Stopping Silent Sneaks: Defending against Malicious Mixes with Topological Engineering

Published 2022 in Asia-Pacific Computer Systems Architecture Conference

ABSTRACT

Mixnets provide strong meta-data privacy and recent academic research and industrial projects have made strides in making them more secure, performant, and scalable. In this paper, we focus our work on stratified Mixnets, a popular design with real-world adoption. We identify and measure significant impacts of practical aspects such as: relay sampling and topology placement, network churn, and risks due to real-world usage patterns. We show that, due to the lack of incorporating these aspects in design decisions, Mixnets of this type are far more susceptible to user deanonymization than expected. In order to reason about and resolve these issues, we model Mixnets as a three-stage “Sample-Placement-Forward” pipeline and develop tools to analyze and evaluate design decisions. To address the identified gaps and weaknesses we propose Bow-Tie, a design that mitigates user deanonymization through a novel adaption of Tor’s guard design with an engineered guard layer and client guard-logic for stratified mixnets. We show that Bow-Tie has significantly higher user anonymity in the dynamic setting, where the Mixnet is used over a period of time, and is no worse in the static setting, where the user only sends a single message. We show the necessity of both the guard layer and client guard-logic in tandem as well as their individual effect when incorporated into other reference designs. We develop and implement two tools, 1) a mixnet topology generator (Mixnet-Topology-Generator (MTG)) and 2) a path simulator and security evaluator (routesim) that takes into account temporal dynamics and user behavior, to assist our analysis and empirical data collection. These tools are designed to help Mixnet designers assess the security and performance impact of their design decisions.

PUBLICATION RECORD

Publication year
2022
Venue
Asia-Pacific Computer Systems Architecture Conference
Publication date
2022-06-01
Fields of study
Computer Science, Engineering
Identifiers
DOI 10.1145/3564625.3567996 arXiv 2206.00592
External record
Open on Semantic Scholar
Source metadata
Semantic Scholar

CITATION MAP

EXTRACTION MAP

CLAIMS

No claims are published for this paper.

CONCEPTS

No concepts are published for this paper.

REFERENCES

Spectrum: High-bandwidth Anonymous Broadcast
2022cited by this paper
Mixnet optimization methods
2022cited by this paper
MiXiM: Mixnet Design Decisions and Empirical Evaluation
2021cited by this paper
The Nym Network The Next Generation of Privacy Infrastructure
2021cited by this paper
On the Accuracy of Tor Bandwidth Estimation
2021cited by this paper
FlashFlow: A Secure Speed Test for Tor
2020cited by this paper
CLAPS: Client-Location-Aware Path Selection in Tor
2020cited by this paper
Express: Lowering the Cost of Metadata-hiding Communication with Cryptographic Privacy
2019cited by this paper
XRD: Scalable Messaging System with Cryptographic Privacy
2019cited by this paper
Introduction to Cutting and Packing Optimization
2018cited by this paper
SmarTor: Smarter Tor with Smart Contracts: Improving resilience of topology distribution in the Tor network
2018cited by this paper
Karaoke: Distributed Private Messaging Immune to Passive Traffic Analysis
2018influential reference
Understanding Tor Usage with Privacy-Preserving Measurement
2018cited by this paper
Dropping on the Edge: Flexibility and Traffic Confirmation in Onion Routing Protocols
2018cited by this paper
No right to remain silent: Isolating Malicious Mixes
2017cited by this paper
PeerFlow: Secure Load Balancing in Tor
2017cited by this paper
The Loopix Anonymity System
2017influential reference
Stadium: A Distributed Metadata-Private Messaging System
2017influential reference
cMix: Mixing with Minimal Real-Time Asymmetric Cryptographic Operations
2017cited by this paper
Riffle
2016cited by this paper
Waterfilling: Balancing the Tor network with maximum diversity
2016cited by this paper
Atom: Horizontally Scaling Strong Anonymity
2016influential reference
fitdistrplus: An R Package for Fitting Distributions
2015cited by this paper
Vuvuzela: scalable private messaging resistant to traffic analysis
2015influential reference
Avoiding The Man on the Wire: Improving Tor's Security with Trust-Aware Path Selection
2015cited by this paper
20,000 In League Under the Sea: Anonymous Communication, Trust, MLATs, and Undersea Cables
2015cited by this paper
Riposte: An Anonymous Messaging System Handling Millions of Users
2015cited by this paper
Deniable Key Exchanges for Secure Messaging
2015cited by this paper
Pervasive Monitoring Is an Attack
2014cited by this paper
Representing Network Trust and Using It to Improve Anonymous Communication
2014cited by this paper
Users get routed: traffic correlation on tor by realistic adversaries
2013cited by this paper
Changing of the guards: a framework for understanding and improving entry guard selection in tor
2012cited by this paper
Dissent in Numbers: Making Strong Anonymity Scale
2012cited by this paper
Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks
2010cited by this paper
Compromising Tor Anonymity Exploiting P2P Information Leakage
2010cited by this paper
Sphinx: A Compact and Provably Secure Mix Format
2009cited by this paper
Why I'm Not an Entropist
2009cited by this paper
EigenSpeed: secure peer-to-peer bandwidth evaluation
2009cited by this paper
A Tune-up for Tor: Improving Security and Performance in the Tor Network
2008cited by this paper
Metrics for Security and Performance in Low-Latency Anonymity Systems
2008cited by this paper
Denial of service or denial of security?
2007cited by this paper
Low-cost traffic analysis of Tor
2005cited by this paper
The Traffic Analysis of Continuous-Time Mixes
2004cited by this paper
The predecessor attack: An analysis of a threat to anonymous communications systems
2004cited by this paper
Tor: The Second-Generation Onion Router
2004cited by this paper
Eluding carnivores: file sharing with strong anonymity
2004cited by this paper
Synchronous Batching: From Cascades to Free Routes
2004cited by this paper
Mix-Networks with Restricted Routes
2003cited by this paper
Measuring Anonymity: The Disclosure Attack
2003cited by this paper
On the Anonymity of Timed Pool Mixes
2003cited by this paper
Mixminion: design of a type III anonymous remailer protocol
2003cited by this paper
Reliable MIX Cascade Networks through Reputation
2002cited by this paper
Towards Measuring Anonymity
2002cited by this paper
Towards an Information Theoretic Metric for Anonymity
2002cited by this paper
Tarzan: a peer-to-peer anonymizing network layer
2002cited by this paper
From a Trickle to a Flood: Active Attacks on Several Mix Types
2002cited by this paper
Probabilistic Techniques in Exposure Assessment: A Handbook for Dealing with Variability and Uncertainty in Models and Inputs
1999cited by this paper
Verifiable random functions
1999cited by this paper
Private information retrieval
1995cited by this paper
Guessing and entropy
1994cited by this paper
The dining cryptographers problem: Unconditional sender and recipient untraceability
1988cited by this paper
Untraceable electronic mail, return addresses, and digital pseudonyms
1981cited by this paper
This Paper Is Included in the Proceedings of the 12th Usenix Symposium on Operating Systems Design and Implementation (osdi '16). Unobservable Communication over Fully Untrusted Infrastructure Unobservable Communication over Fully Untrusted Infrastructure
year unknowncited by this paper
This Paper Is Included in the Proceedings of the 12th Usenix Symposium on Operating Systems Design and Implementation (osdi '16). Alpenhorn: Bootstrapping Secure Communication without Leaking Metadata Alpenhorn: Bootstrapping Secure Communication without Leaking Metadata
year unknowncited by this paper

CITED BY

Quantifying Mix Network Privacy Erosion with Generative Models
2025cites this paper
VeraSel: Verifiable Random Selection for Mixnets Construction
2023cites this paper