Transcript slides
MuON:
Epidemic Based Mutual Anonymity
Neelesh Bansod, Ashish Malgi, Byung Choi
and Jean Mayo
Introduction: P2P Networks
Peer to peer networks
Peers cooperate to achieve each others goals
Peers contribute and share resources
Focus on unstructured P2P networks
Completely distributed
Introduction: P2P Networks
Characteristics of P2P networks
Large sizes
Untrusted participants
End-hosts cannot be trusted
Churn
Continual changes in system membership/topology
Rate of change (churn) varies with applications
Challenges for anonymous communication
Latency, reliability, resource consumption and anonymity
need to scale with increasing churn and size.
Anonymity
Anonymity
Identities on Internet are not hidden
Hide the participant identities and communication
Type of anonymity guarantees
Initiator anonymity
Responder anonymity
Mutual anonymity
Anonymity Approaches
Anonymity by random path forwarding
I
A
B
C
D
R
Message loss
Current node leaves the network
Increasing churn causes increasing losses
Anonymity Approaches
Anonymity by creating routes
I
A
B
C
D
R
Creates anonymous routing to forward messages
Node on path leaves the network
Anonymous path breaks
Path needs to be detected and reconstructed
Increasing churn causes increasing losses
Anonymity Approaches
Anonymity by group communication
I
D
A
C
B
R
Suitable for networks with churn
Needs multicasting primitive
Scalable, reliable and bounded latency
Large groups
high overhead
high anonymity
MuON: Basic idea
Public key is used to identify recipient
Small header created for each message
Header is encrypted using public key of recipient
Message and header have suitable encryption,
checksums and nonce for confidentiality and integrity
Non-encrypted field in header called owner
IP of node (or owner) with message
MuON: Basic idea
Header is multicast to all members
Use an epidemic protocol for multicasting
Reliable delivery to all members
Bounded latency in large groups
Larger message sent to subgroup
Dynamically created subgroups
For a given header, a peer pulls the corresponding
message from the owner with probability Pinter
intermediate probability
Node becomes the new owner
If a node can decrypt the header, it pulls the message
Reliable delivery at recipient
MuON: Basic idea
B
R
A
HDR_X
HDR_X
X
C
MuON: Basic idea
B
R
A
X
HDR_X
HDR_X
C
MuON: Basic idea
B
R
A
HDR_A
HDR_A
HDR_X
X
HDR_X
C
MuON: Basic idea
B
R
HDR_X
HDR_A
A
HDR_A
HDR_C
X
C
HDR_C
MuON: Basic idea
HDR_B
HDR_B
B
R
HDR_B
A
HDR_X
HDR_X
HDR_C
X
C
MuON: Basic idea
B
R
HDR_C
HDR_A
A
X
C
HDR_B
MuON: Reliability
MuON: Latency
MuON: Bandwidth consumption
MuON: Anonymity
Pinter= 0.1
Pinter= 0.5
Pinter= 0.3
Pinter= 0.8
Conclusion
Churn in P2P provides interesting challenges
Epidemic protocols provide a solution
MuON provides reliable anonymous
communication with interesting properties
Future work
Further improve anonymity of MuON
Cannot withstand global adversary
Investigate use in different applications like
service availability
MuON: Message format
Sending message from I to S
MSG={r1, id, data}ksession
Profile (hdr)={r1, ksession, kI+,{H(D)} kI-} kS+
Data encrypted with ksession for confidentiality
Contains nonce r1 and identifier for integrity
D={r1, ksession, kI+,MSG}
Message identifier is H(hdr)
Anonymity Guarantees
Local eavesdropper
Withstands attack
Collusion attack
Withstands unless all nodes
are malicious
Withstands unless global
adversary
Withstands unless global
adversary
Withstands attack
Timing attack
Traceback attack
Predecessor attack
Intersection attack
Message volume attack
Withstands unless global
adversary
Withstands unless global
adversary
Simulation Model of P2P
r: Single run of protocol (150 above)
d: Network churn
Average session time: 1 + 10(1-d) (r -1)
Reliability
Reliability
Latency
Latency
Header overhead
Header overhead
Data overhead
Data overhead