Chen_cmu_0041E_10287.pdf (2.49 MB)

Infrastructure-based Anonymous Communication Protocols in Future Internet Architectures

Download (2.49 MB)
posted on 12.08.2018, 00:00 by Chen Chen
User anonymity faces increasing threats from private companies, network service providers, and governmental
surveillance programs. Current anonymous communication systems running as overlay networks offer neither satisfactory performance to support diverse Internet applications nor strong security guarantees. As Future Internet Architectures emerge and propose to equip routers with cryptographic operations, this thesis aims to answer the question: what level of security guarantee and performance can anonymous communication system offer if designed as a service of the network infrastructure?
This thesis thus presents three scalable and highly efficient infrastructure-based anonymous communication
systems, HORNET, PHI, and TARANET, defeating adversaries ranging from a single malicious
Internet Service Provider to governments conducting mass surveillance. Our contributions are summarized
1. We present HORNET, a low-latency onion routing system that operates at the network layer thus
enabling a wide range of applications. HORNET uses only symmetric cryptography for data forwarding
and requires no per-flow state on intermediate routers to achieve high scalability. This
design enables HORNET routers implemented on off-the-shelf workstation to process anonymous
traffic at over 93 Gb/s.
2. We propose PHI, a Path-HIdden lightweight anonymity protocol that fixes two vulnerabilities of
LAP and Dovetail. We present an efficient packet header format that hides path information and a
new back-off setup method that is compatible with current and future network architectures. Our
experiments demonstrate that PHI expands anonymity sets of LAP and Dovetail by over 30x and
reaches 120 Gb/s forwarding speed on a commodity software router.
3. We propose TARANET, an anonymity system that implements protection against traffic analysis
at the network layer, and limits the incurred latency and overhead. In TARANET’s setup phase,
traffic analysis is thwarted by mixing. In the data transmission phase, end hosts and Autonomous
Systems coordinate to shape traffic into constant-rate transmission using packet splitting. Our prototype
implementation shows that TARANET can forward anonymous traffic at over 50 Gb/s using
commodity hardware.
In summary, this thesis demonstrates that it is not only viable but also beneficial to build infrastructurebased
anonymous communication systems. The proposed schemes achieve a new level of scalability and
performance and characterize a general trade-off between anonymity guarantees and performance that
guides future infrastructure-based anonymous communication system designs.




Degree Type



Electrical and Computer Engineering

Degree Name

  • Doctor of Philosophy (PhD)


Adrian Perrig