Experimental Study of Accountability in Existing Anonymous Networks

ABSTRACT

Designing and developing secure peer to peer anonymous content sharing networks (p2pANs) is a great challenge, and many research questions in building such a network remain unanswered. In this project, we take an empirical approach to systematically investigating the anonymity strength of existing p2pANs, the design and development decisions made in existing p2pANs, and the performance and anonymity trade-offs in such networks, with the ultimate goal to build secure p2pANs.

Our current research efforts focus on the popular p2pAN Freenet, which aims to support the anonymity of both content publishers and retrievers. We have thoroughly examined the source code of Freenet, and identified its key design and development features in achieving a balance between performance and anonymity. We have developed two effective attacks on Freenet. The first attack, the routing table insertion attack, allows an attack node to be connected to any arbitrary node on Freenet; while the second attack, a traceback attack, allows an attacker to determine the originating machine of a message. Emulab-based experimental studies showed that, for 24% to 43% of messages, we can identify their originating machines. We are currently investigating countermeasures to prevent or mitigate the two attacks on Freenet to improve its security.

The two attacks have prompted the Freenet project to develop a quick fix to limit the flexibility of the (traceback) attack, with long-term solutions (including ours) under investigation.

Award ID: 1041739