MuON: Epidemic Based Mutual Anonymity Neelesh Bansod, Ashish Malgi, Byung Choi and Jean Mayo

Introduction: P2P Networks Peer to peer networks Peers cooperate to achieve each others goals Peers contribute and share resources Focus on unstructured P2P networks Completely distributed

Introduction: P2P Networks Characteristics of P2P networks Large sizes Untrusted participants End-hosts cannot be trusted Churn Continual changes in system membership/topology Rate of change (churn) varies with applications Challenges for anonymous communication Latency, reliability, resource consumption and anonymity need to scale with increasing churn and size.

Anonymity Identities on Internet are not hidden Hide the participant identities and communication Type of anonymity guarantees Initiator anonymity Responder anonymity Mutual anonymity

Anonymity Approaches Anonymity by random path forwarding I C A D B R Message loss Current node leaves the network Increasing churn causes increasing losses

Anonymity Approaches Anonymity by creating routes I C A D B R Creates anonymous routing to forward messages Node on path leaves the network Anonymous path breaks Path needs to be detected and reconstructed Increasing churn causes increasing losses

Anonymity Approaches Anonymity by group communication I C A D B R Suitable for networks with churn Needs multicasting primitive Scalable, reliable and bounded latency Large groups high overhead high anonymity

MuON: Basic idea Public key is used to identify recipient Small header created for each message Header is encrypted using public key of recipient Message and header have suitable encryption, checksums and nonce for confidentiality and integrity. Non-encrypted field in header called owner IP of node (or owner) with message

MuON: Basic idea Header is multicast to all members Use an epidemic protocol for multicasting Reliable delivery to all members Bounded latency in large groups Larger message sent to subgroup Dynamically created subgroups For a given header, a peer pulls the corresponding message from the owner with probability P inter intermediate probability  Node becomes the new owner If a node can decrypt the header, it pulls the message  Reliable delivery at recipient

MuON: Basic idea X B A C R HDR_X

MuON: Basic idea X B C R HDR_X A

MuON: Basic idea X B C R HDR_X HDR_A HDR_X A

MuON: Basic idea X B A C R HDR_A HDR_C HDR_A HDR_X HDR_C

MuON: Basic idea X B A C R HDR_X HDR_B HDR_X HDR_B HDR_C HDR_B

MuON: Basic idea X B A C R HDR_C HDR_B HDR_A

MuON: Reliability

MuON: Latency

MuON: Bandwidth consumption

MuON: Anonymity P inter = 0.1 P inter = 0.3 P inter = 0.5P inter = 0.8

Conclusion Churn in P2P provides interesting challenges Epidemic protocols provide a solution MuON provides reliable anonymous communication with interesting properties Future work Further improve anonymity of MuON Cannot withstand global adversary Investigate use in different applications like service availability

MuON: Message format Sending message from I to S MSG={r 1, id, data}k session Data encrypted with k session for confidentiality Contains nonce r 1 and identifier for integrity Profile (hdr)={r 1, k session, k I +,{H(D)} k I - } k S + D={r 1, k session, k I +,MSG} Message identifier is H(hdr)

Anonymity Guarantees Local eavesdropperWithstands attack Collusion attackWithstands unless all nodes are malicious Timing attackWithstands unless global adversary Traceback attackWithstands unless global adversary Predecessor attackWithstands attack Intersection attackWithstands unless global adversary Message volume attackWithstands unless global adversary

Simulation Model of P2P r: Single run of protocol (150 above) d: Network churn Average session time: (1-d) (r -1)

Reliability

Latency

Header overhead

Data overhead