TY - GEN
T1 - Balancing the shadows
AU - Schuchard, Max
AU - Dean, Alexander W.
AU - Heorhiadi, Victor
AU - Hopper, Nicholas
AU - Kim, Yongdae
N1 - Copyright:
Copyright 2011 Elsevier B.V., All rights reserved.
PY - 2010
Y1 - 2010
N2 - In this paper, we examine the ShadowWalker peer-to-peer anonymity scheme. ShadowWalker attempts to provide anonymity via circuits built using random walks over a secured topology. ShadowWalker's topology is secured through the use of shadows, peers that certify another node's routing information. We demonstrate two flaws in ShadowWalker. First, an attacker can compromise the underlying topology of ShadowWalker as a result of an insufficient numbers of shadows. We show that the failure of the underlying topology directly results in the failure of ShadowWalker to provide anonymity guarantees. Second, the dependence on untrusted nodes to certify other nodes allows an attacker to launch a selective denial of service attack. We show that there is an inherent tension between protecting against these two attacks: weakening the first attack strengthens the second attack and vice versa. We introduce a mechanism that generalizes ShadowWalker's lookup defense, and show that this mechanism can be tuned to simultaneously provide strong protection against both these attacks. Last, we implement ShadowWalker and provide performance measurements from a prototype deployment on PlanetLab.
AB - In this paper, we examine the ShadowWalker peer-to-peer anonymity scheme. ShadowWalker attempts to provide anonymity via circuits built using random walks over a secured topology. ShadowWalker's topology is secured through the use of shadows, peers that certify another node's routing information. We demonstrate two flaws in ShadowWalker. First, an attacker can compromise the underlying topology of ShadowWalker as a result of an insufficient numbers of shadows. We show that the failure of the underlying topology directly results in the failure of ShadowWalker to provide anonymity guarantees. Second, the dependence on untrusted nodes to certify other nodes allows an attacker to launch a selective denial of service attack. We show that there is an inherent tension between protecting against these two attacks: weakening the first attack strengthens the second attack and vice versa. We introduce a mechanism that generalizes ShadowWalker's lookup defense, and show that this mechanism can be tuned to simultaneously provide strong protection against both these attacks. Last, we implement ShadowWalker and provide performance measurements from a prototype deployment on PlanetLab.
KW - anonymity
KW - eclipse attack
KW - peer-to-peer
KW - selective denial of service
KW - shadowwalker
UR - http://www.scopus.com/inward/record.url?scp=78650188331&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78650188331&partnerID=8YFLogxK
U2 - 10.1145/1866919.1866921
DO - 10.1145/1866919.1866921
M3 - Conference contribution
AN - SCOPUS:78650188331
SN - 9781450300964
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 1
EP - 10
BT - Proceedings of the 9th Annual ACM Workshop on Privacy in the Electronic Society, WPES '10, Co-located with CCS'10
T2 - 9th Annual ACM Workshop on Privacy in the Electronic Society, WPES '10, Co-located with CCS'10
Y2 - 4 October 2010 through 8 October 2010
ER -