The design and implementation of the A3 application-aware anonymity platform
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Today's Internet routing protocols, while arguably robust and efficient, are not designed to support anonymous communication. Internet packets must include accurate destination addresses to be routable and truthful source information to achieve reliability. While there have been several attempts at providing anonymity with the use of application-level overlay networks, these solutions focus almost exclusively on maximizing anonymity, typically at the expense of performance. This dissertation shows that it is both possible and practical to design, secure, and scale decentralized overlay networks for high performance anonymous routing. Our techniques utilize virtual coordinate systems that embed link information (for example, latency, jitter, and loss) in n-dimensional coordinate planes. Such coordinate systems enable nodes to estimate pairwise network metrics between remote peers without requiring direct measurements. We introduce methods for scalably disseminating coordinate information as well as security mechanisms for enforcing truthful coordinate advertisements. By allowing nodes to estimate the end-to-end performance of possible routes, our overlay routing infrastructure empowers applications to intelligently select high performing anonymous paths. Unlike existing anonymity systems that depend on central authorities or directories, our coordinate routing system does not rely on a priori trusted nodes or third-party authorities. This lack of centralization enables our system to scale to potentially millions of nodes and offer anonymity that does not depend on the trustworthiness of select nodes or services. Moreover, the ability to estimate the end-to-end performance of potential anonymous paths and prune likely underperforming routes permits the anonymization of high bandwidth and low latency network services (for example, voice-over-IP, streaming video multicast, etc.) whose communication requirements have previously been considered too restrictive for anonymity networks.