Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Introducing Tarzan, a Peer-to-Peer Anonymizing Network Layer
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
A Trend Analysis of Exploitations
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Tolerating denial-of-service attacks using overlay networks: impact of topology
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
ACMS: the Akamai configuration management system
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Empirical study of tolerating denial-of-service attacks with a proxy network
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Mayday: distributed filtering for internet services
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Optimizing preventive service of software products
IBM Journal of Research and Development
Empirical study of tolerating denial-of-service attacks with a proxy network
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Hi-index | 0.00 |
Overlay networks (proxy networks) have been used as a communication infrastructure to allow applications to communicate with users without revealing their IP addresses. Such proxy networks are used to enhance application security; including protecting applications from direct attacks and infrastructure Denial-of-Service attacks. However, the conditions under which such approaches can hide application location are not well understood. To shed light on this question, we develop a formal framework for the proxy network approach to location-hiding which encompasses most of the proposed approaches. It is used to characterize how attacks, defenses, and correlated host vulnerabilities affect the feasibility of location-hiding. We find that existing approaches employing static structures (e.g., SOS and I3) cannot hide application location because attackers gain information monotonically and quickly penetrate the proxy network. However, adding defenses, such as proxy network reconfiguration or migration, which invalidate the information attackers have, makes location-hiding feasible against penetration attacks. Proxy-network depth and reconfiguration rates are critical factors for effectiveness. Furthermore, correlated vulnerabilities in many cases jeopardize location-hiding; however, by exploiting host diversity and intelligent proxy-network construction, the negative impact of correlation can be mitigated and location-hiding can be achieved. These results provide deeper understanding of the location-hiding problem and guidelines for proxy-network design.