Article

Salsa: a structured approach to large-scale anonymity

Authors:

Matthew WrightAuthors Info & Claims

CCS '06: Proceedings of the 13th ACM conference on Computer and communications security

Pages 17 - 26

https://doi.org/10.1145/1180405.1180409

Published: 30 October 2006 Publication History

Abstract

Highly distributed anonymous communications systems have the promise to reduce the effectiveness of certain attacks and improve scalability over more centralized approaches. Existing approaches, however, face security and scalability issues. Requiring nodes to have full knowledge of the other nodes in the system, as in Tor and Tarzan, limits scalability and can lead to intersection attacks in peer-to-peer configurations. MorphMix avoids this requirement for complete system knowledge, but users must rely on untrusted peers to select the path. This can lead to the attacker controlling the entire path more often than is acceptable.To overcome these problems, we propose Salsa, a structured approach to organizing highly distributed anonymous communications systems for scalability and security. Salsa is designed to select nodes to be used in anonymous circuits randomly from the full set of nodes, even though each node has knowledge of only a subset of the network. It uses a distributed hash table based on hashes of the nodes' IP addresses to organize the system. With a virtual tree structure, limited knowledge of other nodes is enough to route node lookups throughout the system. We use redundancy and bounds checking when performing lookups to prevent malicious nodes from returning false information without detection. We show that our scheme prevents attackers from biasing path selection, while incurring moderate overheads, as long as the fraction of malicious nodes is less than 20%. Additionally, the system prevents attackers from obtaining a snapshot of the entire system until the number of attackers grows too large (e.g. 15% for 10000 peers and 256 groups). The number of groups can be used as a tunable parameter in the system, depending on the number of peers, that can be used to balance performance and security.

References

[1]

A. Acquisti, R. Dingledine,and P. Syverson. On the economics of anonymity.In Proc. Financial Cryptography Jan 2003.]]

[2]

A. Back, I. Goldberg,and A. Shostack. Freedom 2.0 security issues and analysis. Zero-Knowledge Systems, Inc. white paper, Nov 2000.]]

[3]

O. Berthold, H. Federrath, and M. Kohntopp. Project anonymity and unobservability in the Internet. In Proc. Computers Freedom and Privacy April 2000.]]

Digital Library

[4]

O. Berthold, A. Pfitzmann, and R. Standtke. The disadvantages of free mix-routes and how to overcome them. In Proc. Intl. Workshop on Design Issues in Anonymity and Unobservability July 2000.]]

Digital Library

[5]

N. Borisov. Anonymous Routing in Structured Peer-to-Peer Overlays University of California, Berkeley, CA, 2005. Ph.D Thesis.]]

Digital Library

[6]

D. Chaum. Untraceable electronic mail, return addresses,and digital pseudonyms.Communications of the ACM 24(2): 84--88, Feb 1981.]]

Digital Library

[7]

G. Ciaccio. Improving sender anonymity in a structured overlay with imprecise routing. In Proc. Privacy Enhancing Technologies Workshop (PET)June 2006.]]

Digital Library

[8]

G. Danezis. Statistical disclosure attacks: Traffic con?rmation in open environments.In Proc. Security and Privacy in the Age of Uncertainty (SEC 2003) pages 421--426, May 2003.]]

[9]

G. Danezis. The traffic analysis of continuous-time mixes. In Proc. Privacy Enhancing Technologies Workshop (PET)May 2004.]]

[10]

G. Danezis, C. Lesniewski-Laas, M. F. Kaashoek, and R. Anderson. Sybil-resistant DHT routing. In Proc. ESORICS Sep.2005.]]

Digital Library

[11]

R. Dingledine, N. Mathewson,and P. Syverson. Tor: The next-generation Onion Router.In Proc. 13th USENIX Security Symposium August 2004.]]

Digital Library

[12]

J. Douceur. The Sybil attack. In Proc. IPTPS Mar. 2002.]]

Digital Library

[13]

M. Freedman and R. Morris. Tarzan: A peer-to-peer anonymizing network layer.In Proc. ACM CCS Nov. 2002.]]

Digital Library

[14]

S. D. Kamvar, M. T. Schlosser, and H. Garcia-Molina. The eigentrust algorithm for reputation management in p2p networks.In Proc. 12th International World Wide Web Conference 2003.]]

Digital Library

[15]

J. Kirk. Botnets shrinking in size,harder to trace. http://tinyurl.com/nfxgk Jan.2006.]]

[16]

L. von Ahn, M. Blum, N. J. Hopper, and J. Langford. CAPTCHA: Using hard AI problems for security. In Proc. Eurocrypt 2003.]]

[17]

B. N. Levine, M. Reiter, C. Wang, and M. Wright. Timing analysis in low-latency mix systems. In Proc. Financial Cryptography February 2004.]]

[18]

N. Mathewson and R. Dingledine. Practical traffic analysis: extending and resisting statistical disclosure. In Proc. Privacy Enhancing Technologies workshop (PET 2004) May 2004.]]

[19]

R. Motawani and P. Raghavan. Randomized Algorithms chapter 3.Cambridge University Press, 1995.]]

Digital Library

[20]

S. J. Murdoch and G. Danezis. Low-cost traffic analysis of Tor.In Proceedings of the 2005 IEEE Symposium on Security and Privacy May 2005.]]

Digital Library

[21]

M. Reiter, X. Weng, and M. Wright. Building reliable mix networks with fair exchange.In Proc. 3rd Applied Cryptography and Network Security Conference (ACNS)June 2005.]]

Digital Library

[22]

M. K. Reiter and A. D. Rubin. Crowds: Anonymity for Web Transactions.ACM TISSEC 1(1):66--92, Nov 1998.]]

Digital Library

[23]

M. Rennhard and B. Plattner. Practical anonymity for the masses with MorphMix.In Proc. Financial Cryptography (FC '04) February 2004.]]

[24]

I. Stoica, R. Morris, D. Karger, F. Kaashoek, and H. Balakrishnan. Chord: A scalable Peer-To-Peer lookup service for Internet applications.In Proceedings of the 2001 ACM SIGCOMM Conference 2001.]]

Digital Library

[25]

P. Syverson, G. Tsudik, M. Reed, and C. Landwehr. Towards an analysis of Onion Routing security. In Workshop on Design Issues in Anonymity and Unobservability July 2000.]]

Digital Library

[26]

P. Tabriz and N. Borisov. Breaking the collusion detection mechanism of MorphMix.In Proc. Privacy Enhancing Technologies Workshop (PET)June 2006.]]

Digital Library

[27]

M. Wright, M. Adler, B. Levine, and C. Shields. An analysis of the degradation of anonymous protocols. In Proc. ISOC Sym. on Network and Distributed System Security Feb 2002.]]

[28]

M. Wright, M. Adler, B. Levine, and C. Shields. Defending anonymous communications against passive logging attacks. In Proc. IEEE Sym. on Security and Privacy May 2003.]]

Digital Library

[29]

Y. Zhu, X. Fu, B. Graham, R. Bettati, and W. Zhao. On flow correlation attacks and countermeasures in mix networks.In Proc. Privacy Enhancing Technologies (PET)May 2004.]]

Cited By

Mirzaei RYazdani NSayad Haghighi M(2025)Enhancing network tunnels anonymity through increasing combined traffic in a clustered structureComputers & Security10.1016/j.cose.2024.104224150(104224)Online publication date: Mar-2025
https://doi.org/10.1016/j.cose.2024.104224
Kocaoğullar CHugenroth DKleppmann MBeresford A(2024)Pudding: Private User Discovery in Anonymity Networks2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00167(3203-3220)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00167
Tian CZhang YYin T(2022)Topology Self-optimization for Anti-tracking Network via Nodes Distributed ComputingCollaborative Computing: Networking, Applications and Worksharing10.1007/978-3-030-92635-9_24(405-419)Online publication date: 1-Jan-2022
https://doi.org/10.1007/978-3-030-92635-9_24
Show More Cited By

Index Terms

Salsa: a structured approach to large-scale anonymity
1. Computer systems organization
  1. Architectures
    1. Distributed architectures
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles

Recommendations

Cost-effective broadcast for fully decentralized peer-to-peer networks

Fully unstructured and decentralized peer-to-peer networks such as Gnutella are appealing for a variety of applications, among which file-sharing is the most prominent one. The decentralized nature of these systems provides a high degree of robustness ...
Building resilient low-diameter peer-to-peer topologies

As more applications rely on underlying peer-to-peer topologies, the need for efficient and resilient infrastructure has become more pressing. A number of important classes of topologies have emerged over the last several years, all with various ...
Locality in structured peer-to-peer networks

Distributed hash tables (DHTs), used in a number of structured peer-to-peer (P2P) systems, provide efficient mechanisms for resource placement and location. A key distinguishing feature of current DHT systems, such as Chord, Pastry, CAN and Tapestry, is ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '06: Proceedings of the 13th ACM conference on Computer and communications security

October 2006

434 pages

ISBN:1595935185

DOI:10.1145/1180405

General Chair:
Ari Juels
RSA Laboratories
,
Program Chairs:
Rebecca Wright
Stevens Institute of Technology
,
Sabrina De Capitani di Vimercati
University of Milan, Italy

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS06

Sponsor:

CCS06: 13th ACM Conference on Computer and Communications Security 2006

October 30 - November 3, 2006

Virginia, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

91
Total Citations
View Citations
1,110
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mirzaei RYazdani NSayad Haghighi M(2025)Enhancing network tunnels anonymity through increasing combined traffic in a clustered structureComputers & Security10.1016/j.cose.2024.104224150(104224)Online publication date: Mar-2025
https://doi.org/10.1016/j.cose.2024.104224
Kocaoğullar CHugenroth DKleppmann MBeresford A(2024)Pudding: Private User Discovery in Anonymity Networks2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00167(3203-3220)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00167
Tian CZhang YYin T(2022)Topology Self-optimization for Anti-tracking Network via Nodes Distributed ComputingCollaborative Computing: Networking, Applications and Worksharing10.1007/978-3-030-92635-9_24(405-419)Online publication date: 1-Jan-2022
https://doi.org/10.1007/978-3-030-92635-9_24
Panchenko AMitseva AKnabe S(2021)WhisperChord: Scalable and Secure Node Discovery for Overlay Networks2021 IEEE 46th Conference on Local Computer Networks (LCN)10.1109/LCN52139.2021.9525008(170-177)Online publication date: 4-Oct-2021
https://doi.org/10.1109/LCN52139.2021.9525008
Panchenko AMitseva AZiemann THering T(2021)GuardedGossip: Secure and Anonymous Node Discovery in Untrustworthy NetworksSecurity and Privacy in Communication Networks10.1007/978-3-030-90019-9_7(123-143)Online publication date: 3-Nov-2021
https://doi.org/10.1007/978-3-030-90019-9_7
Sayad Haghighi MAziminejad Z(2020)Highly Anonymous Mobility-Tolerant Location-Based Onion Routing for VANETsIEEE Internet of Things Journal10.1109/JIOT.2019.29483157:4(2582-2590)Online publication date: Apr-2020
https://doi.org/10.1109/JIOT.2019.2948315
Gupta DSaia JYoung M(2020)Resource Burning for Permissionless Systems (Invited Paper)Structural Information and Communication Complexity10.1007/978-3-030-54921-3_2(19-44)Online publication date: 28-Jul-2020
https://doi.org/10.1007/978-3-030-54921-3_2
Sasy SGoldberg I(2019)ConsenSGX: Scaling Anonymous Communications Networks with Trusted Execution EnvironmentsProceedings on Privacy Enhancing Technologies10.2478/popets-2019-00502019:3(331-349)Online publication date: 12-Jul-2019
https://doi.org/10.2478/popets-2019-0050
Rochet FPereira O(2018)Dropping on the Edge: Flexibility and Traffic Confirmation in Onion Routing ProtocolsProceedings on Privacy Enhancing Technologies10.1515/popets-2018-00112018:2(27-46)Online publication date: 20-Feb-2018
https://doi.org/10.1515/popets-2018-0011
Shirazi FSimeonovski MAsghar MBackes MDiaz C(2018)A Survey on Routing in Anonymous Communication ProtocolsACM Computing Surveys10.1145/318265851:3(1-39)Online publication date: 12-Jun-2018
https://dl.acm.org/doi/10.1145/3182658
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents