Track: Anonymous communication

• PriFi:Low-Latency Anonymity for Organizational Networks
  Ludovic Barman (EPFL), Italo Dacosta (UBS), Mahdi Zamani (Visa Research), Ennan Zhai (Alibaba Group), Apostolos Pyrgelis (EPFL), Bryan Ford (EPFL), Jean-Pierre Hubaux (EPFL), and Joan Feigenbaum (Yale University)

Pre-recorded presentation

Summary:

Organizational networks are vulnerable to traffic-analysis attacks that enable adversaries to infer sensitive information from the network traffic - even if encryption is used. Typical anonymous communication networks are tailored to the Internet and are poorly suited for organizational networks. We present PriFi, an anonymous communication protocol for LANs: it protects users against eavesdroppers and provides traffic-analysis resistance. PriFi builds on Dining Cryptographers networks but reduces the high communication latency of prior work via a new client/relay/server architecture, in which a client's packets remain on their usual network path without additional hops, and in which a set of remote servers assist the anonymization process without adding latency. PriFi also solves the challenge of equivocation attacks, which are not addressed by related works, by encrypting the traffic based on the communication history. Our evaluation shows that PriFi introduces a small latency overhead (~100ms for 100 clients) and is compatible with delay-sensitive applications such as VoIP.

• dPHI: An improved high-speed network-layer anonymity protocol 
  Alexander Bajic (ESMT Berlin) and Georg T. Becker (ESMT Berlin)

Pre-recorded presentation

Summary:

In this paper we focus on lightweight anonymous routing protocols at the network layer. Several protocols, namely LAP, DOVETAIL and most recently PHI have been proposed which are efficient enough to be deployed in a large scale infrastructure such as the Internet. In this paper we take a closer look at PHI and introduce several de-anonymization attacks malicious nodes can perform to reduce the sender and receiver anonymity. As a direct consequence of this analysis we propose a new protocol called dependable PHI (dPHI). The security analysis of dPHI includes a detailed quantitative anonymity analysis that compares dPHI with PHI, LAP and HORNET. Together with the performance analysis, this allows for a good comparison of trade-offs for these anonymity protocols. In the talk I will focus on trying to motivate you why the topic of lightweigth anonymity protocols is an interesting research area with a lot of interesting and open research questions and why it is also interesting for corporate networks.

• Comprehensive Anonymity Trilemma: User Coordination is not enough
  Debajyoti Das (Purdue University), Sebastian Meiser (Visa Research), Esfandiar Mohammadi (Universitaet zu Luebeck), Aniket Kate (Purdue University), and Esfandiar Mohammadi (University of Luebeck)

Pre-recorded presentation

Summary:

For anonymous communication networks (ACNs), Das et al. recently confirmed a long-suspected trilemma result that ACNs cannot achieve strong anonymity, low latency overhead and low bandwidth overhead at the same time. Our paper emanates from the careful observation that their analysis does not include a relevant class of ACNs with what we call "user coordination" where users proactively work together towards improving their anonymity. We show that such protocols can achieve better anonymity than predicted by the above trilemma result. As the main contribution, we present a stronger impossibility result that includes all ACNs we are aware of. Along with our formal analysis, we provide intuitive interpretations and lessons learned. Finally, we demonstrate qualitatively stricter requirements for the Anytrust assumption (all but one protocol party is compromised) prevalent across ACNs.

• Protecting against Website Fingerprinting with Multihoming
  Sébastien Henri (Cisco Meraki), Gines Garcia-Aviles (University Carlos III of Madrid, Spain), Pablo Serrano (University Carlos III of Madrid, Spain), Albert Banchs (IMDEA Networks Institute and University Carlos III of Madrid, Spain), and Patrick Thiran (EPFL, Switzerland)

We propose a defense against website fingerprinting which exploits multihoming, where a user can access the Internet by sending the traffic through multiple networks. With multihoming, it is possible to protect against website fingerprinting by splitting traffic among the networks, i.e., by removing packets from one network and sending them through another, whereas current defenses can only add packets. This enables us to design a defense with no traffic overhead that reaches the same level of privacy as the best existing practical defenses.