research-article

Information Leaks in Structured Peer-to-Peer Anonymous Communication Systems

Authors:

Prateek Mittal,

Nikita BorisovAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 15, Issue 1

Article No.: 5, Pages 1 - 28

https://doi.org/10.1145/2133375.2133380

Published: 01 March 2012 Publication History

Abstract

We analyze information leaks in the lookup mechanisms of structured peer-to-peer (P2P) anonymous communication systems and how these leaks can be used to compromise anonymity. We show that the techniques used to combat active attacks on the lookup mechanism dramatically increase information leaks and the efficacy of passive attacks, resulting in a tradeoff between robustness to active and passive attacks.

We study this tradeoff in two P2P anonymous systems: Salsa and AP3. In both cases, we find that, by combining both passive and active attacks, anonymity can be compromised much more effectively than previously thought, rendering these systems insecure for most proposed uses. Our results hold even if security parameters are changed or other improvements to the systems are considered. Our study, therefore, shows the importance of considering these attacks in P2P anonymous communication.

References

[1]

Back, A., Möller, U., and Stiglic, A. 2001. Traffic analysis attacks and trade-offs in anonymity providing systems. In Proceedings of the Information Hiding Workshop. I. S. Moskowitz Ed., Lecture Notes in Computer Science, vol. 2137. Springer, 245--247.

Digital Library

[2]

Bauer, K., McCoy, D., Grunwald, D., Kohno, T., and Sicker, D. 2007. Low-resource routing attacks against Tor. In Proceedings of the ACM Workshop on Privacy in the Electronic Society. T. Yu Ed., ACM, New York, NY, 11--20.

Digital Library

[3]

Bellovin, S. M. and Wagner, D. A., Eds. 2003. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA.

[4]

Berthold, O., Federrath, H., and Köhntopp, M. 2000. Project “anonymity and unobservability in the Internet”. In Proceedings of the 10th Conference on Computers, Freedom and Privacy. L. Cranor Ed., ACM, New York, NY, 57--65.

Digital Library

[5]

Borisov, N. 2005. Anonymous routing in structured peer-to-peer overlays. Ph.D. thesis, UC Berkeley.

Digital Library

[6]

Borisov, N., Danezis, G., Mittal, P., and Tabriz, P. 2007. Denial of service or denial of security? How attacks on reliability can compromise anonymity. In Proceedings of the 14th ACM Conference on Computer and Communications Security. 92--102.

Digital Library

[7]

Boucher, P., Shostack, A., and Goldberg, I. 2000. Freedom systems 2.0 architecture. White paper, Zero Knowledge Systems, Inc.

[8]

Castro, M., Druschel, P., Ganesh, A., Rowstron, A., and Wallach, D. S. 2002. Secure routing for structured peer-to-peer overlay networks. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation. D. Culler and P. Druschel Eds., USENIX, Berkeley, CA, 299--314.

Digital Library

[9]

Ciaccio, G. 2006. Improving sender anonymity in a structured overlay with imprecise routing. In Proceedings of the 6th Workshop on Privacy Enhancing Technologies. 190--207.

Digital Library

[10]

Clarke, I., Sandberg, O., Wiley, B., and Hong, T. W. 2001. Freenet: A distributed anonymous information storage and retrieval system. In Proceedings of the International Workshop on Designing Privacy Enhancing Technologies: Design Issues in Anonymity and Unobservability. Springer Verlag, Berlin, 46--66.

Digital Library

[11]

Cooke, E., Jahanian, F., and McPherson, D. 2005. The zombie roundup: Understanding, detecting, and disrupting botnets. In Proceedings of the Steps to Reducing Unwanted Traffic on the Internet Workshop. USENIX Association, Berkeley, CA, 6--6.

Digital Library

[12]

Daly, D., Deavours, D. D., Doyle, J. M., Webster, P. G., and Sanders, W. H. 2000. Möbius: An extensible tool for performance and dependability modeling. In Computer Performance Evaluation. Modelling Techniques and Tools. B. R. Haverkort, H. C. Bohnenkamp, and C. U. Smith Eds., Lecture Notes in Computer Science, vol. 1786. Springer, 332--336.

Digital Library

[13]

Danezis, G. 2003. Statistical disclosure attacks: Traffic confirmation in open environments. In Proceedings of the IFIP TC11 18th International Conference on Information Security (SEC). D. Gritzalis, S. di Vimercati, P. Samarati, and S. Katsikas Eds., 421--426.

[14]

Danezis, G. and Clayton, R. 2006. Route fingerprinting in anonymous communications. In Proceedings of the IEEE Conference on Peer-to-Peer Computing. IEEE Computer Society, Los Alamitos, CA, 69--72.

Digital Library

[15]

Danezis, G. and Golle, P., Eds. 2006. In Proceedings of the Privacy Enhancing Technologies. Lecture Notes in Computer Science, vol. 4258. Springer, Berlin.

Digital Library

[16]

Danezis, G. and Syverson, P. 2007. Bridging and fingerprinting: Epistemic attacks on route selection. In Proceedings of the Privacy Enhancing Technologies Symposium. N. Borisov and I. Goldberg Eds., Lecture Notes in Computer Science, vol. 5134. Springer, Berlin, 151--166.

Digital Library

[17]

Danezis, G., Dingledine, R., and Mathewson, N. 2003. Mixminion: Design of a Type III anonymous remailer protocol. In Proceedings of the IEEE Symposium on Security and Privacy. 2--15.

Digital Library

[18]

Diaz, C., Seys, S., Claessens, J., and Preneel, B. 2002. Towards measuring anonymity. In Proceedings of the Workshop on Privacy Enhancing Technologies. 184--188.

Digital Library

[19]

Dingledine, R. and Syverson, P., Eds. 2002. In Proceedings of the Workshop on Privacy Enhancing Technologies. Lecture Notes in Computer Science, vol. 2482. Springer.

[20]

Dingledine, R., Mathewson, N., and Syverson, P. 2004. Tor: The second-generation onion router. In Proceedings of the USENIX Security Symposium. M. Blaze Ed., USENIX Association, Berkeley, CA, 303--320.

Digital Library

[21]

Douceur, J. 2002. The sybil attack. In Proceedings of the 1st Workshop on Peer-to-Peer Systems. 251--260.

Digital Library

[22]

Druschel, P., Kaashoek, F., and Rowstron, A., Eds. 2002. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS). Lecture Notes in Computer Science, vol. 2429. Springer, Berlin.

Digital Library

[23]

Federrath, H., Ed. 2000. In Proceedings of the International Workshop on Design Issues in Anonymity and Unobservability. Lecture Notes in Computer Science, vol. 2009. Springer, Berlin.

[24]

Freedman, M. J. and Morris, R. 2002. Tarzan: A peer-to-peer anonymizing network layer. In Proceedings of the ACM Conference on Computer and Communications Security. R. Sandhu Ed., ACM, New York, NY, 193--206.

Digital Library

[25]

Goodin, D. 2007. Tor at heart of embassy passwords leak. The Register.

[26]

Holz, T., Steiner, M., Dahl, F., Biersack, E., and Freiling, F. 2008. Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm. In Proceedings of the 1st USENIX Workshop on Large-scale Exploits and Emergent Threats. F. Monrose Ed., USENIX Association, Berkeley, CA.

Digital Library

[27]

Hopper, N., Vasserman, E. Y., and Chan-Tin, E. 2007. How much anonymity does network latency leak? In Proceedings of the 14th ACM Conference on Computer and Communications Security. 82--91.

Digital Library

[28]

I2P. 2003. I2P anonymous network. http://www.i2p2.de/index.html.

[29]

Kaashoek, M. F. and Karger, D. R. 2003. Koorde: A simple degree-optimal distributed hash table. In Proceedings of the International Workshop on Peer-to-Peer Systems (IPTPS). F. Kaashoek and I. Stoica Eds., Lecture Notes in Computer Science, vol. 2735. Springer, Berlin, 98--107.

[30]

Kapadia, A. and Triandopoulos, N. 2008. Halo: High-assurance locate for distributed hash tables. In Proceedings of the Network and Distributed System Security Symposium. C. Cowan and G. Vigna Eds., Internet Society, Reston, VA, 61--79.

[31]

Kesdogan, D., Agrawal, D., and Penz, S. 2002. Limits of anonymity in open environments. In Proceedings of the Information Hiding Workshop. F. A. Petitcolas Ed., Lecture Notes in Computer Science, vol. 2578. Springer, Berlin, 53--69.

Digital Library

[32]

Mathewson, N. and Dingledine, R. 2004. Practical traffic analysis: Extending and resisting statistical disclosure. In Proceedings of the Workshop on Privacy Enhancing Technologies. D. Martin and A. Serjantov Eds., Lecture Notes in Computer Science, vol. 3424. Springer, Berlin, 17--24.

Digital Library

[33]

McLachlan, J., Tran, A., Hopper, N., and Kim, Y. 2009. Scalable onion routing with torsk. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). ACM, New York, NY, 590--599.

Digital Library

[34]

Mislove, A., Oberoi, G., Post, A., Reis, C., Druschel, P., and Wallach, D. S. 2004. AP3: Cooperative, decentralized anonymous communication. In Proceedings of the ACM SIGOPS European Workshop. M. Castro Ed., ACM, New York, NY, 30.

Digital Library

[35]

Mittal, P. and Borisov, N. 2009. Shadowwalker: Peer-to-peer anonymous communication using redundant structured topologies. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). ACM, New York, NY, 161--172.

Digital Library

[36]

Möller, U., Cottrell, L., Palfrader, P., and Sassaman, L. 2003. Mixmaster Protocol---version 2. IETF Internet Draft.

[37]

Murdoch, S. J. 2006. Hot or not: Revealing hidden services by their clock skew. In Proceedings of the 13th ACM Conference on Computer and Communications Security. 27--36.

Digital Library

[38]

Murdoch, S. J. and Danezis, G. 2005. Low-cost traffic analysis of Tor. In Proceedings of the IEEE Symposium on Security and Privacy. V. Paxson and M. Waidner Eds., IEEE Computer Society Press, Los Alamitos, CA, 183--195.

Digital Library

[39]

Murdoch, S. J. and Zieliński, P. 2007. Sampled traffic analysis by Internet-exchange-level adversaries. In Proceedings of the Privacy Enhancing Technologies Symposium. N. Borisov and P. Golle Eds., Lecture Notes in Computer Science, vol. 4776. Springer, 167--183.

Digital Library

[40]

Nambiar, A. and Wright, M. 2006. Salsa: A structured approach to large-scale anonymity. In Proceedings of the 13th ACM Conference on Computer and Communications Secuity. 17--26.

Digital Library

[41]

Nambiar, A. and Wright, M. 2007. The Salsa simulator. http://ranger.uta.edu/~mwright/code/salsa-sims.zip.

[42]

Panchenko, A., Richter, S., and Rache, A. 2009. Nisan: Network information service for anonymization networks. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). ACM, New York, NY, 141--150.

Digital Library

[43]

Rajab, M., Zarfoss, J., Monrose, F., and Terzis, A. 2006. A multifaceted approach to understanding the botnet phenomenon. In Proceedings of the Internet Measurement Conference. P. Barford Ed., ACM, New York, NY, 41--52.

Digital Library

[44]

Raymond, J.-F. 2000. Traffic analysis: Protocols, attacks, design issues, and open problems. In Proceedings of the International Workshop on Design Issues in Anonymity and Unobservability. 10--29.

Digital Library

[45]

Reiter, M. and Rubin, A. 1998. Crowds: Anonymity for Web transactions. ACM Trans. Inf. Syst. Sec. 1, 1, 66--92.

Digital Library

[46]

Rennhard, M. and Plattner, B. 2002. Introducing MorphMix: Peer-to-peer based anonymous Internet usage with collusion detection. In Proceedings of the Workshop on Privacy in Electronic Society. ACM, New York, NY, 91--102.

Digital Library

[47]

Rowstron, A. and Druschel, P. 2001. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms (Middleware). G. Goos, J. Hartmanis, and J. van Leeuwen Eds., Lecture Notes in Computer Science, vol. 2218. Springer, Berlin, 329--350.

Digital Library

[48]

Serjantov, A. and Danezis, G. 2002. Towards an information theoretic metric for anonymity. In Proceedings of the Workshop on Privacy Enhancing Techonologies. 259--263.

Digital Library

[49]

Sherr, M., Loo, B. T., and Blaze, M. 2007. Towards application-aware anonymous routing. In Proceedings of the 2nd USENIX Workshop on Hot Topics in Security. USENIX Association, Berkeley, CA, 4:1--4:5.

Digital Library

[50]

Sit, E. and Morris, R. 2002. Security considerations for peer-to-peer distributed hash tables. In Proceedings of the 1st International Workshop on Peer-to-Peer System. 261--269.

Digital Library

[51]

Stoica, I., Morris, R., Liben-Nowell, D., Karger, D. R., Kaashoek, M. F., Dabek, F., and Balakrishnan, H. 2003. Chord: A scalable peer-to-peer lookup protocol for Internet applications. IEEE/ACM Trans. Netw. 11, 1, 17--32.

Digital Library

[52]

Syverson, P., Tsudik, G., Reed, M., and Landwehr, C. 2000. Towards an analysis of onion routing security. In Proceedings of the International Workshop on Design Issues in Anonymity and Unobservability. 96--114.

Digital Library

[53]

Tabriz, P. and Borisov, N. 2006. Breaking the collusion detection mechanism of MorphMix. In Proceedings of the 6th Workshop on Privacy Enhancing Techonologies. 368--383.

Digital Library

[54]

The Tor Project. Tor metrics portal, http://metrics.torproject.org/ (last accessed 2/11).

[55]

Wallach, D. 2002. A survey of peer-to-peer security issues. In Proceedings of the International Symposium on Software Security. M. Okada, B. Pierce, A. Scedrov, H. Tokuda, and A. Yonezawa Eds., Lecture Notes in Computer Science, vol. 2609. Springer, Berlin, 253--258.

Digital Library

[56]

Wang, Q., Mittal, P., and Borisov, N. 2010. In search of an anonymous and secure lookup: Attacks on structured peer-to-peer anonymous communication systems. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’10). A. D. Keromytis and V. Shmatikov Eds., ACM.

Digital Library

[57]

Wright, M., Adler, M., Levine, B. N., and Shields, C. 2002. An analysis of the degradation of anonymous protocols. In Proceedings of the Network and Distributed System Security Symposium. P. van Oorschot and V. Gligor Eds., The Internet Society, Reston, VA, 39--50.

[58]

Wright, M., Adler, M., Levine, B. N., and Shields, C. 2003. Defending anonymous communication against passive logging attacks. In Proceedings of the IEEE Symposium on Security and Privacy. 28--41.

Digital Library

[59]

Wright, M., Adler, M., Levine, B. N., and Shields, C. 2004. The predecessor attack: An analysis of a threat to anonymous communications systems. ACM Trans. Inf. Syst. Secur. 4, 7, 489--522.

Digital Library

[60]

Wright, R. and di Vimercati, S. D. C., Eds. 2006. In Proceedings of the The 13th ACM Conference on Computer and Communications Security. ACM, New York, NY.

[61]

Wright, R. and Syverson, P., Eds. 2007. In Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM, New York, NY.

[62]

Zetter, K. 2010. Wikileaks and Tor. http://www.wired.com/threatlevel/2010/06/wikileaks-documents/.

Cited By

Kocaoğullar CHugenroth DKleppmann MBeresford A(2024)Pudding: Private User Discovery in Anonymity Networks2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00167(3203-3220)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00167
Wedler MDaniel ETschorsch F(2024)Plausibly Deniable Content Discovery for Bitswap Using Random Walks2024 IEEE 49th Conference on Local Computer Networks (LCN)10.1109/LCN60385.2024.10639726(1-9)Online publication date: 8-Oct-2024
https://doi.org/10.1109/LCN60385.2024.10639726
Tang SAlowaisheq EMi XChen YWang XDou Y(2024)Stealthy Peers: Understanding Security and Privacy Risks of Peer-Assisted Video Streaming2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00041(324-337)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00041
Show More Cited By

Index Terms

Information Leaks in Structured Peer-to-Peer Anonymous Communication Systems
1. Computer systems organization
  1. Architectures
    1. Distributed architectures
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles

Recommendations

In search of an anonymous and secure lookup: attacks on structured peer-to-peer anonymous communication systems
CCS '10: Proceedings of the 17th ACM conference on Computer and communications security

The ability to locate random relays is a key challenge for peer-to-peer (P2P) anonymous communication systems. Earlier attempts like Salsa and AP3 used distributes hash table lookups to locate relays, but the lack of anonymity in their lookup mechanisms ...
Information leaks in structured peer-to-peer anonymous communication systems
CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

We analyze information leaks in the lookup mechanisms of structured peer-to-peer anonymous communication systems and how these leaks can be used to compromise anonymity. We show that the techniques that are used to combat active attacks on the lookup ...
An anonymity mechanism with reduced server-side cost in peer-to-peer networks

In peer-to-peer (P2P) networks, each peer's trustworthiness is evaluated according to its pseudonym's rating values given by other peers. One of the fundamental challenges in peer-to-peer networks is to protect peers' identity privacy on the communication ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 15, Issue 1

Special Issue on Computer and Communications Security

March 2012

126 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/2133375

Issue’s Table of Contents

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 March 2012

Accepted: 01 June 2011

Revised: 01 February 2011

Received: 01 March 2009

Published in TISSEC Volume 15, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
858
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)1

Reflects downloads up to 14 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kocaoğullar CHugenroth DKleppmann MBeresford A(2024)Pudding: Private User Discovery in Anonymity Networks2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00167(3203-3220)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00167
Wedler MDaniel ETschorsch F(2024)Plausibly Deniable Content Discovery for Bitswap Using Random Walks2024 IEEE 49th Conference on Local Computer Networks (LCN)10.1109/LCN60385.2024.10639726(1-9)Online publication date: 8-Oct-2024
https://doi.org/10.1109/LCN60385.2024.10639726
Tang SAlowaisheq EMi XChen YWang XDou Y(2024)Stealthy Peers: Understanding Security and Privacy Risks of Peer-Assisted Video Streaming2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00041(324-337)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00041
He YZhang MYang XLuo JChen Y(2020)A Survey of Privacy Protection and Network Security in User On-Demand Anonymous CommunicationIEEE Access10.1109/ACCESS.2020.29815178(54856-54871)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2981517
Tian CZhang YYin T(2020)Modeling of Anti-tracking Network Based on Convex-Polytope TopologyComputational Science – ICCS 202010.1007/978-3-030-50417-5_32(425-438)Online publication date: 15-Jun-2020
https://doi.org/10.1007/978-3-030-50417-5_32
Sasy SGoldberg I(2019)ConsenSGX: Scaling Anonymous Communications Networks with Trusted Execution EnvironmentsProceedings on Privacy Enhancing Technologies10.2478/popets-2019-00502019:3(331-349)Online publication date: 12-Jul-2019
https://doi.org/10.2478/popets-2019-0050
Hanley HSun YWagh SMittal P(2019)DPSelect: A Differential Privacy Based Guard Relay Selection Algorithm for TorProceedings on Privacy Enhancing Technologies10.2478/popets-2019-00252019:2(166-186)Online publication date: 4-May-2019
https://doi.org/10.2478/popets-2019-0025
Tan QGao YShi JWang XFang BTian Z(2019)Toward a Comprehensive Insight Into the Eclipse Attacks of Tor Hidden ServicesIEEE Internet of Things Journal10.1109/JIOT.2018.28466246:2(1584-1593)Online publication date: Apr-2019
https://doi.org/10.1109/JIOT.2018.2846624
Tian CZhang YYin TTuo YGe R(2019)A Smart Topology Construction Method for Anti-tracking Network Based on the Neural NetworkCollaborative Computing: Networking, Applications and Worksharing10.1007/978-3-030-30146-0_31(439-454)Online publication date: 18-Aug-2019
https://doi.org/10.1007/978-3-030-30146-0_31
(2018)MultiPathP2PInternational Journal of Autonomous and Adaptive Communications Systems10.5555/3292675.329267711:4(315-332)Online publication date: 21-Dec-2018
https://dl.acm.org/doi/10.5555/3292675.3292677
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents