Skip to main content
QUICK REVIEW

[论文解读] PriFi: A Low-Latency Local-Area Anonymous Communication Network.

Ludovic Barman, Italo Dacosta|arXiv (Cornell University)|Oct 27, 2017
Internet Traffic Analysis and Secure E-voting参考文献 24被引用 7
一句话总结

PriFi 是一种用于局域网的低延迟、流量无关的匿名通信协议,通过基于三层次架构的 Dining Cryptographers 网络实现,消除了引入延迟的跳变,从而实现了对流量分析攻击的可证明抵抗能力。它还引入了一种新颖的、低开销机制来防止等价性攻击(equivocation attacks),并配备了一套检测与追责系统以应对干扰(jamming)攻击。评估结果显示,50 个客户端仅带来 70ms 的额外开销,且与对延迟敏感的应用(如 VoIP)兼容。

ABSTRACT

Popular anonymity protocols such as Tor provide low communication latency but are vulnerable to traffic-analysis attacks that can de-anonymize users. Traffic-analysis resistant protocols typically do not achieve low-latency communication (e.g., Dissent, Riffle), or are restricted to a specific type of traffic (e.g., Herd, Aqua). In this paper, we present PriFi, the first practical protocol for anonymous communication in local-area networks that is provably secure against traffic-analysis attacks, has a low communication latency, and is traffic agnostic. PriFi is based on Dining Cryptographer's networks}, and uses a 3-layer architecture which removes the usual anonymization bottleneck seen in mix networks: packets sent by the clients follow their usual path, without any additional hop that would add latency. As a second contribution, we propose a novel technique for protecting against equivocation attacks, in which a malicious relay de-anonymizes clients by sending them different information. In PriFi's architecture, this is achieved without adding extra latency; in particular, clients do not need to gossip or run consensus among themselves. Finally, we describe a technique for detecting disruption (jamming) attacks by malicious clients and a blaming mechanism to enforce accountability against such attacks. We have fully implemented PriFi and evaluated its performance with well-known datasets. Our analysis is twofold: first, we show that our architecture tolerates well client churn; second, we show that the system can be used in practice with minimal latency overhead (e.g., 70ms for 50 clients), and is compatible with delay-sensitive application such as VoIP.

研究动机与目标

  • 解决局域网中缺乏实用、低延迟、对流量分析攻击具有安全性的匿名通信协议的问题。
  • 设计一种流量无关的系统,避免传统混洗网络中常见的延迟瓶颈。
  • 在不引入客户端共识或广播机制的前提下,防止等价性攻击(即恶意中继发送矛盾信息)。
  • 通过问责机制检测并追责发起干扰(jamming)攻击的客户端。
  • 实现并评估一个完整的系统,使其在最小性能开销下支持真实世界的应用。

提出的方法

  • PriFi 采用三层次架构,将客户端数据包沿其常规路径传输,避免增加额外跳变,从而实现低延迟通信。
  • 其基础为 Dining Cryptographers 网络,可在去中心化方式下提供信息论级别的匿名性。
  • 提出一种新颖的等价性保护机制,确保恶意中继无法通过发送不一致的数据来去匿名化客户端,且无需客户端参与共识或广播。
  • 系统包含一种干扰检测机制,可识别恶意客户端的干扰行为,并通过问责协议实现追责。
  • 通过最小化端到端延迟,使协议与对延迟敏感的应用(如 VoIP)兼容。
  • 性能评估采用真实世界数据集,测量延迟、动态变化容忍度以及在对抗性条件下的系统鲁棒性。

实验结果

研究问题

  • RQ1能否在保持对流量分析攻击安全性的前提下,使局域网匿名通信系统实现低延迟?
  • RQ2如何在不依赖客户端共识或广播机制的前提下,防止低延迟匿名网络中的等价性攻击?
  • RQ3能否以去中心化方式检测并实现对干扰攻击的问责?
  • RQ4系统在保持匿名性和低延迟的前提下,对客户端动态变化(churn)的容忍程度如何?
  • RQ5该系统是否适用于 VoIP 等实时应用,且性能开销极低?

主要发现

  • PriFi 在 50 个客户端下仅带来 70ms 的额外开销,证明其适用于实时应用。
  • 系统保持强匿名性,并因基于 Dining Cryptographers 网络而可证明抵抗流量分析攻击。
  • 新颖的等价性保护机制可在不增加延迟或客户端协调的前提下,防止恶意中继通过发送不一致数据去匿名化客户端。
  • 干扰检测与问责机制成功识别并追责了发起干扰攻击的客户端。
  • 该架构在保持低延迟和匿名性保证的同时,能有效容忍高客户端动态变化。
  • 基于真实世界数据集的评估证实,PriFi 与对延迟敏感的应用(如 VoIP)兼容。

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。