Design principles for low latency anonymous network systems secure against timing attacks

Authors:
Rungrat Wiangsripanawan;Willy Susilo;Rei Safavi-Naini
Affiliations:
University of Wollongong, Australia;University of Wollongong, Australia;University of Wollongong, Australia
Venue:
ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68
Year:
2007

Citing 7
Cited 3

Resource discovery in distributed networks

Proceedings of the eighteenth annual ACM symposium on Principles of distributed computing
Untraceable electronic mail, return addresses, and digital pseudonyms

Communications of the ACM
Tarzan: a peer-to-peer anonymizing network layer

Proceedings of the 9th ACM conference on Computer and communications security
Introducing MorphMix: peer-to-peer based anonymous Internet usage with collusion detection

Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Low-Cost Traffic Analysis of Tor

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Tor: the second-generation onion router

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The traffic analysis of continuous-time mixes

PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies

Don't Clog the Queue! Circuit Clogging and Mitigation in P2P Anonymity Schemes

Financial Cryptography and Data Security
A practical congestion attack on tor using long paths

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Trust in anonymity networks

CONCUR'10 Proceedings of the 21st international conference on Concurrency theory

Quantified Score

Hi-index	0.00

Visualization

Abstract

Low latency anonymous network systems, such as Tor, were considered secure against timing attacks when the threat model does not include a global adversary. In this threat model the adversary can only see part of the links in the system. In a recent paper entitled Low-cost traffic analysis of Tor, it was shown that a variant of timing attack that does not require a global adversary can be applied to Tor. More importantly, authors claimed that their attack would work on any low latency anonymous network systems. The implication of the attack is that all low latency anonymous networks will be vulnerable to this attack even if there is no global adversary. In this paper, we investigate this claim against other low latency anonymous networks, including Tarzan and Morphmix. Our results show that in contrast to the claim of the aforementioned paper, the attack may not be applicable in all cases. Based on our analysis, we draw design principles for secure low latency anonymous network system (also secure against the above attack).