![]() ![]() Modern anonymity systems that build upon communication mixes may further be categorized by the cryptographic primitives they use for layered encryption. To mitigate disclosure attacks, users should appear to be sending and receiving packets even if they are not in an active communication, which requires dummy packets. Such attacks exploit user churn and correlate the sending/receiving behavior of users over time. Unfortunately, powerful attackers like a global observer are still able to infer communication relationships by performing disclosure attacks. To defeat attacks based on timing of packets entering and leaving an observed mix, packets are collected in batches and forwarded in random order. In result, correlation of packets based on size or encrypted content is not possible. Each packet is encrypted in layers, one for each mix, which are removed along the way. At the same time, a fixed uniform size is enforced for all packets by padding or splitting of application layer messages. Instead of trusting a single provider, packets are routed via multiple mixes, which are deployed in a distributed fashion. Ī promising concept to protect metadata are communication mixes, first introduced by David Chaum. Unfortunately, communication relationships may also leak sensitive communication content, for example, when users contact a specialized counseling or medical service. For another, third parties may observe size and timing information of (encrypted) IP packets in different sections of the network to infer communication relationships. For one, providers may still easily record communication metadata. And while confidentiality of communication content may easily be achieved by end-to-end encryption, metadata is far more challenging to protect. However, such services also raise privacy concerns, like a (de-)centralized provider collecting communication content and metadata on a large scale. Due to their IP-based design, they are able to support a wide variety of applications, including text-based chats, file transfer and voice calls. ![]() Instant messaging services like Signal and WhatsApp have become a ubiquitous utility for human-to-human communications. A first prototype of Hydra is published as open source. Using a dataset generated by performing latency measurements in the Tor network, we further show that Hydra is able to support anonymous voice calls with acceptable quality of service in real scenarios. ![]() Compared to other systems for text-based messaging, Hydra is able to decrease end-to-end latencies by an order of magnitude without degrading anonymity. We evaluate Hydra using an analytical model as well as call simulations. Furthermore, circuits can be upgraded to support voice calls, real-time chat sessions, and file transfers-with slightly reduced anonymity in presence of global observers. This allows to implement strong metadata security for contact discovery and text-based messages with relatively low latency. Main idea is to use latency-aware, padded, and onion-encrypted circuits even for connectionless applications. We propose Hydra, an anonymity system that is able to efficiently provide metadata security for a wide variety of applications. ![]() There are numerous proposals to implement anonymous communications, yet none provides it in a strong (but feasible) threat model in an efficient way. Protecting communications’ metadata can be as important as protecting their content, i.e., recognizing someone contacting a medical service may already allow to infer sensitive information. ![]()
0 Comments
Leave a Reply. |