Enhancing Anonymity of Anonymous P2P Content Sharing Systems
Tian, Guanyu (author)
Duan, Zhenhai (professor directing thesis)
Ye, Ming (university representative)
Tyson, Gary (committee member)
Zhang, Zhenghao (committee member)
Wang, Zhi (committee member)
Department of Computer Science (degree granting department)
Florida State University (degree granting institution)
Anonymous networks play a critical role in supporting free speech and user privacy on the Internet. Over the years, many fundamental algorithms and schemes have been proposed to facilitate the development of anonymous networks, including mix networks, onion routing, per-hop (source) address re-writing and message forwarding, and various cryptographic algorithms. In addition, many practical anonymous networks have been developed and some are deployed on the Internet. On the other hand, despite the adoption of these well-established high-level security schemes and algorithms in such networks, the fine-grained design and development decisions of such networks have not been thoroughly examined. As a consequence, vulnerabilities in existing anonymous networks have been continuously identified and existing anonymous networks have been constantly attacked. In this dissertation we take a pragmatic approach to investigate how fine-grained design and development decisions may affect the anonymity strength of anonymous networks, and more importantly, how we can develop proper fine-grained decisions to improve the anonymity strength of anonymous networks. Throughout the course, we focus on Freenet, a popular peer-to-peer anonymous content sharing network. In the first part of the work, we thoroughly investigate the fine-grained decisions made in the Freenet project, including methods to prevent routing loop of content request messages, the handling of various messages in Freenet, and mechanisms for a Freenet node to populate and update its routing table. An effective traceback attack has been developed that can identify the originating machine of a content request message. That is, the anonymity of a content retriever can be broken in Freenet, even if only a single request message has been issued from the corresponding machine. The traceback attack exploited a few fine-grained design and development decisions made in Freenet, including the unique identifier (UID) based mechanism to prevent routing loops of content request messages. In the second part of our work, we investigate mechanisms to improve the anonymity of Freenet. In particular, we have developed a simple and effective scheme named dynID to thwart the traceback attack on Freenet. In dynID, the UID associated with a content request message is dynamically changed at the beginning portion of the message forwarding path. As a consequence, an attacker can only trace back a content request message to the node where the UID value is last changed; it cannot uniquely determine the originating machine of the message. Importantly, dynID only has negligible impacts on the performance of Freenet in locating content on the network. For example, our simulation studies based on the original Freenet source code show that, for all content requests, we can successfully locate the corresponding requested content. DynID prevents an attacker deterministically identifying the originator of a message request, but attackers can probabilistically trace back to the originator. In the third part of our work, we develop a solution, Reroute-On-Loop (ROL), to prevent leakage of routing information. ROL prevents an attacker from distinguishing a node that has seen a particular message from a node that has not seen the message. Our simulation studies show that this solution is effective and brings only minor performance impact on Freenet. We emphasize that if an attacker cannot distinguish a node that has seen a particular message from a node that has not seen the message, it will become extremely difficult for the attacker to carry out any kind of traceback attack. The Freenet project has released a patch to mitigate the traceback attack developed in this dissertation. The Reroute-On-Loop solution in our work has also been considered by the Freenet project.
Anonymous network, Freenet, Internet Security, P2P content sharing system
April 15, 2014.
A Dissertation submitted to the Department of Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy.
Includes bibliographical references.
Zhenhai Duan, Professor Directing Thesis; Ming Ye, University Representative; Gary Tyson, Committee Member; Zhenghao Zhang, Committee Member; Zhi Wang, Committee Member.
Florida State University
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). The copyright in theses and dissertations completed at Florida State University is held by the students who author them.