skip to main content
research-article

Information Leaks in Structured Peer-to-Peer Anonymous Communication Systems

Published:01 March 2012Publication History
Skip Abstract Section

Abstract

We analyze information leaks in the lookup mechanisms of structured peer-to-peer (P2P) anonymous communication systems and how these leaks can be used to compromise anonymity. We show that the techniques used to combat active attacks on the lookup mechanism dramatically increase information leaks and the efficacy of passive attacks, resulting in a tradeoff between robustness to active and passive attacks.

We study this tradeoff in two P2P anonymous systems: Salsa and AP3. In both cases, we find that, by combining both passive and active attacks, anonymity can be compromised much more effectively than previously thought, rendering these systems insecure for most proposed uses. Our results hold even if security parameters are changed or other improvements to the systems are considered. Our study, therefore, shows the importance of considering these attacks in P2P anonymous communication.

References

  1. Back, A., Möller, U., and Stiglic, A. 2001. Traffic analysis attacks and trade-offs in anonymity providing systems. In Proceedings of the Information Hiding Workshop. I. S. Moskowitz Ed., Lecture Notes in Computer Science, vol. 2137. Springer, 245--247. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Bauer, K., McCoy, D., Grunwald, D., Kohno, T., and Sicker, D. 2007. Low-resource routing attacks against Tor. In Proceedings of the ACM Workshop on Privacy in the Electronic Society. T. Yu Ed., ACM, New York, NY, 11--20. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Bellovin, S. M. and Wagner, D. A., Eds. 2003. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA.Google ScholarGoogle Scholar
  4. Berthold, O., Federrath, H., and Köhntopp, M. 2000. Project “anonymity and unobservability in the Internet”. In Proceedings of the 10th Conference on Computers, Freedom and Privacy. L. Cranor Ed., ACM, New York, NY, 57--65. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Borisov, N. 2005. Anonymous routing in structured peer-to-peer overlays. Ph.D. thesis, UC Berkeley. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Borisov, N., Danezis, G., Mittal, P., and Tabriz, P. 2007. Denial of service or denial of security? How attacks on reliability can compromise anonymity. In Proceedings of the 14th ACM Conference on Computer and Communications Security. 92--102. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Boucher, P., Shostack, A., and Goldberg, I. 2000. Freedom systems 2.0 architecture. White paper, Zero Knowledge Systems, Inc.Google ScholarGoogle Scholar
  8. Castro, M., Druschel, P., Ganesh, A., Rowstron, A., and Wallach, D. S. 2002. Secure routing for structured peer-to-peer overlay networks. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation. D. Culler and P. Druschel Eds., USENIX, Berkeley, CA, 299--314. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Ciaccio, G. 2006. Improving sender anonymity in a structured overlay with imprecise routing. In Proceedings of the 6th Workshop on Privacy Enhancing Technologies. 190--207. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Clarke, I., Sandberg, O., Wiley, B., and Hong, T. W. 2001. Freenet: A distributed anonymous information storage and retrieval system. In Proceedings of the International Workshop on Designing Privacy Enhancing Technologies: Design Issues in Anonymity and Unobservability. Springer Verlag, Berlin, 46--66. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Cooke, E., Jahanian, F., and McPherson, D. 2005. The zombie roundup: Understanding, detecting, and disrupting botnets. In Proceedings of the Steps to Reducing Unwanted Traffic on the Internet Workshop. USENIX Association, Berkeley, CA, 6--6. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Daly, D., Deavours, D. D., Doyle, J. M., Webster, P. G., and Sanders, W. H. 2000. Möbius: An extensible tool for performance and dependability modeling. In Computer Performance Evaluation. Modelling Techniques and Tools. B. R. Haverkort, H. C. Bohnenkamp, and C. U. Smith Eds., Lecture Notes in Computer Science, vol. 1786. Springer, 332--336. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Danezis, G. 2003. Statistical disclosure attacks: Traffic confirmation in open environments. In Proceedings of the IFIP TC11 18th International Conference on Information Security (SEC). D. Gritzalis, S. di Vimercati, P. Samarati, and S. Katsikas Eds., 421--426.Google ScholarGoogle Scholar
  14. Danezis, G. and Clayton, R. 2006. Route fingerprinting in anonymous communications. In Proceedings of the IEEE Conference on Peer-to-Peer Computing. IEEE Computer Society, Los Alamitos, CA, 69--72. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Danezis, G. and Golle, P., Eds. 2006. In Proceedings of the Privacy Enhancing Technologies. Lecture Notes in Computer Science, vol. 4258. Springer, Berlin. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Danezis, G. and Syverson, P. 2007. Bridging and fingerprinting: Epistemic attacks on route selection. In Proceedings of the Privacy Enhancing Technologies Symposium. N. Borisov and I. Goldberg Eds., Lecture Notes in Computer Science, vol. 5134. Springer, Berlin, 151--166. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Danezis, G., Dingledine, R., and Mathewson, N. 2003. Mixminion: Design of a Type III anonymous remailer protocol. In Proceedings of the IEEE Symposium on Security and Privacy. 2--15. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Diaz, C., Seys, S., Claessens, J., and Preneel, B. 2002. Towards measuring anonymity. In Proceedings of the Workshop on Privacy Enhancing Technologies. 184--188. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Dingledine, R. and Syverson, P., Eds. 2002. In Proceedings of the Workshop on Privacy Enhancing Technologies. Lecture Notes in Computer Science, vol. 2482. Springer.Google ScholarGoogle Scholar
  20. Dingledine, R., Mathewson, N., and Syverson, P. 2004. Tor: The second-generation onion router. In Proceedings of the USENIX Security Symposium. M. Blaze Ed., USENIX Association, Berkeley, CA, 303--320. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Douceur, J. 2002. The sybil attack. In Proceedings of the 1st Workshop on Peer-to-Peer Systems. 251--260. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Druschel, P., Kaashoek, F., and Rowstron, A., Eds. 2002. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS). Lecture Notes in Computer Science, vol. 2429. Springer, Berlin. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Federrath, H., Ed. 2000. In Proceedings of the International Workshop on Design Issues in Anonymity and Unobservability. Lecture Notes in Computer Science, vol. 2009. Springer, Berlin.Google ScholarGoogle Scholar
  24. Freedman, M. J. and Morris, R. 2002. Tarzan: A peer-to-peer anonymizing network layer. In Proceedings of the ACM Conference on Computer and Communications Security. R. Sandhu Ed., ACM, New York, NY, 193--206. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Goodin, D. 2007. Tor at heart of embassy passwords leak. The Register.Google ScholarGoogle Scholar
  26. Holz, T., Steiner, M., Dahl, F., Biersack, E., and Freiling, F. 2008. Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm. In Proceedings of the 1st USENIX Workshop on Large-scale Exploits and Emergent Threats. F. Monrose Ed., USENIX Association, Berkeley, CA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Hopper, N., Vasserman, E. Y., and Chan-Tin, E. 2007. How much anonymity does network latency leak? In Proceedings of the 14th ACM Conference on Computer and Communications Security. 82--91. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. I2P. 2003. I2P anonymous network. http://www.i2p2.de/index.html.Google ScholarGoogle Scholar
  29. Kaashoek, M. F. and Karger, D. R. 2003. Koorde: A simple degree-optimal distributed hash table. In Proceedings of the International Workshop on Peer-to-Peer Systems (IPTPS). F. Kaashoek and I. Stoica Eds., Lecture Notes in Computer Science, vol. 2735. Springer, Berlin, 98--107.Google ScholarGoogle Scholar
  30. Kapadia, A. and Triandopoulos, N. 2008. Halo: High-assurance locate for distributed hash tables. In Proceedings of the Network and Distributed System Security Symposium. C. Cowan and G. Vigna Eds., Internet Society, Reston, VA, 61--79.Google ScholarGoogle Scholar
  31. Kesdogan, D., Agrawal, D., and Penz, S. 2002. Limits of anonymity in open environments. In Proceedings of the Information Hiding Workshop. F. A. Petitcolas Ed., Lecture Notes in Computer Science, vol. 2578. Springer, Berlin, 53--69. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Mathewson, N. and Dingledine, R. 2004. Practical traffic analysis: Extending and resisting statistical disclosure. In Proceedings of the Workshop on Privacy Enhancing Technologies. D. Martin and A. Serjantov Eds., Lecture Notes in Computer Science, vol. 3424. Springer, Berlin, 17--24. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. McLachlan, J., Tran, A., Hopper, N., and Kim, Y. 2009. Scalable onion routing with torsk. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). ACM, New York, NY, 590--599. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Mislove, A., Oberoi, G., Post, A., Reis, C., Druschel, P., and Wallach, D. S. 2004. AP3: Cooperative, decentralized anonymous communication. In Proceedings of the ACM SIGOPS European Workshop. M. Castro Ed., ACM, New York, NY, 30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Mittal, P. and Borisov, N. 2009. Shadowwalker: Peer-to-peer anonymous communication using redundant structured topologies. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). ACM, New York, NY, 161--172. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Möller, U., Cottrell, L., Palfrader, P., and Sassaman, L. 2003. Mixmaster Protocol---version 2. IETF Internet Draft.Google ScholarGoogle Scholar
  37. Murdoch, S. J. 2006. Hot or not: Revealing hidden services by their clock skew. In Proceedings of the 13th ACM Conference on Computer and Communications Security. 27--36. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Murdoch, S. J. and Danezis, G. 2005. Low-cost traffic analysis of Tor. In Proceedings of the IEEE Symposium on Security and Privacy. V. Paxson and M. Waidner Eds., IEEE Computer Society Press, Los Alamitos, CA, 183--195. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Murdoch, S. J. and Zieliński, P. 2007. Sampled traffic analysis by Internet-exchange-level adversaries. In Proceedings of the Privacy Enhancing Technologies Symposium. N. Borisov and P. Golle Eds., Lecture Notes in Computer Science, vol. 4776. Springer, 167--183. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Nambiar, A. and Wright, M. 2006. Salsa: A structured approach to large-scale anonymity. In Proceedings of the 13th ACM Conference on Computer and Communications Secuity. 17--26. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Nambiar, A. and Wright, M. 2007. The Salsa simulator. http://ranger.uta.edu/~mwright/code/salsa-sims.zip.Google ScholarGoogle Scholar
  42. Panchenko, A., Richter, S., and Rache, A. 2009. Nisan: Network information service for anonymization networks. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). ACM, New York, NY, 141--150. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Rajab, M., Zarfoss, J., Monrose, F., and Terzis, A. 2006. A multifaceted approach to understanding the botnet phenomenon. In Proceedings of the Internet Measurement Conference. P. Barford Ed., ACM, New York, NY, 41--52. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Raymond, J.-F. 2000. Traffic analysis: Protocols, attacks, design issues, and open problems. In Proceedings of the International Workshop on Design Issues in Anonymity and Unobservability. 10--29. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Reiter, M. and Rubin, A. 1998. Crowds: Anonymity for Web transactions. ACM Trans. Inf. Syst. Sec. 1, 1, 66--92. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Rennhard, M. and Plattner, B. 2002. Introducing MorphMix: Peer-to-peer based anonymous Internet usage with collusion detection. In Proceedings of the Workshop on Privacy in Electronic Society. ACM, New York, NY, 91--102. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Rowstron, A. and Druschel, P. 2001. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms (Middleware). G. Goos, J. Hartmanis, and J. van Leeuwen Eds., Lecture Notes in Computer Science, vol. 2218. Springer, Berlin, 329--350. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Serjantov, A. and Danezis, G. 2002. Towards an information theoretic metric for anonymity. In Proceedings of the Workshop on Privacy Enhancing Techonologies. 259--263. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Sherr, M., Loo, B. T., and Blaze, M. 2007. Towards application-aware anonymous routing. In Proceedings of the 2nd USENIX Workshop on Hot Topics in Security. USENIX Association, Berkeley, CA, 4:1--4:5. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Sit, E. and Morris, R. 2002. Security considerations for peer-to-peer distributed hash tables. In Proceedings of the 1st International Workshop on Peer-to-Peer System. 261--269. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Stoica, I., Morris, R., Liben-Nowell, D., Karger, D. R., Kaashoek, M. F., Dabek, F., and Balakrishnan, H. 2003. Chord: A scalable peer-to-peer lookup protocol for Internet applications. IEEE/ACM Trans. Netw. 11, 1, 17--32. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Syverson, P., Tsudik, G., Reed, M., and Landwehr, C. 2000. Towards an analysis of onion routing security. In Proceedings of the International Workshop on Design Issues in Anonymity and Unobservability. 96--114. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Tabriz, P. and Borisov, N. 2006. Breaking the collusion detection mechanism of MorphMix. In Proceedings of the 6th Workshop on Privacy Enhancing Techonologies. 368--383. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. The Tor Project. Tor metrics portal, http://metrics.torproject.org/ (last accessed 2/11).Google ScholarGoogle Scholar
  55. Wallach, D. 2002. A survey of peer-to-peer security issues. In Proceedings of the International Symposium on Software Security. M. Okada, B. Pierce, A. Scedrov, H. Tokuda, and A. Yonezawa Eds., Lecture Notes in Computer Science, vol. 2609. Springer, Berlin, 253--258. Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. Wang, Q., Mittal, P., and Borisov, N. 2010. In search of an anonymous and secure lookup: Attacks on structured peer-to-peer anonymous communication systems. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’10). A. D. Keromytis and V. Shmatikov Eds., ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. Wright, M., Adler, M., Levine, B. N., and Shields, C. 2002. An analysis of the degradation of anonymous protocols. In Proceedings of the Network and Distributed System Security Symposium. P. van Oorschot and V. Gligor Eds., The Internet Society, Reston, VA, 39--50.Google ScholarGoogle Scholar
  58. Wright, M., Adler, M., Levine, B. N., and Shields, C. 2003. Defending anonymous communication against passive logging attacks. In Proceedings of the IEEE Symposium on Security and Privacy. 28--41. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Wright, M., Adler, M., Levine, B. N., and Shields, C. 2004. The predecessor attack: An analysis of a threat to anonymous communications systems. ACM Trans. Inf. Syst. Secur. 4, 7, 489--522. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. Wright, R. and di Vimercati, S. D. C., Eds. 2006. In Proceedings of the The 13th ACM Conference on Computer and Communications Security. ACM, New York, NY.Google ScholarGoogle Scholar
  61. Wright, R. and Syverson, P., Eds. 2007. In Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM, New York, NY.Google ScholarGoogle Scholar
  62. Zetter, K. 2010. Wikileaks and Tor. http://www.wired.com/threatlevel/2010/06/wikileaks-documents/.Google ScholarGoogle Scholar

Index Terms

  1. Information Leaks in Structured Peer-to-Peer Anonymous Communication Systems

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on Information and System Security
        ACM Transactions on Information and System Security  Volume 15, Issue 1
        Special Issue on Computer and Communications Security
        March 2012
        126 pages
        ISSN:1094-9224
        EISSN:1557-7406
        DOI:10.1145/2133375
        Issue’s Table of Contents

        Copyright © 2012 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 1 March 2012
        • Accepted: 1 June 2011
        • Revised: 1 February 2011
        • Received: 1 March 2009
        Published in tissec Volume 15, Issue 1

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Research
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!