[ Pobierz całość w formacie PDF ]
the number of potential source-destination pairs associated
with an observed connection, to be the product of the source
and destination anonymity set sizes. Figure 11 presents
the distribution of these three properties at a series of key
locations along the path, and Figure 12 presents the cost
distribution, with the cost of shortest path routing included
for comparison with IP and LAP.
Each successive step adds ambiguity to the source iden-
tity. At the dovetail AS, source anonymity is approximately
equal to network size in 80% of cases. Destination identity
is known at the dovetail and all subsequent locations, but
locations prior to the dovetail are unable to calculate a
meaningful destination identity. No location except the
source is able to clearly link source and destination. The
AS immediately preceding the dovetail is most likely to
be duplicated in head and tail segments, being adjacent to
an AS that is always present in both. As illustrated by the
destination anonymity for “Before Dovetail”, this occurred
in 5% of our experiments. The dovetail may partially
calculate source identity in around 20% of cases, but this is
limited to around one thousand possible source ISPs, each
containing many users. Figure 12 shows that a Dovetail
path passes through approximately 2.5 times more ASes
than the shortest path routing used in the current Internet.
This is a modest penalty when compared to the prevailing
option for anonymity today; an anonymous circuit in Tor
typically passes through three relays for a total of four IP
paths, including six more last-mile connections than a direct
path, and incurs additional processing and queuing delays
at each relay.
3. We plan in future work to develop a heuristic to select dovetail
vnodes with a lower probability of reuse.
Figure 12. Cost distribution for complete path
6.4. Resource Utilization
Rather than proposing a near-term solution, we aim to
show that privacy is a feasible feature to include in future
routing protocol designs. Nevertheless, we now briefly
consider a variety of resource requirements to demonstrate
that implementation would be feasible.
Host memory utilization. Each Dovetail host must main-
tain a model of the Internet to generate routes. In the 2012
dataset we use there are 252,666 visible pathlets, of which
an average of 22% are known, requiring 680kB.
Router memory utilization. A Dovetail forwarding table
scales with the number of local peers and not the total
number of Internet prefixes as with BGP. All forwarding
information is carried by the packet itself, and so a router
need not store any information per connection.
Router latency. The only cryptographic operation re-
quired to forward a data packet is a symmetric decryption
of one word. This is the same task performed by LAP;
Hsiao et al. measure an additional latency of under one
microsecond in a software-based implementation of their
system [18].
Transmission efficiency. A Dovetail packet must specify
a complete path rather than only an endpoint, potentially
leading to large headers and low efficiency. The average
header length in our experiments is 92 bytes. Given an
MTU of 1500 bytes, this represents a 3.5% reduction in
payload compared to IPv6. LAP would require a 60 byte
header.
7. Conclusion
In this paper we presented Dovetail, a next-generation
Internet routing protocol, and have demonstrated that it
provides a workable solution for anonymity at the network
1 . 0
0 . 8
0 . 6
Fraction
0 . 4
Cumulative
0 . 2
S h o r t e s t p a t h
D o v e t a i l
0 . 0
5
1 0
1 5
2 0
P a t h C o s t
[11] B. Bhattacharjee, K. Calvert, J. Griffioen, N. Spring, and
J. P. Sterbenz, “Postmodern internetwork architecture,” NSF
Nets FIND Initiative, 2006.
[12] P. B. Godfrey, I. Ganichev, S. Shenker, and I. Stoica, “Pathlet
routing,” in ACM SIGCOMM, 2009.
[13] D. Farinacci, D. Lewis, D. Meyer, and V. Fuller, “The
locator/ID separation protocol (LISP),” RFC 6830, 2013.
[Online]. Available: http://tools.ietf.org/html/rfc6830
[14] X. Yang and D. Wetherall, “Source selectable path diversity
via routing deflections,” ACM SIGCOMM Computer Com-
munication Review, 2006.
[15] X. Yang, “NIRA: A new internet routing architecture,” in
ACM SIGCOMM FDNA, 2003.
[16] X. Zhang, H.-C. Hsiao, G. Hasker, H. Chan, A. Perrig, and
D. G. Andersen, “SCION: Scalability, control, and isolation
on next-generation networks,” in IEEE S&P, 2011.
[17] A. Falk, “GENI at a glance,” http://www.geni.net/wp-
content/uploads/2011/06/GENI-at-a-Glance-1Jun2011.pdf,
2011.
[18] H.-C. Hsiao, T.-J. Kim, A. Perrig, A. Yamada, S. C. Nelson,
M. Gruteser, and W. Meng, “LAP: Lightweight anonymity
and privacy,” in IEEE S&P, 2012.
[19] A. Pfitzmann and M. Hansen, “A terminology for talk-
ing about privacy by data minimization,” http://dud.inf.
tu-dresden.de/literatur/Anon Terminology v0.34.pdf, 2010,
v0.34.
[20] C. Kaufman, P. Hoffman, Y. Nir, and P. Eronen, “Internet
Key Exchange Protocol Version 2 (IKEv2),” RFC 5996
(Proposed Standard), Internet Engineering Task Force, Sep.
2010, updated by RFCs 5998, 6989. [Online]. Available:
http://www.ietf.org/rfc/rfc5996.txt
[21] P. Eckersley, “How unique is your web browser?” in PETS,
2010.
[22] A. Soltani, S. Canty, Q. Mayo, L. Thomas, and C. J.
Hoofnagle, “Flash cookies and privacy,” in SSRN eLibrary,
2009.
[23] A. Acquisti, R. Dingledine, and P. Syverson, “On the eco-
nomics of anonymity,” in FC, 2003.
[24] R. Dingledine and S. J. Murdoch, “Performance improve-
ments on Tor or, why Tor is slow and what we’re going to
do about it,” http://www.torproject.org/press/presskit/2009-
03-11-performance.pdf, 2009.
[25] R. Jansen, A. Johnson, and P. Syverson, “LIRA: Lightweight
Incentivized Routing for Anonymity,” in NDSS, 2013.
[26] M. Dischinger, A. Haeberlen, K. P. Gummadi, and S. Saroiu,
“Characterizing residential broadband networks,” in ACM
SIGCOMM IMC, 2007.
[27] B. N. Levine, M. K. Reiter, C. Wang, and M. Wright, “Tim-
ing attacks in low-latency mix systems,” in Proc. Financial
Cryptography, 2004, pp. 251–265.
[28] A. Houmansadr, N. Kiyavash, and N. Borisov, “RAINBOW:
A robust and invisible non-blind watermark for network
flows,” in NDSS, 2009.
[29] S. Chen, X. Wang, and S. Jajodia, “On the anonymity
and traceability of peer-to-peer voip calls,” Network, IEEE,
vol. 20, no. 5, pp. 32–37, 2006.
[30] J. Reimer, “Your ISP may be selling your web clicks,”
http://arstechnica.com/tech-policy/2007/03/your-isp-may-
be-selling-your-web-clicks/, 2007.
[ Pobierz całość w formacie PDF ]