trust-based anonymous communication: models and routing algorithms
DESCRIPTION
Trust-based Anonymous Communication: Models and Routing Algorithms. U.S. Naval Research Laboratory U.S. Naval Research Laboratory The Tor Project The Tor Project. Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson. 18th ACM Conference on Computer and Communications Security - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/1.jpg)
Trust-based Anonymous Communication:Models and Routing Algorithms
Aaron JohnsonPaul Syverson
Roger DingledineNick Mathewson
U.S. Naval Research LaboratoryU.S. Naval Research Laboratory
The Tor ProjectThe Tor Project
18th ACM Conference on Computer and Communications SecurityOctober 17-21, 2011
Chicago, IL
![Page 2: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/2.jpg)
2
Overview
• Onion routing provides anonymous communication.
![Page 3: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/3.jpg)
3
Overview
• Onion routing provides anonymous communication.
?
![Page 4: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/4.jpg)
4
Overview
• Onion routing provides anonymous communication.
??
![Page 5: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/5.jpg)
5
Overview
• Onion routing provides anonymous communication.
???
![Page 6: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/6.jpg)
6
Overview
• Onion routing provides anonymous communication.• It is insecure against an adversary with resources.
??
![Page 7: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/7.jpg)
7
Overview
• Onion routing provides anonymous communication.• It is insecure against an adversary with resources.• Trust can help avoid such an adversary.– We provide a model of trust.– We design trust-based routing algorithms.
??
![Page 8: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/8.jpg)
8
Overview
• Onion routing provides anonymous communication.• It is insecure against an adversary with resources.• Trust can help avoid such an adversary.– We provide a model of trust.– We design trust-based routing algorithms.
• Improve anonymity with robustness to trust errors.
??
![Page 9: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/9.jpg)
9
Onion Routing
![Page 10: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/10.jpg)
10
Onion Routing
Users Onion Routers Destinations
1. A user cryptographically constructs a circuit through the network.
2. Onion-encrypted data is sent and unwrapped along the circuit.3. The process runs in reverse for return data.
![Page 11: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/11.jpg)
11
Onion Routing
• International onion-routing network• Estimated at over 300,000 users daily• ≈2500 onion routers• Uses include
torproject.org
- Avoiding censorship- Gathering intelligence
- Political activism- Whistleblowing
![Page 12: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/12.jpg)
12
ProblemProblem
![Page 13: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/13.jpg)
13
ProblemProblem
• Adversary may observe or control routers.
![Page 14: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/14.jpg)
14
Problem
• Adversary may observe or control routers.• Traffic patterns can link first and last routers.
![Page 15: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/15.jpg)
15
Problem
• Adversary may observe or control routers.• Traffic patterns can link first and last routers.
Path Selection Probability of attack success
# routers observed # connections until successful attack
Random 0.01 250 100
+ guards & exits 0.01 80 guards, 90 exits 10 w/ prob. 0.1
+ bandwidth weighting 0.01 guard&exit, 124 MiBps 7.7 w/ prob. 0.077
2500 total routers, 900 exit, 800 guard
First-last Correlation Attack Success
![Page 16: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/16.jpg)
16
Key Idea: Trust• Users may know how likely a router is to be
under observation.
Name Hostname Bandwidth Uptime Location Tor version OS
moria1 moria.csail.mit.edu
460 KB/s 1 days USA 0.2.3.5-alpha
Linux
rathergonaked 212-82-33-112.ip.14v.de
302 KB/s 6 days Germany 0.2.2.33 Linux
Unnamed static-ip-166-154-142-114.rev.dyxnet.com
58 KB/s 58 days Hong Kong
0.2.1.29 Windows Server 2003 SP2
Source: http://torstatus.blutmagie.de, 10/12/2011
Tor Routers with Possible Trust Factors
![Page 17: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/17.jpg)
17
Problems
1. What is trust?• Model
2. How do we use trust?• Path-selection algorithm
![Page 18: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/18.jpg)
18
Model
User u
Naïve users N
Au
Probability of Compromise: cu(r)0 1
Adversaries
Trust: τu(r) = 1-cu(r)
Observed destination
Observed source
![Page 19: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/19.jpg)
19
Trust-based Path Selection Algorithm
1. Destination links observed only• Use downhill algorithm.
2. Source links observed only• Use one-hop path of most-trusted router.
3. Neither source nor destination links observed• Connect directly to destination.
4. Both source and destination links observed• Connect directly to destination.
![Page 20: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/20.jpg)
20
Downhill AlgorithmKey idea: Blend in with the naïve users.
Random Most trusted
![Page 21: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/21.jpg)
21
Downhill AlgorithmKey idea: Blend in with the naïve users.
Random Most trusted
![Page 22: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/22.jpg)
22
Downhill AlgorithmKey idea: Blend in with the naïve users.
Most trustedRandom
![Page 23: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/23.jpg)
23
Downhill Algorithm
Most trustedRandomTrust
0
0
Fraction of Routers
Router Trust CDF
1
![Page 24: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/24.jpg)
24
Downhill Algorithm
Most trustedRandomTrust
0
0
Fraction of Routers
Router Trust CDF
1
![Page 25: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/25.jpg)
25
Downhill Algorithm
Most trustedRandomTrust
0
0
Fraction of Routers
Router Trust CDF
1
![Page 26: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/26.jpg)
26
Downhill Algorithm
Most trustedRandomTrust
0
0
Fraction of Routers
Router Trust CDF
1
Downhill
![Page 27: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/27.jpg)
27
Downhill Algorithm
![Page 28: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/28.jpg)
28
Downhill Algorithm
1. Set path length l and trust levels λ1,…, λl to optimize expectation of anonymity metric.
![Page 29: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/29.jpg)
29
Downhill Algorithm
1. Set path length l and trust levels λ1,…, λl to optimize expectation of anonymity metric.
2. For 1 ≤ i ≤ l,Randomly select among routers with trust ≥ λi
![Page 30: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/30.jpg)
30
Downhill Algorithm
1. Set path length l and trust levels λ1,…, λl to optimize expectation of anonymity metric.
2. For 1 ≤ i ≤ l,Randomly select among routers with trust ≥ λi
![Page 31: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/31.jpg)
31
Downhill Algorithm
1. Set path length l and trust levels λ1,…, λl to optimize expectation of anonymity metric.
2. For 1 ≤ i ≤ l,Randomly select among routers with trust ≥ λi
![Page 32: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/32.jpg)
32
Downhill Algorithm
1. Set path length l and trust levels λ1,…, λl to optimize expectation of anonymity metric.
2. For 1 ≤ i ≤ l,Randomly select among routers with trust ≥ λi
![Page 33: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/33.jpg)
33
Downhill Algorithm
1. Set path length l and trust levels λ1,…, λl to optimize expectation of anonymity metric.
2. For 1 ≤ i ≤ l,Randomly select among routers with trust ≥ λi
![Page 34: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/34.jpg)
34
Downhill Algorithm
1. Set path length l and trust levels λ1,…, λl to optimize expectation of anonymity metric.
2. For 1 ≤ i ≤ l,Randomly select among routers with trust ≥ λi
![Page 35: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/35.jpg)
35
Downhill Algorithm
1. Set path length l and trust levels λ1,…, λl to optimize expectation of anonymity metric.
2. For 1 ≤ i ≤ l,Randomly select among routers with trust ≥ λi
![Page 36: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/36.jpg)
36
Downhill Algorithm
1. Set path length l and trust levels λ1,…, λl to optimize expectation of anonymity metric.
2. For 1 ≤ i ≤ l,Randomly select among routers with trust ≥ λi
3. For each connection,1. Create circuit through selected routers.2. Randomly choose two routers.3. Extend circuit through them to the destination.
![Page 37: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/37.jpg)
37
Downhill Algorithm
1. Set path length l and trust levels λ1,…, λl to optimize expectation of anonymity metric.
2. For 1 ≤ i ≤ l,Randomly select among routers with trust ≥ λi
3. For each connection,1. Create circuit through selected routers.2. Randomly choose two routers.3. Extend circuit through them to the destination.
![Page 38: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/38.jpg)
38
Downhill Algorithm
1. Set path length l and trust levels λ1,…, λl to optimize expectation of anonymity metric.
2. For 1 ≤ i ≤ l,Randomly select among routers with trust ≥ λi
3. For each connection,1. Create circuit through selected routers.2. Randomly choose two routers.3. Extend circuit through them to the destination.
![Page 39: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/39.jpg)
39
Downhill Algorithm
1. Set path length l and trust levels λ1,…, λl to optimize expectation of anonymity metric.
2. For 1 ≤ i ≤ l,Randomly select among routers with trust ≥ λi
3. For each connection,1. Create circuit through selected routers.2. Randomly choose two routers.3. Extend circuit through them to the destination.
![Page 40: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/40.jpg)
40
Anonymity Analysis• Metric: Posterior probability of actual source
of a given connection.
u
Example:
• Let Ti = {r : τu(r) ≥ λi}.• Let Au⊂R be the routers compromised by Au.• Let X1 = Pr[ u chose observed path]
= (|T1\Au|/|T1|) (|T2\Au|/|T2|) (1/|T3|) (1/|R|)2
• Let X2 = Pr[ n N chose observed path]∈= (|R\Au|/|R|)2 (1/|R|)3
• Posterior probability: X1/(X1+|N|X2)
static dynamic
![Page 41: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/41.jpg)
41
Anonymity AnalysisExpected anonymity Downhill Most trusted Random Lower boundMany @ medium trust 0.0274 0.2519 0.1088 0.01Many @ low trust 0.0550 0.1751 0.4763 0.001
![Page 42: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/42.jpg)
42
Anonymity Analysis
Scenario 1: User has some limited information.
τ=.99 τ=.9 τ=.1
5 routers
1000 routers
10 routers
Expected anonymity Downhill Most trusted Random Lower bound
Many @ medium trust 0.0274 0.2519 0.1088 0.01Many @ low trust 0.0550 0.1751 0.4763 0.001
![Page 43: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/43.jpg)
43
Anonymity Analysis
Scenario 2: User and friends run routers. Adversary is strong.
τ=.999 τ=.95 τ=.55 routers
50 routers
1000 routers
Expected anonymity Downhill Most trusted Random Lower bound
Many @ medium trust 0.0274 0.2519 0.1088 0.01Many @ low trust 0.0550 0.1751 0.4763 0.001
![Page 44: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/44.jpg)
44
Linking Analysis• Metric: Connection entropy at times user
communicates.
Example:(u,d1)
t1 t2 t3
(u,d2)(u,d3)
![Page 45: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/45.jpg)
45
Linking Analysis• Metric: Connection entropy at times user
communicates.
Example:(?,d1)
t1 t2 t3
(?,d2) (?,d3)
The adversary may not know the user.
![Page 46: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/46.jpg)
46
Linking Analysis• Metric: Connection entropy at times user
communicates.
Example:(v,d1)
t1 t2 t3
(v,d2) (v,d3)
Connections without dynamic hops may be linked by final hop.
![Page 47: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/47.jpg)
47
Linking Analysis• Metric: Connection entropy at times user
communicates.
Example:(v,d1)
t1 t2 t3
(w,d2)(x,d3)
With dynamic hops, posterior distribution may be more even.
![Page 48: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/48.jpg)
48
Linking Analysis• Metric: Connection entropy at times user
communicates.
Example:(v,d1)
t1 t2 t3
(w,d2)(x,d3)
With dynamic hops, posterior distribution may be more even.
Theorem:Entropy of connection distribution is increased
by using dynamic hops.
![Page 49: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/49.jpg)
49
Trust Errors
Theorem (informal):Error in trust of router r changes expected
anonymity proportional to1. Size of error2. Expected number of times r is used3. Expected relative size of r’s trust set
![Page 50: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/50.jpg)
50
Trust ErrorsErrors in Scenario 1 (many @ medium trust)
Fraction x of low are medium,x/2 of med. are low, x/2 of med. are high,
x of high are medium.
![Page 51: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/51.jpg)
51
Conclusion• Adversaries can attack onion-routing network
like Tor today.• External trust can provide protection.– We provide a model to express the problem and
solution.– We give a path-selection algorithm and show that
it improves anonymity.• Future Work• Dependent compromise• Link adversary• Multiple adversaries per
user
• “Road warrior”• Private trust values• Private adversaries
![Page 52: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/52.jpg)
52
Onion Routing
Users Onion Routers Destinations
1. A user cryptographically constructs a circuit through the network.
![Page 53: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/53.jpg)
53
Onion Routing
Users Onion Routers Destinations
1. A user cryptographically constructs a circuit through the network.
2. A stream to the destination is opened.
![Page 54: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/54.jpg)
54
Onion Routing
Users Onion Routers Destinations
1. A user cryptographically constructs a circuit through the network.
2. A stream to the destination is opened.3. Onion-encrypted data is sent and unwrapped along the circuit.
{{{M}3}2}1
![Page 55: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/55.jpg)
55
Onion Routing
Users Onion Routers Destinations
1. A user cryptographically constructs a circuit through the network.
2. A stream to the destination is opened.3. Onion-encrypted data is sent and unwrapped along the circuit.
{{M}3}2
![Page 56: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/56.jpg)
56
Onion Routing
Users Onion Routers Destinations
1. A user cryptographically constructs a circuit through the network.
2. A stream to the destination is opened.3. Onion-encrypted data is sent and unwrapped along the circuit.
{M}3
![Page 57: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/57.jpg)
57
Onion Routing
Users Onion Routers Destinations
1. A user cryptographically constructs a circuit through the network.
2. A stream to the destination is opened.3. Onion-encrypted data is sent and unwrapped along the circuit.
M
![Page 58: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/58.jpg)
58
Onion Routing
Users Onion Routers Destinations
1. A user cryptographically constructs a circuit through the network.
2. A stream to the destination is opened.3. Onion-encrypted data is sent and unwrapped along the circuit.4. The process runs in reverse for return data.
M’
![Page 59: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/59.jpg)
59
Onion Routing
Users Onion Routers Destinations
1. A user cryptographically constructs a circuit through the network.
2. A stream to the destination is opened.3. Onion-encrypted data is sent and unwrapped along the circuit.4. The process runs in reverse for return data.
{M’}3
![Page 60: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/60.jpg)
60
Onion Routing
Users Onion Routers Destinations
1. A user cryptographically constructs a circuit through the network.
2. A stream to the destination is opened.3. Onion-encrypted data is sent and unwrapped along the circuit.4. The process runs in reverse for return data.
{{M’}3}2
![Page 61: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/61.jpg)
61
Onion Routing
Users Onion Routers Destinations
1. A user cryptographically constructs a circuit through the network.
2. A stream to the destination is opened.3. Onion-encrypted data is sent and unwrapped along the circuit.4. The process runs in reverse for return data.
{{{M’}3}2}1
![Page 62: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/62.jpg)
62
Onion Routing
Users Onion Routers Destinations
1. A user cryptographically constructs a circuit through the network.
2. A stream to the destination is opened.3. Onion-encrypted data is sent and unwrapped along the circuit.4. The process runs in reverse for return data.5. The user changes the circuit periodically.
![Page 63: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/63.jpg)
63
Problems
1. What is trust?• Model adversary– Differs among users
• Model user knowledge– Include uncertainty
2. How to use trust?• Blend user
connections together• Use trust explicitly in
guard nodes• Protect trust
information
![Page 64: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/64.jpg)
64
Model
Agents• Users: U• Routers: R• Destinations: D• Adversaries: {Au}u∈U
Trust• Probability of compromise: cu(r)• Trust: τu(r) = 1 - cu(r)• Known whether source and
destination links are observed
• Naïve users: N⊂U• An1
=An2, n1,n2∈N
• cn(r) = cN, n∈N
![Page 65: Trust-based Anonymous Communication: Models and Routing Algorithms](https://reader036.vdocuments.net/reader036/viewer/2022062520/5681656d550346895dd7fddf/html5/thumbnails/65.jpg)
65
Anonymity Analysis
Scenario 3: Trust is based on geographic region.
τ=0.9 τ=0.5 τ=0.1
350 routers 350 routers 350 routers
Expected anonymity Downhill Most trusted Random Lower bound
Many @ medium trust 0.0274 0.2519 0.1088 0.01Many @ low trust 0.0550 0.1751 0.4763 0.001Equal high/med/low 0.1021 0.1027 0.5000 0.1