anon.next: A Framework for Privacy in the Next Generation Internet

Size: px
Start display at page:

Download "anon.next: A Framework for Privacy in the Next Generation Internet"

Transcription

1 anon.next: A Framework for Privacy in the Next Generation Internet Matthew Wright Department of Computer Science and Engineering, The University of Texas at Arlington, Arlington, TX, USA, Abstract. Systems for anonymity on the Internet are inherently slow; multi-hop paths may traverse continents in an effort to remove the linkability between source and destination. Next generation Internet infrastructures are currently being investigated, notably through the NSF GENI project. In such an infrastructure, there is an opportunity to build anonymity directly into the network so that it is faster and more efficient than overlay-based approaches. We propose anon.next, a basic architecture for this kind of network-embedded anonymity system meant to be tested on the GENI infrastructure. In anon.next, anonymizing proxies are controlled by ISPs and have information about how to build paths that are both efficient and privacy-preserving. This paper presents the design choices that we would face in developing this system and the challenges for determining the privacy it would provide. 1 Introduction Anonymity research has led to a variety of practical system designs and anonymity systems that are in use today [1]. These systems are effective against many kinds of attacks on privacy, but they have substantially slower network performance and cannot protect against more powerful attackers. These systems have made reasonable design choices but face fundamental limitations. As they are overlay networks, an anonymized connection going through multiple proxies must pass through several Internet connections before reaching its destination, and reply traffic faces the same overhead. Any optimizations in this framework are therefore limited at best. Recently, there has been a great deal of interest by researchers in new Internet architectures. In particular, the U.S. National Science Foundation has a major long-term initiative in Future Internet Design (FIND) see Related to this initiative is the development of GENI, the Global Environment for Network Innovations (http://www.geni.net), a virtual laboratory for internetworking research. The next-generation Internet is expected to have many features, such as security mechanisms, quality-of-service, availability, and application support. This also presents a substantial opportunity for anonymity

2 2 and privacy researchers to develop ideas for privacy enhanced systems in these future networks. In this paper, we propose to investigate ways of embedding anonymous communications proxies into the new Internet architectures, such that these networks can provide efficient and effective protection from traffic analysis. More specifically, we will consider a simple but promising notion that proxies much like existing anonymizing proxies can be placed in key locations throughout the network to provide strong protection from traffic analysis. This will mean that the privacy of users communications will be protected while providing high-speed connections in a way that is not possible with todays frameworks. The promise of this idea is clear: by removing significant overheads in the creation of the path of proxies and not requiring communications to cross the entire network multiple times, we greatly lower the delays as compared to an overlay system. Further, consolidation of traffic may offer opportunities to provide greater mixing, by which traffic from different connections is briefly stored and reordered to confuse the eavesdropper. Mixing is largely beyond the capability of todays overlay systems, as the traffic levels are not high enough; low traffic means long periods of storage at the proxies, while higher traffic levels are too expensive for volunteer operators to sustain. While embedded anonymizing proxies would add to the networks infrastructure costs, they could be more cost-efficient than overlay proxies and the costs could be charged to users. The addition of proxies can substantially improve protection against powerful eavesdroppers by ensuring that sufficient mixing occurs in the system. In this initial investigation, we will consider a variety of possibilities for the placement of proxies in the network and the algorithms for selecting proxies for anonymous communication paths. We will use analysis and simulation to determine the performance and security consequences of different choices, as well as considering the practicality of these choices with respect to the cost of the proxies and overhead in the network. The most promising choices will be studied further in future research, in which we will investigate the potential for mixing and cover traffic to further prevent traffic analysis. 2 Background Anonymous communications have been studied in detail since 1981, when Chaum presented the idea of a mix [2], a proxy that buffers messages and reorders them before sending them out. Mixes should be put in a series, or a path, in which layers of encryption are removed in stages to protect messages from being tracked. Most of the research in anonymity has been based on this simple idea, and much of that work has focused on the systems aspects making anonymity practical and efficient for real network users. Designers of anonymity systems, including the commercial Freedom network [3] and the currently popular Tor [1], have made substantial compromises in security to allow for acceptable performance and overheads. Essentially, unlike mixes, they do not buffer or reorder messages. The creators of Tor plainly state that end-to-end timing correlation is likely to

3 3 be effective against their system [1]. Recent efforts in timing analysis have shown high rates of attacker success for tracking communications, even when all users have identical, constant-rate traffic patterns [4]. Despite the security compromises these systems have made, they are still slow. While this has been difficult to quantify, it seems clear that sending and receiving packets over randomly selected multiple overlay hops will be inherently slower than a direct connection. Each intermediate connection, for example, is subject to possible congestion. This means that the chance of congestion somewhere on the path is much higher than in a direct connection. One approach to solving this problem would be to choose servers that are well-placed in the network to provide the best network performance. Doing this in a naive way, however, makes the system vulnerable to attackers with only modest resources [5]. While secure ways of improving network performance may exist, such improvements will be inherently limited by the need to connect to servers at the edge of the network. In this paper, we propose a means to remedy the limitations on the performancesecurity tradeoff in current anonymity systems by embedding proxies into the network structure. This idea holds promise but leads to a number of important questions for investigation. In such an investigation, we would seek the answers to the two questions most suitable to understanding the feasibility of this approach. First, where should we put the proxies? Second, How do we select paths between proxies? Of course, these two questions are linked and we will need to address them together. Research funding agencies in both the U.S. and Europe are calling for new efforts in Internet design. This presents a unique opportunity to consider the addition of network services, including protection from traffic analysis. The main novel aspect of this proposed effort is to place proxies inside the network architecture, with more direct routes between proxies, in an effort to reduce the overheads of providing anonymity, while likely improving the security of the system. We envision these proxies being attached to routers, in that they will have short, direct links to the routers where end nodes typically are not attached. We now describe some of the challenges that are critical to the design of the anon.next system. Placement of Proxies. Placement of the proxies in the Internet involves choosing logical, rather than physical, locations. The placement, for example could be attached to the edge routers in the network or attached to routers in the core of the network. If we place all the inter-proxy routing intelligence in the proxies themselves, such proxies could sit at the core without requiring extra work from heavily-loaded routers. However, there may be benefits from having the proxies get information from the routers to improve their routing decisions. In this case, it could become quite expensive to place the proxies at core routers. This also affects the number of proxies. As more proxies are added to the system, the amount of mixing between different traffic may be reduced. However, realistic loads may only be handled with many proxies.

4 4 Selection of Proxies on the User s Path. Routing between proxies can take many forms, and there may be a tension between performance and security. Purely random selection of proxies has the best security properties, but can lead to very long paths and may provide little to no benefit over systems like Tor. Using entirely performance-driven selections can lead to selection that only use the nearest proxies, or proxies that split the distance between the end points. These paths may be easier to eavesdrop; selecting paths that avoid reusing the same network service provider or Internet exchange may be critical to privacy [5]. Proxy Discovery. Selecting proxies assumes that the nodes doing selection will know about most of the proxies in the Internet. This leads to a substantial challenging in the secure distribution of proxy information. While complete information about all proxies is more secure, as it can help prevent statistical attacks on path selection, keeping complete and up-to-date information may be prohibitively expensive. We expect that a system based on a combination of extensive local knowledge and less complete knowledge of more distant proxies may be appropriate in this system. Inter-proxy Connection Properties. To best pick paths that provide good performance, particularly without being tricked by attackers, there will need to be a means of testing the connections between proxies. Simple measurements of latency and bandwidth are certainly possible, and we hypothesize that nodes do not have the ability to affect results much except to make them worse than reality. This is unlikely to provide much benefit to the attacker. Against a system such as this, there are a number of attacks that must be considered. Here, we mention a few of the most likely and/or critical: Attacks Based on Latency. Hopper et al. study this possibility extensively on Tor [6]. The main issue is that the set of possible initiators can be greatly reduced by estimating the latency between the initiator and the responder. There are ways to mitigate this attack. First, having a large number of users makes a practical attack difficult, as there will be too many possible initiators even after the attack. Second, we may be able to limit the attacks effectiveness by putting users into latency classes. The client or the first proxy can estimate the round trip time (RTT) to the responder and add small delays to make the average RTT one of a relatively few values. With many users, the number of such values can be large enough to accomodate reasonable variation without high delays. Attacks Based on Biased Path Selection. If we assume that not every proxy can know every other proxy in the system, then the paths could be subject to bias by the attacker providing misinformation. A structured P2P system can be used as to create a secure distributed directory service, as proposed by Nambiar and Wright [7]. In a next-generation anonymity system, we believe that the structure of the directory service must be at least partially associated with the relative network distance between peers. This

5 5 way, peers that are close to each other can be easily substituted in a path without major changes to performance. Creating and evaluating a system design that does this is a major new challenge. Attacks Based on Leaks Due to Path Selection. As pointed out by Mittal and Borisov, using such a system like Salsa can lead to information leaks [8]. We also note that leaks can come from location if paths are chosen using latency as a consideration. The worst case is that these leaks build on each other, so that the combination of attacks is substantially more powerful at identifying the initiator. We will aim in our design to make these leaks substantially overlap, so that the information gained through one type of attack is approximately the same as the information gained from the other. Creating path selection algorithms that meet this goal, and finding ways to evaluate them, will be an important and difficult task. Attacks on Privacy Using Denial of Service. Denial of service attacks can be dangerous to the privacy of users, as shown by Borisov et al. [9]. The main problem in a system like Tor is that an attacker can block some paths in an attempt to get the initiator to use paths controlled by the attacker. As pointed out by Borisov et al., a reputation system could have an effect on such an attack by making denial of service attacks cost the attacker chances to be on a path [9]. Tailoring a reputation system to the proposed scenario and demonstrating its effectiveness are import to protect against this class of attacks, as well as provide useful information for selecting paths in the system. Intersection and Predecessor Attacks. Intersection and predecessor attacks require relatively strong attackers with either a substantial fraction of malicious nodes or a powerful eavesdropper who can see a large fraction of anonymized traffic. Since attacks have been shown to be successful against Tor and AN.ON with weaker attacker models, we believe that a reasonable approach is to focus on these attacks while limiting the ability for the attacker to control nodes and observe traffic. For the latter, we will aim to keep paths diverse and have them pass through multiple Internet Exchanges. 3 Conclusions This paper presents anon.next, a system of anonymizing proxies for the next generation Internet. With ongoing efforts to design and evaluate new Internet architectures, it is an exciting time to investigate novel privacy-preserving infrastructures for these networks. In this paper, we have discussed some of the key challenges around the design of one such infrastructure. There is a tremendous amount of additional work to be done in this area, and we encourage privacy researchers to start thinking more about the design challenges and privacy pitfalls involved in such an undertaking.

6 6 References 1. R. Dingledine, N. Mathewson, P.S.: Tor: The next-generation onion router. In: Proc. 13th USENIX Security Symposium. (Aug. 2004) 2. Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM 24(2) (Feb. 1981) Back, A., Goldberg, I., Shostack, A.: Freedom 2.0 security issues and analysis. Zero-Knowledge Systems, Inc. white paper (Nov. 2000) 4. Levine, B.N., Reiter, M., Wang, C., Wright, M.: Timing analysis in low-latency mix systems. In: Proc. Financial Cryptography (FC). (Feb. 2004) 5. Murdoch, S.J., Zieliński, P.: Sampled traffic analysis by internet-exchange-level adversaries. In: Proceedings of the Seventh Workshop on Privacy Enhancing Technologies (PET 2007). (June 2007) 6. Hopper, N., Vasserman, E.Y., Chan-Tin, E.: How much anonymity does network latency leak? ACM Transactions on Information and System Security (forthcoming 2009) 7. Nambiar, A., Wright, M.: Salsa: a structured approach to large-scale anonymity. In: Proc. ACM Conference on Computer and Communications Security (CCS 06). (Oct. 2006) 8. Mittal, P., Borisov, N.: Information leaks in structured peer-to-peer anonymous communication systems. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS 2008). (October 2008) 9. Borisov, N., Danezis, G., Mittal, P., Tabriz, P.: Denial of service or denial of security? How attacks on reliability can compromise anonymity. In: Proceedings of CCS (October 2007)

Detecting Denial of Service Attacks in Tor

Detecting Denial of Service Attacks in Tor Detecting Denial of Service Attacks in Tor Norman Danner, Danny Krizanc, and Marc Liberatore Department of Mathematics and Computer Science Wesleyan University Middletown, CT 06459 USA Abstract. Tor is

More information

Design Principles for Low Latency Anonymous Network Systems Secure against Timing Attacks

Design Principles for Low Latency Anonymous Network Systems Secure against Timing Attacks Design Principles for Low Latency Anonymous Network Systems Secure against Timing Attacks Rungrat Wiangsripanawan, Willy Susilo and Rei Safavi-Naini Center for Information Security School of Information

More information

Tor Anonymity Network & Traffic Analysis. Presented by Peter Likarish

Tor Anonymity Network & Traffic Analysis. Presented by Peter Likarish Tor Anonymity Network & Traffic Analysis Presented by Peter Likarish This is NOT the presenter s original work. This talk reviews: Tor: The Second Generation Onion Router Dingledine, Mathewson, Syverson

More information

Anonymous Communication in Peer-to-Peer Networks for Providing more Privacy and Security

Anonymous Communication in Peer-to-Peer Networks for Providing more Privacy and Security Anonymous Communication in Peer-to-Peer Networks for Providing more Privacy and Security Ehsan Saboori and Shahriar Mohammadi Abstract One of the most important issues in peer-to-peer networks is anonymity.

More information

A Security Review of an Anonymous Peer-to-Peer File Transfer Protocol

A Security Review of an Anonymous Peer-to-Peer File Transfer Protocol A Security Review of an Anonymous Peer-to-Peer File Transfer Protocol Bryan Lipinski, Patrick MacAlpine [lipinski,patmac]@rice.edu Abstract This paper examines the overall security of AP3 [2] (Anonymous

More information

Analysis of an Anonymity Network for Web Browsing

Analysis of an Anonymity Network for Web Browsing Analysis of an Anonymity Network for Web Browsing Marc Rennhard, Sandro Rafaeli, Laurent Mathy, Bernhard Plattner and David Hutchison Swiss Federal Institute of Technology, Computer Engineering and Networks

More information

TOR (The Onion Router)

TOR (The Onion Router) TOR (The Onion Router) TOR (The Onion Router) is a free software implementation of second generation onion routing a system enabling its users to communicate anonymously on the Internet. Originally sponsored

More information

The dangers of composing anonymous channels

The dangers of composing anonymous channels The dangers of composing anonymous channels George Danezis 1 and Emilia Käsper 2 1 Microsoft Research 2 Google gdane@microsoft.com, ekasper@google.com Abstract. We present traffic analyses of two anonymous

More information

PRIVACY IN VOIP NETWORKS

PRIVACY IN VOIP NETWORKS PRIVACY IN VOIP NETWORKS Anirban Maitra, Arun Kumar, Akshay Kumar Department of Electronics and Communication Engineering, Maharashi Dayanand University, Rohtak Abstract- Peer-to-peer VoIP (voice over

More information

On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records

On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records Sambuddho Chakravarty, Marco V. Barbera 2, Georgios Portokalidis 3, Michalis Polychronakis, and Angelos D. Keromytis

More information

Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks

Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks Claudia Diaz 1, Steven J. Murdoch 2, and Carmela Troncoso 1 1 K.U. Leuven/IBBT, ESAT/SCD-COSIC firstname.lastname@esat.kuleuven.be

More information

Locating Hidden Servers

Locating Hidden Servers Locating Hidden Servers Lasse Øverlier Norwegian Defence Research Establishment and Gjøvik University College lasse.overlier@{ffi,hig}.no Paul Syverson Naval Research Laboratory syverson@itd.nrl.navy.mil

More information

Compromising Anonymity Using Packet Spinning

Compromising Anonymity Using Packet Spinning Compromising Anonymity Using Packet Spinning Vasilis Pappas, Elias Athanasopoulos, Sotiris Ioannidis, and Evangelos P. Markatos Institute of Computer Science (ICS) Foundation for Research & Technology

More information

Using traffic analysis to identify The Second Generation Onion Router

Using traffic analysis to identify The Second Generation Onion Router 2011 Ninth IEEE/IFIP International Conference on Embedded and Ubiquitous Computing Using traffic analysis to identify The Second Generation Onion Router John Barker School of Computer and Security Science

More information

A Catechistic Method for Traffic Pattern Discovery in MANET

A Catechistic Method for Traffic Pattern Discovery in MANET A Catechistic Method for Traffic Pattern Discovery in MANET R. Saranya 1, R. Santhosh 2 1 PG Scholar, Computer Science and Engineering, Karpagam University, Coimbatore. 2 Assistant Professor, Computer

More information

A Tune-up for Tor: Improving Security and Performance in the Tor Network

A Tune-up for Tor: Improving Security and Performance in the Tor Network A Tune-up for Tor: Improving Security and Performance in the Tor Network Robin Snader Department of Computer Science University of Illinois at Urbana Champaign rsnader2@cs.uiuc.edu Nikita Borisov Department

More information

Empirical Tests of Anonymous Voice Over IP

Empirical Tests of Anonymous Voice Over IP Empirical Tests of Anonymous Voice Over IP Marc Liberatore b,, Bikas Gurung a, Brian Neil Levine b, Matthew Wright c, a Qualcomm, Inc. 5775 Morehouse Drive, San Diego, CA 92121 USA b Department of Computer

More information

Active Timing Based Approach for Tracking Anonymous Peer-to-peer Network in VoIP

Active Timing Based Approach for Tracking Anonymous Peer-to-peer Network in VoIP International Journal of Soft Computing and Engineering (IJSCE) Active Timing Based Approach for Tracking Anonymous Peer-to-peer Network in VoIP Karthikeyan.C, Karthikeyan.V, Jerin Sajeev.C.R, Merlin Moses.M

More information

DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR

DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR Journal homepage: www.mjret.in DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR Maharudra V. Phalke, Atul D. Khude,Ganesh T. Bodkhe, Sudam A. Chole Information Technology, PVPIT Bhavdhan Pune,India maharudra90@gmail.com,

More information

PlanetSeer: Internet Path Failure Monitoring and Characterization in Wide-Area Services

PlanetSeer: Internet Path Failure Monitoring and Characterization in Wide-Area Services PlanetSeer: Internet Path Failure Monitoring and Characterization in Wide-Area Services Ming Zhang, Chi Zhang Vivek Pai, Larry Peterson, Randy Wang Princeton University Motivation Routing anomalies are

More information

Privacy Preserving of VoIP against Peer-to-Peer Network Attacks And Defense

Privacy Preserving of VoIP against Peer-to-Peer Network Attacks And Defense Privacy Preserving of VoIP against Peer-to-Peer Network Attacks And Defense K. Bharathkumar 1, R. Premalatha Kanikannan 2, Dr.Rajeswari Mukesh 3,M. Kasiselvi 4,T. Kumanan 5. 1 PG Student, Department of

More information

Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study Using I2P

Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study Using I2P Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study Using I2P Michael Herrmann and Christian Grothoff Technische Universität München, Munich, Germany {herrmann,grothoff}@net.in.tum.de

More information

Performance Comparison of low-latency Anonymisation Services from a User Perspective

Performance Comparison of low-latency Anonymisation Services from a User Perspective Performance Comparison of low-latency Anonymisation Services from a User Perspective Rolf Wendolsky Hannes Federrath Department of Business Informatics University of Regensburg 7th Workshop on Privacy

More information

Passive-Logging Attacks Against Anonymous Communications Systems

Passive-Logging Attacks Against Anonymous Communications Systems Passive-Logging Attacks Against Anonymous Communications Systems MATTHEW K. WRIGHT University of Texas at Arlington and MICAH ADLER and BRIAN NEIL LEVINE University of Massachusetts Amherst and CLAY SHIELDS

More information

Playing Server Hide and Seek. lasse.overlier@ffi.no http://www.syverson.org

Playing Server Hide and Seek. lasse.overlier@ffi.no http://www.syverson.org Playing Server Hide and Seek Lasse Øverlier Norwegian Defence Research Establishment Paul Syverson Naval Research Laboratory lasse.overlier@ffi.no http://www.syverson.org Location Hidden Servers Alice

More information

International Journal of Advanced Research in Computer Science and Software Engineering

International Journal of Advanced Research in Computer Science and Software Engineering Volume 2, Issue 9, September 2012 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Experimental

More information

Denial of Service Attacks and Resilient Overlay Networks

Denial of Service Attacks and Resilient Overlay Networks Denial of Service Attacks and Resilient Overlay Networks Angelos D. Keromytis Network Security Lab Computer Science Department, Columbia University Motivation: Network Service Availability Motivation:

More information

Passive-Logging Attacks Against Anonymous Communications Systems

Passive-Logging Attacks Against Anonymous Communications Systems Passive-Logging Attacks Against Anonymous Communications Systems MATTHEW K. WRIGHT University of Texas at Arlington MICAH ADLER and BRIAN NEIL LEVINE University of Massachusetts Amherst and CLAY SHIELDS

More information

Security Scheme for Distributed DoS in Mobile Ad Hoc Networks

Security Scheme for Distributed DoS in Mobile Ad Hoc Networks Security Scheme for Distributed DoS in Mobile Ad Hoc Networks Sugata Sanyal 1, Ajith Abraham 2, Dhaval Gada 3, Rajat Gogri 3, Punit Rathod 3, Zalak Dedhia 3 and Nirali Mody 3 1 School of Technology and

More information

CHAPTER 6 SECURE PACKET TRANSMISSION IN WIRELESS SENSOR NETWORKS USING DYNAMIC ROUTING TECHNIQUES

CHAPTER 6 SECURE PACKET TRANSMISSION IN WIRELESS SENSOR NETWORKS USING DYNAMIC ROUTING TECHNIQUES CHAPTER 6 SECURE PACKET TRANSMISSION IN WIRELESS SENSOR NETWORKS USING DYNAMIC ROUTING TECHNIQUES 6.1 Introduction The process of dispersive routing provides the required distribution of packets rather

More information

Traceroute-Based Topology Inference without Network Coordinate Estimation

Traceroute-Based Topology Inference without Network Coordinate Estimation Traceroute-Based Topology Inference without Network Coordinate Estimation Xing Jin, Wanqing Tu Department of Computer Science and Engineering The Hong Kong University of Science and Technology Clear Water

More information

Recent Attacks On Tor

Recent Attacks On Tor Recent Attacks On Tor Juha Salo Aalto University juha.salo@aalto.fi Abstract Tor is an anonymous communication network [3]. If more users are becoming interested in their privacy, the need for such anonymous

More information

Monitoring the I2P network

Monitoring the I2P network Monitoring the I2P network Juan Pablo Timpanaro, Isabelle Chrisment*, Olivier Festor INRIA Nancy-Grand Est, France *LORIA - ESIAL, Henri Poincaré University, Nancy 1, France Abstract. We present the first

More information

HPAM: Hybrid Protocol for Application Level Multicast. Yeo Chai Kiat

HPAM: Hybrid Protocol for Application Level Multicast. Yeo Chai Kiat HPAM: Hybrid Protocol for Application Level Multicast Yeo Chai Kiat Scope 1. Introduction 2. Hybrid Protocol for Application Level Multicast (HPAM) 3. Features of HPAM 4. Conclusion 1. Introduction Video

More information

AN EFFICIENT POINT TO POINT COMMUNICATION PROTOCOL FOR MOBILE CLOUD COMPUTING

AN EFFICIENT POINT TO POINT COMMUNICATION PROTOCOL FOR MOBILE CLOUD COMPUTING AN EFFICIENT POINT TO POINT COMMUNICATION PROTOCOL FOR MOBILE CLOUD COMPUTING Lavanya P J 1, Suresh P 2 1 PG Student, Dept of CSE, Sri Venkateshwara College of Engineering, lavanyachetana@gmail.com 2 Assistant

More information

Shining Light in Dark Places: Understanding the Tor Network

Shining Light in Dark Places: Understanding the Tor Network Shining Light in Dark Places: Understanding the Tor Network Damon McCoy 1, Kevin Bauer 1, Dirk Grunwald 1, Tadayoshi Kohno 2, and Douglas Sicker 1 1 Department of Computer Science, University of Colorado,

More information

A Topology-Aware Relay Lookup Scheme for P2P VoIP System

A Topology-Aware Relay Lookup Scheme for P2P VoIP System Int. J. Communications, Network and System Sciences, 2010, 3, 119-125 doi:10.4236/ijcns.2010.32018 Published Online February 2010 (http://www.scirp.org/journal/ijcns/). A Topology-Aware Relay Lookup Scheme

More information

WAN Optimization Integrated with Cisco Branch Office Routers Improves Application Performance and Lowers TCO

WAN Optimization Integrated with Cisco Branch Office Routers Improves Application Performance and Lowers TCO WAN Optimization Integrated with Cisco Branch Office Routers Improves Application Performance and Lowers TCO The number of branch-office work sites is increasing, so network administrators need tools to

More information

Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study using I2P

Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study using I2P Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study using I2P Michael Herrmann and Christian Grothoff Technische Universität München, Munich, Germany {herrmann,grothoff@net.in.tum.de

More information

SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET

SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET MR. ARVIND P. PANDE 1, PROF. UTTAM A. PATIL 2, PROF. B.S PATIL 3 Dept. Of Electronics Textile and Engineering

More information

A Case Study on Measuring Statistical Data in the Tor Anonymity Network

A Case Study on Measuring Statistical Data in the Tor Anonymity Network A Case Study on Measuring Statistical Data in the Tor Anonymity Network Karsten Loesing 1,StevenJ.Murdoch 1,2, and Roger Dingledine 1 1 The Tor Project 2 Computer Laboratory, University of Cambridge, UK

More information

Managing Incompleteness, Complexity and Scale in Big Data

Managing Incompleteness, Complexity and Scale in Big Data Managing Incompleteness, Complexity and Scale in Big Data Nick Duffield Electrical and Computer Engineering Texas A&M University http://nickduffield.net/work Three Challenges for Big Data Complexity Problem:

More information

Defending Against Traffic Analysis Attacks with Link Padding for Bursty Traffics

Defending Against Traffic Analysis Attacks with Link Padding for Bursty Traffics Proceedings of the 4 IEEE United States Military Academy, West Point, NY - June Defending Against Traffic Analysis Attacks with Link Padding for Bursty Traffics Wei Yan, Student Member, IEEE, and Edwin

More information

Using Dust Clouds to Enhance Anonymous Communication

Using Dust Clouds to Enhance Anonymous Communication Using Dust Clouds to Enhance Anonymous Communication Richard Mortier 1, Anil Madhavapeddy 2, Theodore Hong 2, Derek Murray 2, and Malte Schwarzkopf 2 1 Horizon Digital Economy Research Sir Colin Campbell

More information

Rome: Performance and Anonymity using Route Meshes

Rome: Performance and Anonymity using Route Meshes Rome: Performance and Anonymity using Route Meshes Krishna P. N. Puttaswamy, Alessandra Sala, Omer Egecioglu, and Ben Y. Zhao Computer Science Department, University of California at Santa Barbara {krishnap,

More information

Network Architecture and Topology

Network Architecture and Topology 1. Introduction 2. Fundamentals and design principles 3. Network architecture and topology 4. Network control and signalling 5. Network components 5.1 links 5.2 switches and routers 6. End systems 7. End-to-end

More information

Performance of networks containing both MaxNet and SumNet links

Performance of networks containing both MaxNet and SumNet links Performance of networks containing both MaxNet and SumNet links Lachlan L. H. Andrew and Bartek P. Wydrowski Abstract Both MaxNet and SumNet are distributed congestion control architectures suitable for

More information

(MPLS) MultiProtocol Labling Switching. Software Engineering 4C03 Computer Network & Computer Security Dr. Kartik Krishnan Winter 2004.

(MPLS) MultiProtocol Labling Switching. Software Engineering 4C03 Computer Network & Computer Security Dr. Kartik Krishnan Winter 2004. (MPLS) MultiProtocol Labling Switching Software Engineering 4C03 Computer Network & Computer Security Dr. Kartik Krishnan Winter 2004 Final Copy Researcher: Paul Chan Student ID: 9914759 Last Revised:

More information

Metrics for Security and Performance in Low-Latency Anonymity Systems

Metrics for Security and Performance in Low-Latency Anonymity Systems Metrics for Security and Performance in Low-Latency Anonymity Systems Steven J. Murdoch and Robert N. M. Watson Computer Laboratory, University of Cambridge, UK http://www.cl.cam.ac.uk/users/{sjm217,rnw24}

More information

ssumathy@vit.ac.in upendra_mcs2@yahoo.com

ssumathy@vit.ac.in upendra_mcs2@yahoo.com S. Sumathy 1 and B.Upendra Kumar 2 1 School of Computing Sciences, VIT University, Vellore-632 014, Tamilnadu, India ssumathy@vit.ac.in 2 School of Computing Sciences, VIT University, Vellore-632 014,

More information

AKAMAI WHITE PAPER. Delivering Dynamic Web Content in Cloud Computing Applications: HTTP resource download performance modelling

AKAMAI WHITE PAPER. Delivering Dynamic Web Content in Cloud Computing Applications: HTTP resource download performance modelling AKAMAI WHITE PAPER Delivering Dynamic Web Content in Cloud Computing Applications: HTTP resource download performance modelling Delivering Dynamic Web Content in Cloud Computing Applications 1 Overview

More information

Chapter 4. VoIP Metric based Traffic Engineering to Support the Service Quality over the Internet (Inter-domain IP network)

Chapter 4. VoIP Metric based Traffic Engineering to Support the Service Quality over the Internet (Inter-domain IP network) Chapter 4 VoIP Metric based Traffic Engineering to Support the Service Quality over the Internet (Inter-domain IP network) 4.1 Introduction Traffic Engineering can be defined as a task of mapping traffic

More information

TCP over Multi-hop Wireless Networks * Overview of Transmission Control Protocol / Internet Protocol (TCP/IP) Internet Protocol (IP)

TCP over Multi-hop Wireless Networks * Overview of Transmission Control Protocol / Internet Protocol (TCP/IP) Internet Protocol (IP) TCP over Multi-hop Wireless Networks * Overview of Transmission Control Protocol / Internet Protocol (TCP/IP) *Slides adapted from a talk given by Nitin Vaidya. Wireless Computing and Network Systems Page

More information

Security and Privacy Issues in Wireless Ad Hoc, Mesh, and Sensor Networks

Security and Privacy Issues in Wireless Ad Hoc, Mesh, and Sensor Networks Advance in Electronic and Electric Engineering. ISSN 2231-1297, Volume 4, Number 4 (2014), pp. 381-388 Research India Publications http://www.ripublication.com/aeee.htm Security and Privacy Issues in Wireless

More information

Routing in packet-switching networks

Routing in packet-switching networks Routing in packet-switching networks Circuit switching vs. Packet switching Most of WANs based on circuit or packet switching Circuit switching designed for voice Resources dedicated to a particular call

More information

Student, Haryana Engineering College, Haryana, India 2 H.O.D (CSE), Haryana Engineering College, Haryana, India

Student, Haryana Engineering College, Haryana, India 2 H.O.D (CSE), Haryana Engineering College, Haryana, India Volume 5, Issue 6, June 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com A New Protocol

More information

Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study using I2P

Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study using I2P Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study using I2P Michael Herrmann and Christian Grothoff Technische Universität München, Munich, Germany {herrmann,grothoff@net.in.tum.de

More information

Dovetail: Stronger Anonymity in Next-Generation Internet Routing

Dovetail: Stronger Anonymity in Next-Generation Internet Routing Dovetail: Stronger Anonymity in Next-Generation Internet Routing Jody Sankey and Matthew Wright University of Texas at Arlington jody@jsankey.com, mwright@uta.edu Abstract. Given current research initiatives

More information

Hyper Node Torus: A New Interconnection Network for High Speed Packet Processors

Hyper Node Torus: A New Interconnection Network for High Speed Packet Processors 2011 International Symposium on Computer Networks and Distributed Systems (CNDS), February 23-24, 2011 Hyper Node Torus: A New Interconnection Network for High Speed Packet Processors Atefeh Khosravi,

More information

Traffic Analysis Attacks and Defenses in Low Latency Anonymous Communication. Sambuddho Chakravarty

Traffic Analysis Attacks and Defenses in Low Latency Anonymous Communication. Sambuddho Chakravarty Traffic Analysis Attacks and Defenses in Low Latency Anonymous Communication Sambuddho Chakravarty Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Graduate

More information

Lecture Objectives. Lecture 07 Mobile Networks: TCP in Wireless Networks. Agenda. TCP Flow Control. Flow Control Can Limit Throughput (1)

Lecture Objectives. Lecture 07 Mobile Networks: TCP in Wireless Networks. Agenda. TCP Flow Control. Flow Control Can Limit Throughput (1) Lecture Objectives Wireless and Mobile Systems Design Lecture 07 Mobile Networks: TCP in Wireless Networks Describe TCP s flow control mechanism Describe operation of TCP Reno and TCP Vegas, including

More information

Simulating a File-Sharing P2P Network

Simulating a File-Sharing P2P Network Simulating a File-Sharing P2P Network Mario T. Schlosser, Tyson E. Condie, and Sepandar D. Kamvar Department of Computer Science Stanford University, Stanford, CA 94305, USA Abstract. Assessing the performance

More information

Examining Proxies to Mitigate Pervasive Surveillance

Examining Proxies to Mitigate Pervasive Surveillance Examining Proxies to Mitigate Pervasive Surveillance Eliot Lear Barbara Fraser Abstract The notion of pervasive surveillance assumes that it is possible for an attacker to have access to all links and

More information

Towards Efficient Traffic-analysis Resistant Anonymity Networks

Towards Efficient Traffic-analysis Resistant Anonymity Networks Towards Efficient Traffic-analysis Resistant Anonymity Networks Stevens Le Blond 1 David Choffnes 2 Wenxuan Zhou 3 Peter Druschel 1 Hitesh Ballani 4 Paul Francis 1 1 MPI-SWS 2 Univ. of Washington/ 3 UIUC

More information

Hybrid Overlay Multicast Framework draft-irtf-sam-hybrid-overlay-framework-01.txt. John Buford, Avaya Labs Research

Hybrid Overlay Multicast Framework draft-irtf-sam-hybrid-overlay-framework-01.txt. John Buford, Avaya Labs Research Hybrid Overlay Multicast Framework draft-irtf-sam-hybrid-overlay-framework-01.txt John Buford, Avaya Labs Research Topics SAM Charter Recap and Problem Statement AMT(Automatic Multicast Tunneling) Overview

More information

CHAPTER 6. VOICE COMMUNICATION OVER HYBRID MANETs

CHAPTER 6. VOICE COMMUNICATION OVER HYBRID MANETs CHAPTER 6 VOICE COMMUNICATION OVER HYBRID MANETs Multimedia real-time session services such as voice and videoconferencing with Quality of Service support is challenging task on Mobile Ad hoc Network (MANETs).

More information

MOR: Monitoring and Measurements through the Onion Router

MOR: Monitoring and Measurements through the Onion Router MOR: Monitoring and Measurements through the Onion Router Demetris Antoniades 1, Evangelos P. Markatos 1, and Constantine Dovrolis 2 1 Institute of Computer Science Foundation for Research & Technology

More information

International Journal of Advanced Research in Computer Science and Software Engineering

International Journal of Advanced Research in Computer Science and Software Engineering Volume 3, Issue 1, January 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Analysis of

More information

(Un)Suitability of Anonymous Communication Systems to WSN

(Un)Suitability of Anonymous Communication Systems to WSN R. Rios, and J. Lopez, (Un)Suitability of Anonymous Communication Systems to WSN, IEEE Systems Journal, vol. 7, pp. 298-310, 2013. http://doi.org/10.1109/jsyst.2012.2221956 NICS Lab. Publications: https://www.nics.uma.es/publications

More information

Improving the Performance of TCP Using Window Adjustment Procedure and Bandwidth Estimation

Improving the Performance of TCP Using Window Adjustment Procedure and Bandwidth Estimation Improving the Performance of TCP Using Window Adjustment Procedure and Bandwidth Estimation R.Navaneethakrishnan Assistant Professor (SG) Bharathiyar College of Engineering and Technology, Karaikal, India.

More information

QoS issues in Voice over IP

QoS issues in Voice over IP COMP9333 Advance Computer Networks Mini Conference QoS issues in Voice over IP Student ID: 3058224 Student ID: 3043237 Student ID: 3036281 Student ID: 3025715 QoS issues in Voice over IP Abstract: This

More information

I2P - The Invisible Internet Project

I2P - The Invisible Internet Project Felipe Astolfi fastolfi@gmail.com I2P - The Invisible Internet Project Jelger Kroese jelgerkroese@gmail.com Jeroen van Oorschot post@jeroenvanoorschot.nl ABSTRACT I2P is an open source Internet technology

More information

A Privacy Preserving of Composite Private/Public Key in Cloud Servers

A Privacy Preserving of Composite Private/Public Key in Cloud Servers A Privacy Preserving of Composite Private/Public Key in Cloud Servers O Sri Nagesh PhD Scholar, Department of CSE, Lingaya s University, Faridabad ABSTRACT Security is a term used to provide secrecy of

More information

Packet Level Authentication Overview

Packet Level Authentication Overview Packet Level Authentication Overview Dmitrij Lagutin, Dmitrij.Lagutin@hiit.fi Helsinki Institute for Information Technology HIIT Aalto University School of Science and Technology Contents Introduction

More information

Catch Me If You Can: A Practical Framework to Evade Censorship in Information-Centric Networks

Catch Me If You Can: A Practical Framework to Evade Censorship in Information-Centric Networks Catch Me If You Can: A Practical Framework to Evade Censorship in Information-Centric Networks Reza Tourani, Satyajayant (Jay) Misra, Joerg Kliewer, Scott Ortegel, Travis Mick Computer Science Department

More information

Improving Effective WAN Throughput for Large Data Flows By Peter Sevcik and Rebecca Wetzel November 2008

Improving Effective WAN Throughput for Large Data Flows By Peter Sevcik and Rebecca Wetzel November 2008 Improving Effective WAN Throughput for Large Data Flows By Peter Sevcik and Rebecca Wetzel November 2008 When you buy a broadband Wide Area Network (WAN) you want to put the entire bandwidth capacity to

More information

Network Security Workshop

Network Security Workshop Network Security Workshop Threat Pragmatics Fakrul (Pappu) Alam bdhub Limited fakrul@bdhub.com Targets Many sorts of targets: Network infrastructure Network services Application services User machines

More information

Quality of Service and Denial of Service

Quality of Service and Denial of Service Quality of Service and Denial of Service Stanislav Shalunov, Benjamin Teitelbaum ACM SIGCOMM RIPQOS Workshop, Karlsruhe, Germany, 2003-08-27 QoS Congestion Regulator Many factors might affect outcome of

More information

The Disadvantages of Free MIX Routes and How to Overcome Them

The Disadvantages of Free MIX Routes and How to Overcome Them The Disadvantages of Free MIX Routes and How to Overcome Them Oliver Berthold 1, Andreas Pfitzmann 1, and Ronny Standtke 2 1 Dresden University of Technology, Germany {ob2,pfitza}@inf.tu-dresden.de 2 Secunet,

More information

Distributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015

Distributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015 Distributed Systems 23. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2015 November 17, 2015 2014-2015 Paul Krzyzanowski 1 Motivation Serving web content from one location presents

More information

The Quality of Internet Service: AT&T s Global IP Network Performance Measurements

The Quality of Internet Service: AT&T s Global IP Network Performance Measurements The Quality of Internet Service: AT&T s Global IP Network Performance Measurements In today's economy, corporations need to make the most of opportunities made possible by the Internet, while managing

More information

Denial of Service or Denial of Security?

Denial of Service or Denial of Security? Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity ABSTRACT Nikita Borisov University of Illinois at Urbana-Champaign 1308 West Main St. Urbana, IL 61801 nikita@uiuc.edu

More information

Traffic Analysis. Scott E. Coull RedJack, LLC. Silver Spring, MD USA. Side-channel attack, information theory, cryptanalysis, covert channel analysis

Traffic Analysis. Scott E. Coull RedJack, LLC. Silver Spring, MD USA. Side-channel attack, information theory, cryptanalysis, covert channel analysis Traffic Analysis Scott E. Coull RedJack, LLC. Silver Spring, MD USA Related Concepts and Keywords Side-channel attack, information theory, cryptanalysis, covert channel analysis Definition Traffic analysis

More information

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal 1 Femi Olumofin 2 Carmela Troncoso 3 Nikita Borisov 1 Ian Goldberg 2 1 University of Illinois at Urbana-Champaign

More information

Eluding Carnivores: File Sharing with Strong Anonymity

Eluding Carnivores: File Sharing with Strong Anonymity Eluding Carnivores: File Sharing with Strong Anonymity Emin Gün Sirer, Sharad Goel, Mark Robson, Doǧan Engin Dept. of Computer Science, Cornell University August 1, 2004 Abstract Anonymity is increasingly

More information

Bit Chat: A Peer-to-Peer Instant Messenger

Bit Chat: A Peer-to-Peer Instant Messenger Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one

More information

A Tool for Evaluation and Optimization of Web Application Performance

A Tool for Evaluation and Optimization of Web Application Performance A Tool for Evaluation and Optimization of Web Application Performance Tomáš Černý 1 cernyto3@fel.cvut.cz Michael J. Donahoo 2 jeff_donahoo@baylor.edu Abstract: One of the main goals of web application

More information

The Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet

The Coremelt Attack. Ahren Studer and Adrian Perrig. We ve Come to Rely on the Internet The Coremelt Attack Ahren Studer and Adrian Perrig 1 We ve Come to Rely on the Internet Critical for businesses Up to date market information for trading Access to online stores One minute down time =

More information

International Journal of Scientific & Engineering Research, Volume 4, Issue 11, November-2013 349 ISSN 2229-5518

International Journal of Scientific & Engineering Research, Volume 4, Issue 11, November-2013 349 ISSN 2229-5518 International Journal of Scientific & Engineering Research, Volume 4, Issue 11, November-2013 349 Load Balancing Heterogeneous Request in DHT-based P2P Systems Mrs. Yogita A. Dalvi Dr. R. Shankar Mr. Atesh

More information

III. Our Proposal ASOP ROUTING ALGORITHM. A.Position Management

III. Our Proposal ASOP ROUTING ALGORITHM. A.Position Management Secured On-Demand Position Based Private Routing Protocol for Ad-Hoc Networks Ramya.R, Shobana.K, Thangam.V.S ramya_88@yahoo.com, k shobsi@yahoo.co.in,thangam_85@yahoo.com Department of Computer Science,

More information

DoS: Attack and Defense

DoS: Attack and Defense DoS: Attack and Defense Vincent Tai Sayantan Sengupta COEN 233 Term Project Prof. M. Wang 1 Table of Contents 1. Introduction 4 1.1. Objective 1.2. Problem 1.3. Relation to the class 1.4. Other approaches

More information

Practical Traffic Analysis: Extending and Resisting Statistical Disclosure

Practical Traffic Analysis: Extending and Resisting Statistical Disclosure Practical Traffic Analysis: Extending and Resisting Statistical Disclosure Nick Mathewson and Roger Dingledine The Free Haven Project {nickm,arma}@freehaven.net Abstract. We extend earlier research on

More information

A Survey on Tor and I2P

A Survey on Tor and I2P A Survey on Tor and I2P Bernd Conrad and Fatemeh Shirazi Department of Computer Science, TU Darmstadt Darmstadt, Germany Email: {bconrad,fshirazi}@cdc.informatik.tu-darmstadt.de Abstract This paper gives

More information

CHAPTER 1 INTRODUCTION

CHAPTER 1 INTRODUCTION CHAPTER 1 INTRODUCTION 1.0 Introduction Voice over Internet Protocol (VoIP) is the most popular in telecommunication technology. Nowadays, three million users use VoIP. It is estimated that the number

More information

Network Management, Performance Characteristics, and Commercial Terms Policy. (1) mispot's Terms of Service (TOS), viewable at mispot.net.

Network Management, Performance Characteristics, and Commercial Terms Policy. (1) mispot's Terms of Service (TOS), viewable at mispot.net. Network Management, Performance Characteristics, and Commercial Terms Policy Consistent with FCC regulations 1, Agri-Valley Broadband, Inc., d/b/a mispot (mispot) provides this information about our broadband

More information

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method. A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money

More information

White Paper. avaya.com 1. Table of Contents. Starting Points

White Paper. avaya.com 1. Table of Contents. Starting Points White Paper Session Initiation Protocol Trunking - enabling new collaboration and helping keep the network safe with an Enterprise Session Border Controller Table of Contents Executive Summary...1 Starting

More information

CHAPTER 1 INTRODUCTION

CHAPTER 1 INTRODUCTION 21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless

More information

Security issues in Voice over IP: A Review

Security issues in Voice over IP: A Review www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 3 Issue 2 February, 2014 Page No. 3879-3883 Security issues in Voice over IP: A Review Rajni a, Preeti a, Ritu

More information

An Active Packet can be classified as

An Active Packet can be classified as Mobile Agents for Active Network Management By Rumeel Kazi and Patricia Morreale Stevens Institute of Technology Contact: rkazi,pat@ati.stevens-tech.edu Abstract-Traditionally, network management systems

More information