Visible to the public Analyzing an Adaptive Reputation Metric for Anonymity Systems

TitleAnalyzing an Adaptive Reputation Metric for Anonymity Systems
Publication TypeConference Paper
Year of Publication2014
AuthorsDas, Anupam, Borisov, Nikita, Caesar, Matthew
Conference NameProceedings of the 2014 Symposium and Bootcamp on the Science of Security
Conference LocationRaleigh, NC, USA
ISBN Number978-1-4503-2907-1
KeywordsACM CCS, anonymity, Concurrency and Timing, Database and Storage Security, Formal Methods and Theory of Security, Foundations, Information Accountability and Usage Control, PID controller, reputation model, Resilient Systems, science of security, security metrics, Tor network

Low-latency anonymity systems such as Tor rely on intermediate relays to forward user traffic; these relays, however, are often unreliable, resulting in a degraded user experience. Worse yet, malicious relays may introduce deliberate failures in a strategic manner in order to increase their chance of compromising anonymity. In this paper we propose using a reputation metric that can profile the reliability of relays in an anonymity system based on users' past experience. The two main challenges in building a reputation-based system for an anonymity system are: first, malicious participants can strategically oscillate between good and malicious nature to evade detection, and second, an observed failure in an anonymous communication cannot be uniquely attributed to a single relay. Our proposed framework addresses the former challenge by using a proportional-integral-derivative (PID) controller-based reputation metric that ensures malicious relays adopting time-varying strategic behavior obtain low reputation scores over time, and the latter by introducing a filtering scheme based on the evaluated reputation score to effectively discard relays mounting attacks. We collect data from the live Tor network and perform simulations to validate the proposed reputation-based filtering scheme. We show that an attacker does not gain any significant benefit by performing deliberate failures in the presence of the proposed reputation framework.

Citation KeyDas:2014:AAR:2600176.2600187