TY - GEN
T1 - Hashing it out in public
T2 - 8th ACM Workshop on Privacy in the Electronic Society, WPES '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09
AU - Tran, Andrew
AU - Hopper, Nicholas
AU - Kim, Yongdae
N1 - Copyright:
Copyright 2010 Elsevier B.V., All rights reserved.
PY - 2009
Y1 - 2009
N2 - We examine peer-to-peer anonymous communication systems that use Distributed Hash Table algorithms for relay selection. We show that common design flaws in these schemes lead to highly effective attacks against the anonymity provided by the schemes. These attacks stem from attacks on DHT routing, and are not mitigated by the well-known DHT security mechanisms due to a fundamental mismatch between the security requirements of DHT routing's put/get functionality and anonymous routing's relay selection functionality. Our attacks essentially allow an adversary that controls only a small fraction of the relays to function as a global active adversary. We apply these attacks in more detail to two schemes: Salsa and Cashmere. In the case of Salsa, we show that an attacker that controls 10% of the relays in a network of size 10,000 can compromise more than 80% of all completed circuits; and in the case of Cashmere, we show that an attacker that controls 20% of the relays in a network of size 64000 can compromise 42% of the circuits.
AB - We examine peer-to-peer anonymous communication systems that use Distributed Hash Table algorithms for relay selection. We show that common design flaws in these schemes lead to highly effective attacks against the anonymity provided by the schemes. These attacks stem from attacks on DHT routing, and are not mitigated by the well-known DHT security mechanisms due to a fundamental mismatch between the security requirements of DHT routing's put/get functionality and anonymous routing's relay selection functionality. Our attacks essentially allow an adversary that controls only a small fraction of the relays to function as a global active adversary. We apply these attacks in more detail to two schemes: Salsa and Cashmere. In the case of Salsa, we show that an attacker that controls 10% of the relays in a network of size 10,000 can compromise more than 80% of all completed circuits; and in the case of Cashmere, we show that an attacker that controls 20% of the relays in a network of size 64000 can compromise 42% of the circuits.
KW - Anonymity
KW - Peer-to-peer networks
KW - Selective denial of service
UR - http://www.scopus.com/inward/record.url?scp=74049164513&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=74049164513&partnerID=8YFLogxK
U2 - 10.1145/1655188.1655199
DO - 10.1145/1655188.1655199
M3 - Conference contribution
AN - SCOPUS:74049164513
SN - 9781605587837
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 71
EP - 80
BT - Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society, WPES '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09
Y2 - 9 November 2009 through 13 November 2009
ER -