Abstract
Node discovery is a fundamental service for any overlay network. It is a particular challenge to provide unbiased discovery in untrustworthy environments, e.g., anonymization networks. Although a major line of research focused on solving this problem, proposed methods have been shown to be vulnerable either to active attacks or to leak routing information, both threatening the anonymity of users. In response, we propose GuardedGossip—a novel gossip-based node discovery protocol—that achieves an unbiased random node discovery in a fully-decentralized and highly-scalable fashion. It is built on top of a Chord distributed hash table (DHT) and relies on witness nodes and bound checks to resist active attacks. To limit routing information leakages, GuardedGossip uses gossi** to create uncertainty in the process of node discovery. By incorporating the principles of DHTs with the unstructured nature of gossi** in a subtle way, we profit from the strengths of both techniques while carefully mitigating their shortcomings. We show that GuardedGossip provides a sufficient level of security for users even if 20% of the participating nodes are malicious. Concurrently, our system scales gracefully and provides an adequate overhead for its security and privacy benefits.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Torproject.org Blocked by GFW in China: Sooner or Later? (2008). https://blog.torproject.org/torprojectorg-blocked-gfw-china-sooner-or-later
Tor Directory Protocol, Version 3 (2018). https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt
Tor Metrics (2021). https://metrics.torproject.org/
Artigas, M.S., et al.: Cyclone: a novel design schema for hierarchical DHTs. In: P2P (2005)
Backes, M., et al.: Adding query privacy to robust DHTs. In: ASIA CCS (2012)
Borisov, N., et al.: Denial of service or denial of security? How attacks on reliability can compromise anonymity. In: CCS (2007)
Castro, M., et al.: Secure routing for structured peer-to-peer overlay networks. In: OSDI (2002)
Danezis, G., Clayton, R.: Route fingerprinting in anonymous communications. In: P2P (2006)
Danezis, G., Syverson, P.: Bridging and fingerprinting: epistemic attacks on route selection. In: Borisov, N., Goldberg, I. (eds.) PETS 2008. LNCS, vol. 5134, pp. 151–166. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70630-4_10
Dingledine, R., Mathewson, N.: Tor Protocol Specification (2018). https://gitweb.torproject.org/torspec.git/plain/tor-spec.txt
Dingledine, R., et al.: Tor: the second-generation onion router. In: USENIX Security Symposium (2004)
Freedman, M.J., Morris, R.: Tarzan: a peer-to-peer anonymizing network layer. In: CCS (2002)
Kapadia, A., Triandopoulos, N.: Halo: high-assurance locate for distributed hash tables. In: NDSS (2008)
McLachlan, J., et al.: Scalable onion routing with Torsk. In: CCS (2009)
Mislove, A., et al.: AP3: cooperative, decentralized anonymous communication. In: ACM SIGOPS European Workshop (2004)
Mittal, P., Borisov, N.: Information leaks in structured peer-to-peer anonymous communication systems. In: CCS (2008)
Mittal, P., Borisov, N.: ShadowWalker: peer-to-peer anonymous communication using redundant structured topologies. In: CCS (2009)
Mittal, P., et al.: PIR-Tor: scalable anonymous communication using private information retrieval. In: USENIX Security Symposium (2011)
Nambiar, A., Wright, M.: Salsa: a structured approach to large-scale anonymity. In: CCS (2006)
Panchenko, A., et al.: NISAN: network information service for anonymization networks. In: CCS (2009)
Rennhard, M., Plattner, B.: Introducing MorphMix: peer-to-peer based anonymous internet usage with collusion detection. In: WPES (2002)
Rowstron, A., Druschel, P.: Pastry: scalable, decentralized object location and routing for large-scale peer-to-peer systems. In: IFIP/ACM Middleware (2001)
Sasy, S., Goldberg, I.: ConsenSGX: scaling anonymous communications networks with trusted execution environments. In: PETS (2019)
Schuchard, M., et al.: Balancing the shadows. In: WPES (2010)
Tabriz, P., Borisov, N.: Breaking the collusion detection mechanism of MorphMix. In: PETS (2006)
Wang, Q., Borisov, N.: Octopus: a secure and anonymous DHT lookup. In: ICDCS (2012)
Wang, Q., et al.. In search of an anonymous and secure lookup: attacks on structured peer-to-peer anonymous communication systems. In: CCS (2010)
Zhuang, L., et al.: Cashmere: resilient anonymous routing. In: NSDI (2005)
Acknowledgments
Parts of this work have been funded by the EU and state Brandenburg EFRE StaF project INSPIRE.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Bound Checking
Given a FT, bound checking is performed as follows: Initially, the node density d is computed. Ideally, this can be done by deriving \(d=\frac{N}{n}\), where N is the ID space size of the DHT and n is the number of active nodes. However, n is usually not known. Thus, each peer computes means of the distance between the actual IDs in its FT and optimal IDs (as if all IDs would exist). The mean distance is then multiplied with a finger table tolerance factor \(\gamma > 0\). Finally, to verify the plausibility of a given FT g the GuardedGossip node applies the following constraint \(d_{g} < \gamma d\) to check whether the FT g is manipulated. In our work, we use \(\gamma = \sqrt{\frac{1}{f}}\), where f is the (supposed) fraction of colluding malicious nodes. As the actual fraction of colluding malicious nodes is not known by the users, \(\gamma \) corresponds to the estimated maximum fraction of malicious nodes that is supposed to be tolerated by our approach.
To assess the optimal value of \(\gamma \), we rely on the approach used to detect routing failures in [7]. As the value of \(\gamma \) depends on the false positives rate \(\alpha \) (i.e., a correct FT is falsely detected as manipulated) and the false negatives rate \(\beta \) (i.e., a manipulated FT is detected as correct), here we aim to minimize both, \(\alpha \) and \(\beta \), simultaneously. To this end, we deal with the total number n of all uniformly sampled active nodes within the ID space N. According to [7], the distances between consecutive node IDs within a FT can be modeled by independent exponentially distributed random variables with a mean of \(\frac{N}{n}\). Similarly, the distance between consecutive malicious nodes can be modeled using exponential distribution with a mean of \(\frac{N}{f \cdot n}\), where f is the fraction of malicious nodes. We construct a new random variable by summing up the distances between nodes in the FT of the verifying node (denoted as \(S_{o}\)) and the distances between nodes in the retrieved FT to be verified by that node (denoted as \(S_{v}\)). Given that k denotes the FT size, the values of \(\frac{1}{k} \cdot S_{o}\) and \(\frac{1}{k} \cdot S_{v}\) measure the mean distances between node IDs in the FT of the verifying node and the retrieved FT to be verified by that node using bound checking. Now, the false positive rate \(\alpha \) can be expressed by the probability \(\alpha (k, \gamma , f) = Pr \left( \frac{1}{k} \cdot S_{v} > \gamma \frac{1}{k} \cdot S_{o} \right) \). Similarly, the false negative rate \(\beta \) is computed as follows: \(\beta (k, \gamma , f) = Pr \left( \frac{1}{k} \cdot S_{v} < \gamma \frac{1}{k} \cdot S_{o} \right) .\) According to [7], the false positives and false negatives get minimized if \(\alpha = \beta \). Thus, we obtain the following equation: \(\alpha (k, \gamma , f) = \beta (k, \gamma , f)\), from which \(\gamma \) can be computed. Moreover, \(S_{o}\) and \(S_{v}\), are \(\gamma \)-distributed with a shape parameter k and scale parameters \(\frac{n}{N}\) and \(\frac{f \cdot n}{N}\), correspondingly. The use of the gamma distribution and solving the equation by \(\gamma \) finally yields \(\gamma = \sqrt{\frac{1}{f}}\).
We performed experiments to check these theoretical results. Figure 8 shows the bounds checking false positive rate \(\alpha \), the false negative rate \(\beta \) and the objective function for the optimization of \(\alpha + \beta \), which is intended for minimization over the threshold \(\gamma > 0\). As suggested in [7], the minimal cumulated error is achieved in case of \(\alpha = \beta \), which justifies our computation of \(\gamma \).
B Completeness of Node Discovery
To achieve a sufficient level of anonymity, GuardedGossip should deliver random nodes from the set of all active nodes in the network. Thus, the attacker cannot influence the selection of nodes for anonymized user connections except by injecting more peers in the network. As the list of guarded nodes is the only source in our approach providing nodes for building user connections, we analyze its content with respect to its completeness. Figure 9 shows the fraction of nodes collected in individual lists of guarded nodes during the operation of GuardedGossip over time. For an increasing number of iterations, the fraction of nodes observed in guarded lists (measured by 95% quantiles) converges to 100%. Already after 1000 iterations, almost all GuardedGossip nodes have seen other active nodes forming the half of the network. This also confirms the expectation that staying longer in the network increases the coverage of discovered nodes. Every node also gets a chance to be discovered by all network participants.
C Number of Nodes in Gossiped and Guarded Lists
We also explore the average number of nodes contained in both the gossiped list and the guarded list. Figure 10 shows that the size of the guarded list rapidly increases already in the beginning of operation of our approach, i.e., after 20 iterations. On the other hand, the number of nodes in the gossiped list increases slower, i.e., after 100 iterations it becomes stable. The guarded list grows faster as it gets filled by the whole FTs whereas the gossiped list only by single entries. We observe that the size of the network does not influence the bootstrap** process of the guarded list and has only a moderate impact on the size of gossiped list. Naturally, for an increasing network size the steady state of the gossiped list is reached earlier as more nodes participate in the gossi** process. However, even for small networks with 1000 nodes we achieve a sufficient number of nodes after approximately 150 iterations. This ensures fluctuations within the lists (once both lists are completely filled, some nodes are discarded in favor of new nodes) so that it becomes more difficult for an attacker to promote favorable nodes due to the constant rotation of nodes in the gossiped list.
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Panchenko, A., Mitseva, A., Ziemann, T., Hering, T. (2021). GuardedGossip: Secure and Anonymous Node Discovery in Untrustworthy Networks. In: Garcia-Alfaro, J., Li, S., Poovendran, R., Debar, H., Yung, M. (eds) Security and Privacy in Communication Networks. SecureComm 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 398. Springer, Cham. https://doi.org/10.1007/978-3-030-90019-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-90019-9_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90018-2
Online ISBN: 978-3-030-90019-9
eBook Packages: Computer ScienceComputer Science (R0)