Anonymity analysis of P2P anonymous communication systems

Compared with traditional static Client/Server architecture, the P2P architecture is more suitable for anonymous communication systems because it is more flexible and can keep load balance better. However, in order to make the system usable and reliable, some system designs make tradeoffs between anonymity and performance such as reliability, latency and throughput. Tradeoffs are sometimes unavoidable in system design, but which tradeoffs are acceptable and which are not is very important for developers. This paper models the P2P anonymous communications and takes quantitative analysis of anonymity by information theory with entropy. Based on this analysis, it studies the effect of key system design strategies on anonymity in network architecture, routing and message relay, and measures which strategies should be used in anonymous communications and which are unreasonable. Some analysis results are contrary to our intuition. For example, it quantitatively concludes that in some cases the anonymity is not enhanced when the system scale increases, and too long an anonymous tunnel may not provide higher anonymity but lowers performance. These analysis results are valuable for developers of P2P anonymous communication systems. Besides, this paper also discusses some possible strategies such as trust and reputation to enhance the P2P anonymous communications.     

A lightweight anonymous routing protocol without public key en/decryptions for wireless ad hoc networks

More attention should be paid to anonymous routing protocols in secure wireless ad hoc networks. However, as far as we know, only a few papers on secure routing protocols have addressed both issues of anonymity and efficiency. Most recent protocols adopted public key Infrastructure (PKI) solutions to ensure the anonymity and security of route constructing mechanisms. Since PKI solution requires huge and expensive infrastructure with complex computations and the resource constraints of small ad hoc devices; a two-layer authentication protocol with anonymous routing (TAPAR) is proposed in this paper. TAPAR does not adopt public key computations to provide secure and anonymous communications between source and destination nodes over wireless ad hoc networks. Moreover, TAPAR accomplishes mutual authentication, session key agreement, and forward secrecy among communicating nodes; along with integration of non-PKI techniques into the routing protocol allowing the source node to anonymously interact with the destination node through a number of intermediate nodes. Without adopting PKI en/decryptions, our proposed TAPAR can be efficiently implemented on small ad hoc devices while at least reducing the computational overhead of participating nodes in TAPAR by 21.75%. Our protocol is certainly favorable when compared with other related protocols.     

FBSS:一种基于公平盲签名和秘密共享的车载网隐私保护方案*

车载自组织网络是移动自组网络及无线传感器网络在交通领域的一种应用,由车辆节点,路侧单元,服务提供商等构成的一种新型移动自组织网络。车载自组网络利用无线信道进行数据传输,由于车载自组织网络本身的开放性和传输信息的敏感性,不可避免的面临信息的泄漏和攻击。如何保证车载自组织网络中的身份隐私和可信通信是亟待解决的关键问题。现有的工作通常采用认证机制,但在车辆认证的过程中不可避免地泄漏了用户的隐私,随后提出的匿名认证方案解决了隐私保护问题却忽略了匿名滥用的情况。针对上述问题,本文提出一种基于公平盲签名和秘密共享的匿名认证方案-FBSS。通过安全性分析和实验,该方案具有较高的匿名性和较高的效率。     

Mutual anonymous overlay multicast

Multicast services are demanded by a variety of applications. Many applications require anonymity during their communication. However, there has been very little work on anonymous multicasting and such services are not available yet. Due to the fundamental differences between multicast and unicast, the solutions proposed for anonymity in unicast communications cannot be directly applied to multicast applications. In this paper we define the anonymous multicast system, and propose a mutual anonymous multicast (MAM) protocol including the design of a unicast mutual anonymity protocol and construction and optimization of an anonymous multicast tree. MAM is self-organizing and completely distributed. We define the attack model in an anonymous multicast system and analyze the anonymity degree. We also evaluate the performance of MAM by comprehensive simulations.     

Pseudo Trust: Zero-Knowledge Authentication in Anonymous P2Ps

Most of the current trust models in peer-to-peer (P2P) systems are identity based, which means that in order for one peer to trust another, it needs to know the other peer's identity. Hence, there exists an inherent tradeoff between trust and anonymity. To the best of our knowledge, there is currently no P2P protocol that provides complete mutual anonymity as well as authentication and trust management. We propose a zero-knowledge authentication scheme called Pseudo Trust (PT), where each peer, instead of using its real identity, generates an unforgeable and verifiable pseudonym using a one-way hash function. A novel authentication scheme based on Zero-Knowledge Proof is designed so that peers can be authenticated without leaking any sensitive information. With the help of PT, most existing identity-based trust management schemes become applicable in mutual anonymous P2P systems. We analyze the security and the anonymity in PT, and evaluate its performance using trace-driven simulations and a prototype PT-enabled P2P network. The strengths of our design include 1) no need for a centralized trusted party or CA, 2) high scalability and security, 3) low traffic and cryptography processing overheads, and 4) man-in-middle attack resistance.     

一种无线Ad Hoc网络动态混淆匿名算法

无线Ad Hoc网络的特殊性决定了它要受到多种网络攻击的威胁,现有的加密和鉴别机制无法解决流量分析攻击.在比较了抗流量分析的匿名技术基础上,提出混淆技术可以满足无线Ad Hoc网络的匿名需求,但现有的混淆算法在Ad Hoc网络下却存在安全与效率的问题.提出了一种动态混淆的RM(pseudo-random mix)算法,该算法主要对混淆器的管理部分进行重新设计.RM算法根据混淆缓冲区的情况进行决策,当缓冲区未满时采用时延转发方式,缓冲区满后采用随机数转发方式,这样既保证了无线Ad Hoc节点的匿名性,同时又解决了停等算法的丢包现象.对RM算法的安全性和效率进行了分析,仿真结果与理论分析相一致,表明RM算法在无线Ad Hoc网络下具有较好的自适应性和实用价值.     

An anonymous distributed routing protocol in mobile ad-hoc networks

This paper proposes an efficient anonymous routing protocol for mobile ad hoc networks (MANETs). This protocol considers symmetric and asymmetric links during the wireless communication of MANETs. A MANET is one type of self-organized wireless network that can be formed by several wireless devices such as laptops, tablet PCs, and smartphones. Different wireless transmission ranges of different mobile devices lead to a special communication condition called an asymmetric link. Most research on this topic focuses on providing security and anonymity for the symmetric link without considering the asymmetric link. This paper proposes a novel distributed routing protocol beyond the symmetric and asymmetric links. This protocol guarantees the security, anonymity, and high reliability of an established route by avoiding unreliable intermediate nodes. The routes generated by the proposed protocol are shorter than previous research. The proposed protocol enhances MANET performance in assuring security and anonymity.     

移动自组网的匿名路由协议研究综述

移动自组网中的恶意节点对路由协议的安全和隐匿具有严重威胁.现在针对安全路由协议的研究很多,但是很少有人涉及匿名性问题,匿名路由协议能够实现节点身份、位置和通信关系的隐匿,在军事和其它机密通信领域中具有重要意义.首先对匿名路由协议面临的攻击行为进行分析,介绍其定义、分类和匿名性评价方法,然后概括性的介绍已有的典型匿名路由协议,比较其匿名性和安全性,最后对以后研究的问题和方向作了总结和展望.     

An Analysis Study on Zone-Based Anonymous Communication in Mobile Ad Hoc Networks

A zone-based anonymous positioning routing protocol for ad hoc networks, enabling anonymity of both source and destination, is proposed and analyzed. According to the proposed algorithm, a source sends data to an anonymity zone, where the destination node and a number of other nodes are located. The data is then flooded within the anonymity zone so that a tracer is not able to determine the actual destination node. Source anonymity is also enabled because the positioning routing algorithms do not require the source ID or its position for the correct routing. We develop anonymity protocols for both routeless and route-based data delivery algorithms. To evaluate anonymity, we propose a "measure of anonymity," and we develop an analytical model to evaluate it. By using this model, we perform an extensive analysis of the anonymity protocols to determine the parameters that most impact the anonymity level.     

Anonymous Geo-Forwarding in MANETs through Location Cloaking

In this paper, we address the problem of destination anonymity for applications in mobile ad hoc networks where geographic information is ready for use in both ad hoc routing and Internet services. Geographic forwarding becomes a lightweight routing protocol in favor of the scenarios. Traditionally the anonymity of an entity of interest can be achieved by hiding it among a group of other entities with similar characteristics, i.e., an anonymity set. In mobile ad hoc networks, generating and maintaining an anonymity set for any ad hoc node is challenging because of the node mobility, consequently the dynamic network topology. We propose protocols that use the destination position to generate a geographic area called {em anonymity zone (AZ)}. A packet for a destination is delivered to all the nodes in the AZ, which make up the anonymity set. The size of the anonymity set may decrease because nodes are mobile, yet the corresponding anonymity set management is simple. We design techniques to further improve node anonymity and reduce communication overhead. We use analysis and extensive simulation to study the node anonymity and routing performance, and to determine the parameters that most impact the anonymity level that can be achieved by our protocol.     

MuON: Epidemic based mutual anonymity in unstructured P2P networks

A mutual anonymity system enables communication between a client and a service provider without revealing their identities. In general, the anonymity guarantees made by the protocol are enhanced when a large number of participants are recruited into the anonymity system. Peer-to-peer (P2P) systems are able to attract a large number of nodes and hence are highly suitable for anonymity systems. However, the churn (changes in system membership) within P2P networks, poses a significant challenge for low-bandwidth reliable anonymous communication in these networks.This paper presents MuON, a protocol to achieve mutual anonymity in unstructured P2P networks. MuON leverages epidemic-style data dissemination to deal with churn. Simulation results and security analysis indicate that MuON provides mutual anonymity in networks with high churn, while maintaining predictable latencies, high reliability, and low communication overhead.     

Secure and efficient key management in mobile ad hoc networks

In mobile ad hoc networks, due to unreliable wireless media, host mobility and lack of infrastructure, providing secure communications is a big challenge. Usually, cryptographic techniques are used for secure communications in wired and wireless networks. Symmetric and asymmetric cryptography have their advantages and disadvantages. In fact, any cryptographic means is ineffective if its key management is weak. Key management is also a central aspect for security in mobile ad hoc networks. In mobile ad hoc networks, the computational load and complexity for key management are strongly subject to restriction by the node's available resources and the dynamic nature of network topology. We propose a secure and efficient key management (SEKM) framework for mobile ad hoc networks. SEKM builds a public key infrastructure (PKI) by applying a secret sharing scheme and using an underlying multi-cast server groups. We give detailed information on the formation and maintenance of the server groups. In SEKM, each server group creates a view of the certificate authority (CA) and provides certificate update service for all nodes, including the servers themselves. A ticket scheme is introduced for efficient certificate service. In addition, an efficient server group updating scheme is proposed. The performance of SEKM is evaluated through simulation.     

一种完全匿名的P2P网络信任模型

目前的P2P网络信任机制大多是通过牺牲匿名性来实现的,这给P2P网络安全引入了一系列新的问题。本文提出了一种完全匿名的P2P网络信任模型--TAM。该模型通过多个公／私钥的组合使用来保证安全和匿名。     

Network trust management in emergency situations

We study the unique trust management, and more precisely reputation management and revocation of malicious nodes in the context of ad hoc networks used for emergency communications.Unlike in centralized systems, reputation management and revocation in ad hoc networks is non-trivial. This difficulty is due to the fact that the nodes have to collaboratively calculate the reputation value of a particular node and then revoke the node if the reputation value goes below a threshold. A major challenge in this scheme is to prevent a malicious node from discrediting other genuine nodes. The decision to revoke a node has to be communicated to all the nodes of the network. In traditional ad hoc networks the overhead of broadcasting the message throughout the network may be very high. We solve the problem of reputation management and node revocation in ad hoc networks of cell phones by using a threshold cryptography based scheme. Each node of the network would have a set of anonymous referees, which would store the reputation information of the node and issue reputation certificates to the node with timestamps. The misbehavior of a particular cell phone is reported to its anonymous referees, who issue certificates which reflect the positive and negative recommendations.     

移动互联网可信匿名通信模型

针对移动互联网对通信过程的匿名性需求,提出基于签密和可信计算技术设计移动互联网下的匿名通信模型,以实现通信双方间的匿名通信。该模型中,中间节点根据前驱节点的签密信息鉴别转发数据的完整性,验证转发链路的真实性。分析表明该模型在实现通信匿名的同时具有安全性与可信性,满足移动互联网下移动终端匿名通信过程的安全需求。     

M2ASR——新型多径匿名源路由协议*

针对无线Ad hoc网络通信的安全与效率问题,提出一个高效并有较好匿名能力的多径匿名源路由协议M2ASR。在DSR协议的基础上,使用标签机制,对源路由的工作过程进行了修改,实现了能够应用于大规模无线网络的多径匿名路由;并在协议中首次使用IDA算法,利用Ad hoc网络的节点转发和协议本身提供的多径性质,提高了无线Ad hoc的通信效率;从理论和仿真角度对M2ASR协议的匿名性和使用IDA算法之后所带来的效率进行了分析和总结。     

一种无线传感器网络匿名安全路由协议*

为了能在有限资源的无线传感器网络上进行安全的匿名通信,使用双线性函数的双线性对和异或运算提出了一种匿名安全路由协议,与目前现有的无线网络匿名通信方案相比,协议不仅能提供身份的机密性、位置隐私性和路由的匿名性,而且还满足前向和后向安全性,并且大大提高了系统的计算复杂度和带宽消耗,更适合无线传感器网络。     

P2P匿名通信系统的匿名度量

分析了P2P匿名通信系统模型及攻击模型,基于信息熵,针对共谋攻击,度量了几种典型的P2P匿名系统的接收者匿名度,分析了系统匿名性与系统规模N、恶意节点比例、路径长度及转发概率的关系。计算数据表明,嵌套加密使系统获得强匿名,接收者的匿名度随系统规模等的增大而增大,随恶意节点比例的增大而减小,受恶意节点比例及系统规模影响较大,受路径长度影响较小。     

A global security architecture for operated hybrid WLAN mesh networks

Hybrid Wireless Mesh Network (HWMN) is a new wireless networking paradigm. Unlike traditional wireless networks, in HWMNs, hosts may rely on each other to keep the network connected. Operators and wireless internet service providers are choosing HWMNs to offer Internet connectivity, as it allows fast, easy and affordable network deployments. One main challenge in design of these networks is their vulnerability to security attacks. In this paper, we investigate the main security issues focusing on the most vulnerable part of the hybrid WLAN mesh infrastructure which concerns the ad hoc network part. Through our proposed architecture, Security Architecture for Operator’s Hybrid WLAN Mesh Network (SATHAME), we identify the new challenges and opportunities posed by this emerging networking environment and explore approaches to secure users, data and communications. From the analysis of strengths and weaknesses of secured routing protocols, we designed a new robust routing structure called MacroGraph (MG). MG structure is extracted from the mesh ad hoc network for each communication to be established between a source and a destination. Especially, MG is a robust structure based on node-disjoint path routing scheme and dynamic trust management that can be adapted to respond to applications’ security requirements. We present a performance analysis of our efficient, robust and scalable multipath reactive secured routing protocol. We investigate the behavior of our proposed scheme under two attack scenarios: Packet Dropping and Route Error attacks in dense network configurations.     

Secure communications for cluster-based ad hoc networks using node identities

Ad hoc networks are self-configurable networks with dynamic topologies. All involved nodes in the network share the responsibility for routing, access, and communications. The mobile ad hoc network can be considered as a short-lived collection of mobile nodes communicating with each other. Such networks are more vulnerable to security threats than traditional wireless networks because of the absence of the fixed infrastructure. For providing secure communications in such networks, lots of mechanisms have been proposed since the early 1990s, which also have to deal with the limitations of the mobile ad hoc networks, including high power saving and low bandwidth. Besides, public key infrastructure (PKI) is a well-known method for providing confidential communications in mobile ad hoc networks. In 2004, Varadharajan et al. proposed a secure communication scheme for cluster-based ad hoc networks based on PKI. Since the computation overheads of the PKI cryptosystem are heavy for each involved communicating node in the cluster, we propose an ID-based version for providing secure communications in ad hoc networks. Without adopting PKI cryptosystems, computation overheads of involved nodes in our scheme can be reduced by 25% at least.