. Towards a scalable and robust DHT. In SPAA '06: Proceedings of the eighteenth annual ACM symposium on parallelism in algorithms and architectures, pages 318--327, New York, NY, USA, 2006. ACM.

Digital Library

[2]

I. Baumgart and S. Mies. S/Kademlia: A practicable approach towards secure key-based routing. In Proceedings of the 13th International Conference on Parallel and Distributed Systems (ICPADS '07), Hsinchu, Taiwan, volume 2, Dec. 2007.

Digital Library

[3]

O. Berthold, H. Federrath, and S. Köpsell. Web MIXes: A system for anonymous and unobservable Internet access. In H. Federrath, editor, Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, pages 115--129. Springer-Verlag, LNCS 2009, Jul 2000.

Digital Library

[4]

N. Borisov, G. Danezis, P. Mittal, and P. Tabriz. Denial of service or denial of security? In CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, pages 92--102, New York, NY, USA, 2007. ACM.

Digital Library

[5]

M. Castro, P. Druschel, A. J. Ganesh, A. I. T. Rowstron, and D. S. Wallach. Secure routing for structured peer-to-peer overlay networks. In Symposium on Operating Systems Design and Implementation (OSDI 02), Boston, MA, USA, December 2002.

Digital Library

[6]

G. Danezis and P. Syverson. Bridging and fingerprinting: Epistemic attacks on route selection. In N. Borisov and I. Goldberg, editors, Proceedings of the Eighth International Symposium on Privacy Enhancing Technologies (PETS 2008), pages 151--166, Leuven, Belgium, July 2008. Springer.

Digital Library

[7]

R. Dingledine and N. Mathewson. Tor Directory Protocol Specification. https://www.torproject.org/svn/trunk/doc/spec/dir-spec.txt.

[8]

R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium, 2004.

Digital Library

[9]

M. J. Freedman and R. Morris. Tarzan: A peer-to-peer anonymizing network layer. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), Washington, DC, November 2002.

Digital Library

[10]

A. Kapadia and N. Triandopoulos. Halo: High-assurance locate for distributed hash tables. In NDSS. The Internet Society, 2008.

[11]

C. Lesniewski-Laas. A sybil-proof one-hop DHT. In Workshop on Social Network Systems, Glasgow, Scotland, April 2008.

Digital Library

[12]

G. S. Manku, M. Naor, and U. Wieder. Know thy neighbor's neighbor: the power of lookahead in randomized p2p networks. In In Proceedings of the 36th ACM Symposium on Theory of Computing (STOC), pages 54--63, 2004.

Digital Library

[13]

P. Maymounkov and D. Mazieres. Kademlia: A Peer-to-Peer Information System Based on the XOR Metric. 2002.

Digital Library

[14]

A. Mislove, G. Oberoi, A. Post, C. Reis, and P. Druschel. AP3: Cooperative, decentralized anonymous communication. In In Proc. of SIGOPS European Workshop, 2004.

Digital Library

[15]

P. Mittal and N. Borisov. Information leaks in structured peer-to-peer anonymous communication systems. In P. Syverson, S. Jha, and X. Zhang, editors, Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS 2008), pages 267--278, Alexandria, Virginia, USA, October 2008. ACM Press.

Digital Library

[16]

R. Morris, D. Karger, F. Kaashoek, and H. Balakrishnan. Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications. In ACM SIGCOMM 2001, San Diego, CA, September 2001.

Digital Library

[17]

A. Nambiar and M. Wright. Salsa: A structured approach to large-scale anonymity. In Proceedings of ACM CCS 2006, Alexandria, VA, USA, October 2006. ACM Press.

Digital Library

[18]

P. Palfrader. Number of running tor routers. http://www.noreply.org/tor-running-routers/.

[19]

A. Panchenko, B. Westermann, L. Pimenidis, and C. Andersson. Shalon: Lightweight anonymization based on open standards. In Proceedings of the 19th International Conference on Computer Communications and Networks (IEEE ICCCN 2009), San Francisco, CA, USA, August 2009. IEEE Press.

Digital Library

[20]

M. Rennhard and B. Plattner. Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2002), Washington, DC, USA, November 2002.

Digital Library

[21]

A. Singh, T.-W. Ngan, P. Druschel, and D. S. Wallach. Eclipse attacks on overlay networks: Threats and defenses. In INFOCOM. IEEE, 2006.

[22]

DP. F. Syverson, D. M. Goldschlag, and M. G. Reed. Anonymous connections and onion routing. In Proceedings of the IEEE Symposium on Security and Privacy, pages 44--54, Oakland, California, USA, 1997. IEEE Computer Society.

Digital Library

[23]

P. Tabriz and N. Borisov. Breaking the collusion detection mechanism of morphmix. In G. Danezis and P. Golle, editors, Proceedings of the Sixth Workshop on Privacy Enhancing Technologies (PET 2006), pages 368--384, Cambridge, UK, June 2006. Springer.

Digital Library

[24]

Tor Documentation. https://www.torproject.org/documentation.html.

[25]

B. Westermann, A. Panchenko, and L. Pimenidis. A kademlia-based node lookup system for anonymization networks. In Advances in Information Security and Assurance: Proceedings of the Third International Conference on Information Security and Assurance (ISA 2009), volume 5576 of LNCS, pages 179--189, Seoul, South Korea, Jun 2009. Springer.

Digital Library

Cited By

Kocaoğullar CHugenroth DKleppmann MBeresford A(2024)Pudding: Private User Discovery in Anonymity Networks2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00167(3203-3220)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00167
Panchenko AMitseva AKnabe S(2021)WhisperChord: Scalable and Secure Node Discovery for Overlay Networks2021 IEEE 46th Conference on Local Computer Networks (LCN)10.1109/LCN52139.2021.9525008(170-177)Online publication date: 4-Oct-2021
https://doi.org/10.1109/LCN52139.2021.9525008
Panchenko AMitseva AZiemann THering T(2021)GuardedGossip: Secure and Anonymous Node Discovery in Untrustworthy NetworksSecurity and Privacy in Communication Networks10.1007/978-3-030-90019-9_7(123-143)Online publication date: 3-Nov-2021
https://doi.org/10.1007/978-3-030-90019-9_7
Show More Cited By

Index Terms

NISAN: network information service for anonymization networks
1. Computer systems organization
  1. Architectures
    1. Distributed architectures
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles

Recommendations

Study on Privacy Protection and Anonymous Communication in Peer-to-Peer Networks
MINES '09: Proceedings of the 2009 International Conference on Multimedia Information Networking and Security - Volume 02

While encrypting communication can hide the content of the transaction, the attacker still can invade the users' privacy by flow analysis. Anonymous communication technology is an important method to protect users' privacy. By hiding the participators' ...
How to Find Hidden Users: A Survey of Attacks on Anonymity Networks
Communication privacy has been a growing concern, particularly with the Internet becoming a major hub of our daily interactions. Revelations of government tracking and corporate profiling have resulted in increasing interest in anonymous communication ...
P⁵: a protocol for scalable anonymous communication

We present a protocol for anonymous communication over the Internet. Our protocol, called P⁵ (Peer-to-Peer Personal Privacy Protocol) provides sender-, receiver-, and sender-receiver anonymity. P⁵ is designed to be implemented over the current Internet ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

November 2009

664 pages

ISBN:9781605588940

DOI:10.1145/1653662

General Chair:
Ehab Al-Shaer
University of North Carolina, Charlotte, USA
,
Program Chairs:
Somesh Jha
University of Wisconsin, USA
,
Angelos D. Keromytis
Columbia University, USA and Symantec Research Labs Europe, France

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '09

Sponsor:

SIGSAC

CCS '09: 16th ACM Conference on Computer and Communications Security 2009

November 9 - 13, 2009

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
537
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kocaoğullar CHugenroth DKleppmann MBeresford A(2024)Pudding: Private User Discovery in Anonymity Networks2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00167(3203-3220)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00167
Panchenko AMitseva AKnabe S(2021)WhisperChord: Scalable and Secure Node Discovery for Overlay Networks2021 IEEE 46th Conference on Local Computer Networks (LCN)10.1109/LCN52139.2021.9525008(170-177)Online publication date: 4-Oct-2021
https://doi.org/10.1109/LCN52139.2021.9525008
Panchenko AMitseva AZiemann THering T(2021)GuardedGossip: Secure and Anonymous Node Discovery in Untrustworthy NetworksSecurity and Privacy in Communication Networks10.1007/978-3-030-90019-9_7(123-143)Online publication date: 3-Nov-2021
https://doi.org/10.1007/978-3-030-90019-9_7
Sasy SGoldberg I(2019)ConsenSGX: Scaling Anonymous Communications Networks with Trusted Execution EnvironmentsProceedings on Privacy Enhancing Technologies10.2478/popets-2019-00502019:3(331-349)Online publication date: 12-Jul-2019
https://doi.org/10.2478/popets-2019-0050
Shirazi FSimeonovski MAsghar MBackes MDiaz C(2018)A Survey on Routing in Anonymous Communication ProtocolsACM Computing Surveys10.1145/318265851:3(1-39)Online publication date: 12-Jun-2018
https://dl.acm.org/doi/10.1145/3182658
Kollmann SBeresford A(2017)The Cost of Push Notifications for Smartphones Using Tor Hidden Services2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW.2017.55(76-85)Online publication date: Apr-2017
https://doi.org/10.1109/EuroSPW.2017.55
Roos SStrufe T(2016)Dealing with Dead EndsACM Transactions on Modeling and Performance Evaluation of Computing Systems10.1145/28097791:1(1-30)Online publication date: 22-Feb-2016
https://dl.acm.org/doi/10.1145/2809779
Palmieri P(2016)Anonymity networks and access to information during conflicts: Towards a distributed network organisation2016 8th International Conference on Cyber Conflict (CyCon)10.1109/CYCON.2016.7529439(263-275)Online publication date: May-2016
https://doi.org/10.1109/CYCON.2016.7529439
Roos SPlatzer FHeller JStrufe T(2015)Inferring obfuscated values in Freenet2015 International Conference and Workshops on Networked Systems (NetSys)10.1109/NetSys.2015.7089062(1-8)Online publication date: Mar-2015
https://doi.org/10.1109/NetSys.2015.7089062
Akavipat RAl-Ameen MKapadia ARahman ZSchlegel RWright M(2014)ReDSIEEE Transactions on Parallel and Distributed Systems10.1109/TPDS.2013.23125:2(321-331)Online publication date: 1-Feb-2014
https://dl.acm.org/doi/10.1109/TPDS.2013.231
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents