Delay Anonymity Tradeoff in Mix Networks: Optimal Routing

Anonymous systems on the Internet aim to protect users from revealing to an external unauthorized entity their identities and their network activities. Despite using layered encryption, these systems are still vulnerable to timing analysis, wherein an eavesdropper can use traffic correlation mechani...

Full description

Saved in:
Bibliographic Details
Published in:IEEE/ACM transactions on networking 2017-04, Vol.25 (2), p.1162-1175
Main Authors: Javidbakht, Omid, Venkitasubramaniam, Parv
Format: Article
Language:English
Subjects:
anonymity
Computer simulation
Delay
Delays
Driving conditions
Encryption
Entropy
Internet
mix
multipath routing
network latency
Network security
Networks
Packet transmission
Privacy
Quality of service
Resource management
Routers
Routing
Routing (telecommunications)
Tradeoffs
Traffic
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Anonymous systems on the Internet aim to protect users from revealing to an external unauthorized entity their identities and their network activities. Despite using layered encryption, these systems are still vulnerable to timing analysis, wherein an eavesdropper can use traffic correlation mechanisms to identify the source of packets arriving at a destination. Mixes are intelligent routers or proxy servers that aim to provide packet source anonymity from timing analysis by delaying and shuffling the order of received packets prior to transmission. Such shuffling strategies naturally increase latency and result in a tradeoff between anonymity and latency. This paper investigates this tradeoff in a network of mixes, by deriving the optimal routing for sources which maximizes weighted sum of anonymity and delay. The achievable anonymity is characterized analytically for a general multipath model, and it is shown that under light traffic conditions, there exists a unique single route strategy, which achieves the optimal delay anonymity tradeoff. A low complexity algorithm is presented that derives the optimal routes to achieve a desired tradeoff. The light traffic results are specialized for a graphical model of existing practical anonymous systems, and optimal scaling behavior with the size of such networks is characterized. In the heavy traffic regime, it is shown that optimal anonymity is achieved for any allocation of rates across the different routes. Simulations on example networks are presented where it is shown that the optimal routes derived under light traffic performs quite well in general traffic regime.
ISSN:1063-6692
1558-2566
DOI:10.1109/TNET.2016.2624023