research-article

HORNET: High-speed Onion Routing at the Network Layer

Authors:

Daniele E. Asoni,

George Danezis,

Adrain PerrigAuthors Info & Claims

CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Pages 1441 - 1454

https://doi.org/10.1145/2810103.2813628

Published: 12 October 2015 Publication History

Abstract

We present HORNET, a system that enables high-speed end-to-end anonymous channels by leveraging next-generation network architectures. HORNET is designed as a low-latency onion routing system that operates at the network layer thus enabling a wide range of applications. Our system uses only symmetric cryptography for data forwarding yet requires no per-flow state on intermediate routers. This design enables HORNET routers implemented on off-the-shelf hardware to process anonymous traffic at over 93 Gb/s. HORNET is also highly scalable, adding minimal processing overhead per additional anonymous channel.

References

[1]

Cisco ASR-1000. http://www.cisco.com/c/en/us/products/routers/. Retrieved on 2015.04.28.

[2]

Cisco routers. http://www.cisco.com/c/en/us/products/routers. Retrieved on 2015.08.05.

[3]

curve25519-donna. https://code.google.com/p/curve25519-donna/. Retrieved on 2014.12.13.

[4]

DPDK: Data plane development kit. http://dpdk.org/. Retrieved on 2014.12.23.

[5]

Intel AESNI sample library. https://software.intel.com/en-us/articles/download-the-intel-aesni-sample-library. Retrieved on 2014.12.13.

[6]

iPlane dataset. http://iplane.cs.washington.edu/data/data.html. Traceroute data was generated on October 12, 2014.

[7]

NSA targets the privacy-conscious. http://daserste:ndr.de/panorama/aktuell/NSA-targets-the-privacy-conscious;nsa230.html. Retrieved on 2015.05.13.

[8]

PolarSSL. https://polarssl.org/. Retrieved on 2014.12.13.

[9]

Segment routing architecture (IETF draft). https://datatracker.ietf.org/doc/draft-ietf-spring-segment-routing/. Retrieved on 2015.05.13.

[10]

Spirent TestCenter. http://www.spirent.com/Ethernet_Testing/Software/TestCenter. Retrieved on 2014.12.23.

[11]

Tor metrics. https://metrics.torproject.org. Retrieved on 2015.05.13.

[12]

David Barrera, Raphael M. Reischuk, Pawel Szalachowski, and Adrian Perrig. SCION Five Years Later: Revisiting Scalability, Control, and Isolation on Next-Generation Networks. arXiv/1508.01651, August 2015.

[13]

Kevin Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker. Low-resource routing attacks against tor. In ACM WPES, 2007.

Digital Library

[14]

Philippe Boucher, Adam Shostack, and Ian Goldberg. Freedom systems 2.0 architecture, 2000. White paper, Zero Knowledge Systems, Inc.

[15]

Zach Brown. Cebolla: Pragmatic IP anonymity. In Ottawa Linux Symposium, 2002.

[16]

R. Bush and R. Austein. The resource public key infrastructure (RPKI) to router protocol. IETF RFC 6810.

[17]

Jan Camenisch and Anna Lysyanskaya. A formal treatment of onion routing. In CRYPTO, 2005.

Digital Library

[18]

David L. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2), 1981.

Digital Library

[19]

Chen Chen, Daniele Enrico Asoni, David Barrera, George Danezis, and Adrian Perrig. HORNET: High-speed Onion Routing at the Network Layer. arXiv/1507.05724, July 2015.

[20]

Benny Chor, Oded Goldreich, Eyal Kushilevitz, and Madhu Sudan. Private information retrieval. Journal of the ACM, 45(6), 1998.

Digital Library

[21]

George Danezis, Roger Dingledine, and Nick Mathewson. Mixminion: Design of a type III anonymous remailer protocol. In IEEE S&P, 2003.

Digital Library

[22]

George Danezis and Ian Goldberg. Sphinx: A compact and provably secure mix format. In IEEE S&P, 2009.

Digital Library

[23]

Drew Dean and Adam Stubblefield. Using client puzzles to protect TLS. In USENIX Security, 2001.

Digital Library

[24]

Steven DiBenedetto, Paolo Gasti, Gene Tsudik, and Ersin Uzun. ANDaNA : Anonymous named data networking application. In NDSS, 2011.

[25]

Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The second-generation onion router. In USENIX Security, 2004.

Digital Library

[26]

S. Farrell and H. Tschofenig. Pervasive monitoring is an attack. IETF RFC 7258.

[27]

Michael J. Freedman, Kobbi Nissim, and Benny Pinkas. Efficient private matching and set intersection. In EUROCRYPT, 2004.

[28]

P. Brighten Godfrey, Igor Ganichev, Scott Shenker, and Ion Stoica. Pathlet routing. ACM SIGCOMM, 2009.

Digital Library

[29]

David M. Goldschlag, Michael G. Reed, and Paul F. Syverson. Hiding routing information. In ACM Information Hiding (IH) Conference, 1996.

Digital Library

[30]

Ceki Gülcü and Gene Tsudik. Mixing email with Babel. In NDSS, 1996.

[31]

Yihua He, Michalis Faloutsos, Srikanth Krishnamurthy, and Bradley Huffaker. On routing asymmetry in the Internet. In IEEE GLOBECOM, 2005.

[32]

Hsu Chun Hsiao, Tiffany Hyun Jin Kim, Adrian Perrig, Akira Yamada, Samuel C. Nelson, Marco Gruteser, and Wei Meng. LAP: Lightweight anonymity and privacy. In IEEE S&P, 2012.

[33]

Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul F. Syverson. Users get routed: traffic correlation on Tor by realistic adversaries. In ACM CCS, 2013.

Digital Library

[34]

Brian N. Levine, Michael K. Reiter, Chenxi Wang, and Matthew K. Wright. Timing attacks in low-latency mix-based systems. In FC, 2004.

[35]

Vincent Liu, Seungyeop Han, Arvind Krishnamurthy, and Thomas Anderson. Tor instead of IP. In ACM HotNets, 2011.

Digital Library

[36]

P. Mahadevan, D. Krioukov, M. Fomenkov, B. Huffaker, X. Dimitropoulos, K. Claffy, and A. Vahdat. The Internet AS-level topology: Three data sources and one definitive metric. In ACM SIGCOMM, 2006.

Digital Library

[37]

Prateek Mittal, Femi Olumofin, Carmela Troncoso, Nikita Borisov, and Ian Goldberg. PIR-Tor: Scalable anonymous communication using private information retrieval. In USENIX Security, 2011.

Digital Library

[38]

Ulf Möller, Lance Cottrell, Peter Palfrader, and Len Sassaman. Mixmaster protocol v. 2. IETF Draft, 2003.

[39]

R. Moskowitz and P. Nikander. Host identity protocol (HIP) architecture. IETF RFC 4423.

[40]

Steven J. Murdoch and Piotr Zielinski. Sampled traffic analysis by Internet-Exchange-level adversaries. In PETS, 2007.

Digital Library

[41]

Andreas Pfitzmann and Marit Köhntopp. Anonymity, unobservability, and pseudonymity - a proposal for terminology. In Designing Privacy Enhancing Technologies, 2001.

Digital Library

[42]

Jean-François Raymond. Traffic analysis: Protocols, attacks, design issues, and open problems. In Designing Privacy Enhancing Technologies, 2001.

Digital Library

[43]

Michael G. Reed, Paul F. Syverson, and M. Goldschlag David. Anonymous connections and onion routing. IEEE JSAC, 1998.

Digital Library

[44]

Jody Sankey and Matthew Wright. Dovetail: Stronger anonymity in next-generation internet routing. In PETS, 2014.

[45]

Andrei Serjantov and Peter Sewell. Passive attack analysis for connection-based anonymity systems. In ESORICS, 2003.

[46]

Matthew Smart, G. Robert Malan, and Farnam Jahanian. Defeating TCP/IP stack fingerprinting. In USENIX Security, 2000.

Digital Library

[47]

Wei Wang, Mehul Motani, and Vikram Srinivasan. Dependent link padding algorithms for low latency anonymity systems. In ACM CCS, 2008.

Digital Library

[48]

Xiaowei Yang, David Clark, and Arthur W Berger. NIRA: a new inter-domain routing architecture. IEEE/ACM Transactions on Networking, 2007.

Digital Library

[49]

Bassam Zantout and Ramzi Haraty. I2P data communication system. In ICN, 2011.

[50]

Lixia Zhang, Alexander Afanasyev, Jeffrey Burke, Van Jacobson, Kimberley Claffy, Patrick Crowley, Christos Papadopoulos, Lan Wang, and Beichuan Zhang. Named data networking. In ACM SIGCOMM, 2014.

Digital Library

[51]

Xin Zhang, Hsu-Chun Hsiao, Geoffrey Hasker, Haowen Chan, Adrian Perrig, and David G. Andersen. SCION: Scalability, control, and isolation on next-generation networks. In IEEE S&P, 2011.

Digital Library

Cited By

López-García DPérez Torreglosa JVera DSánchez-Raya M(2024)Binary-Tree-Fed Mixnet: An Efficient Symmetric Encryption SolutionApplied Sciences10.3390/app1403096614:3(966)Online publication date: 23-Jan-2024
https://doi.org/10.3390/app14030966
Fressancourt AIannone LKerichard M(2024)A deeper look at Ariadne: a privacy-preserving network layer protocolAnnals of Telecommunications10.1007/s12243-024-01017-5Online publication date: 13-Mar-2024
https://doi.org/10.1007/s12243-024-01017-5
Lorek PYung MZagórski F(2024)Mirrored Commitment: Fixing “Randomized Partial Checking” and ApplicationsApplied Cryptography and Network Security10.1007/978-3-031-54776-8_1(3-27)Online publication date: 29-Feb-2024
https://doi.org/10.1007/978-3-031-54776-8_1
Show More Cited By

Index Terms

HORNET: High-speed Onion Routing at the Network Layer
1. Security and privacy
  1. Network security

Recommendations

A model of onion routing with provable anonymity
FC'07/USEC'07: Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security

Onion routing is a scheme for anonymous communication that is designed for practical use. Until now, however, it has had no formal model and therefore no rigorous analysis of its anonymity guarantees. We give an IO-automata model of an onion-routing ...
FASRP: A Fully Anonymous Security Routing Protocol in MANETs
Security, Privacy, and Anonymity in Computation, Communication, and Storage
Abstract
The anonymous security in MANETs has drawn more attention in the military and commercial applications. Anonymous routing protocol is designed for avoiding node identity from being leaked by other nodes during communication and insuring the ...
On Evaluating Anonymity of Onion Routing
Selected Areas in Cryptography
Abstract
Anonymous communication networks (ACNs) aim to thwart an adversary, who controls or observes chunks of the communication network, from determining the respective identities of two communicating parties. We focus on low-latency ACNs such as Tor, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

October 2015

1750 pages

ISBN:9781450338325

DOI:10.1145/2810103

General Chair:
Indrajit Ray
Colorado State University, USA
,
Program Chairs:
Ninghui Li
Purdue University, USA
,
Christopher Kruegel
University of California, Santa Barbara, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

European Research Council
Engineering and Physical Sciences Research Council
EU Horizon 2020

Conference

CCS'15

Sponsor:

SIGSAC

CCS'15: The 22nd ACM Conference on Computer and Communications Security

October 12 - 16, 2015

Colorado, Denver, USA

Acceptance Rates

CCS '15 Paper Acceptance Rate 128 of 660 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

67
Total Citations
View Citations
1,064
Total Downloads

Downloads (Last 12 months)90
Downloads (Last 6 weeks)3

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

López-García DPérez Torreglosa JVera DSánchez-Raya M(2024)Binary-Tree-Fed Mixnet: An Efficient Symmetric Encryption SolutionApplied Sciences10.3390/app1403096614:3(966)Online publication date: 23-Jan-2024
https://doi.org/10.3390/app14030966
Fressancourt AIannone LKerichard M(2024)A deeper look at Ariadne: a privacy-preserving network layer protocolAnnals of Telecommunications10.1007/s12243-024-01017-5Online publication date: 13-Mar-2024
https://doi.org/10.1007/s12243-024-01017-5
Lorek PYung MZagórski F(2024)Mirrored Commitment: Fixing “Randomized Partial Checking” and ApplicationsApplied Cryptography and Network Security10.1007/978-3-031-54776-8_1(3-27)Online publication date: 29-Feb-2024
https://doi.org/10.1007/978-3-031-54776-8_1
Hugenroth DBeresford ACalandrino JTroncoso C(2023)Powering privacyProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620541(5431-5448)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620541
Meng XLiang M(2023)Port-Based Anonymous Communication Network: An Efficient and Secure Anonymous Communication NetworkSensors10.3390/s2321881023:21(8810)Online publication date: 29-Oct-2023
https://doi.org/10.3390/s23218810
Mićović MRadenković UVuletić P(2023)Network Layer Privacy Protection Using Format-Preserving EncryptionElectronics10.3390/electronics1223480012:23(4800)Online publication date: 27-Nov-2023
https://doi.org/10.3390/electronics12234800
Nunes VBrás JCarvalho ABarradas DGallagher KSantos N(2023)Enhancing the Unlinkability of Circuit-Based Anonymous Communications with k-FunnelsProceedings of the ACM on Networking10.1145/36291401:CoNEXT3(1-26)Online publication date: 28-Nov-2023
https://dl.acm.org/doi/10.1145/3629140
Fressancourt AIannone L(2023)Ariadne: a Privacy-Preserving Network Layer Protocol2023 7th Cyber Security in Networking Conference (CSNet)10.1109/CSNet59123.2023.10339734(46-52)Online publication date: 16-Oct-2023
https://doi.org/10.1109/CSNet59123.2023.10339734
Shirali MTefke TStaudemeyer RPöhls H(2023)A Survey on Anonymous Communication Systems With a Focus on Dining Cryptographers NetworksIEEE Access10.1109/ACCESS.2023.324287011(18631-18659)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3242870
Tian CZhao SCheng Z(2023)AntCom: An effective and efficient anti-tracking system with dynamic and asymmetric communication channelJournal of Network and Computer Applications10.1016/j.jnca.2023.103700218(103700)Online publication date: Sep-2023
https://doi.org/10.1016/j.jnca.2023.103700
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents