400 likes | 513 Vues
Performance Modeling of Anonymity Protocols. Carey Williamson Niklas Carlsson Andreas Hirt Michael J. Jacobson, Jr. Department of Computer Science University of Calgary Financial support for this research support was provided by:
E N D
Performance Modelingof Anonymity Protocols Carey Williamson Niklas Carlsson Andreas Hirt Michael J. Jacobson, Jr. Department of Computer Science University of Calgary Financial support for this research support was provided by: Natural Sciences and Engineering Research Council (NSERC), Informatics Circle of Research Excellence (iCORE), Alberta Ingenuity Fund (AIF), and Canada Foundation for Innovation (CFI)
Introduction • Anonymous communication conceals who communicates what, to whom, and when • Allows individuals to communicate without fear of embarrassment, ridicule, or retribution • Cornerstone for freedom of speech
Some Real World Applications • Good: • Freedom of speech in totalitarian regime • Crime stoppers • On-line counseling • Whistle blowing • Group evaluations • Military communications • … • Bad: • Organized crime • Terrorist groups • ...
Outline • Review of Anonymity Schemes • Our Work: Buses, Taxis, Motorcyles • Performance Modeling • Numerical Results • Conclusion
Re-routing with Layered Encryption • Layered Encryption: Add layers of encryption to make message contents change each hop hello qkdx iwqm ykrz xmkz
Re-routing with Layered Encryption • Layered Encryption: Add layers of encryption to make message contents change each hop hello iwqm ykrz xmkz
Re-routing with Layered Encryption • Layered Encryption: Add layers of encryption to make message contents change each hop hello ykrz xmkz
Re-routing with Layered Encryption • Layered Encryption: Add layers of encryption to make message contents change each hop • Problem: Timing analysis Sender? hello xmkz hello
Mixes • Senders use nested (layered) encryption along re-routing path • Mixes (re-routing nodes) mix input-output correlations: • Collect input batch • Peel encryption layer away • Output in random order Message 1 Message 2 Message 2 Message 4 Message 3 Message 3 Message 4 Message 1 Message 5 Message 5
Classic Buses Protocol[Beimel and Dolev 2003] • Metaphor: city bus, with regularly scheduled route, which obscures the movements of its messengers • Assume dark windows, and enclosed garages at each stop hello hello
Anonymity in Buses • Sender Anonymity: Suspected sender can claim they are forwarding a message on behalf of any other participant on the bus path • Receiver Anonymity: Suspected receiver can claim they forwarded a message to any other participant on the bus path
Key Ideas in Our Buses • Indirection path: re-routing path on top of bus overlay • Layered Encryption: encryption on reverse indirection path • Owned Seats: Each participant replaces owned seats every bus tour (online) • Receiving seats: bus copied and decrypted offline to find messages
Buses Protocol S R hello
Buses Protocol S R hello xmkz
Buses Protocol S R hello ymkq
Buses Protocol S R hello
Buses Protocol S R hello
Buses Protocol S R hello ymkq xmkz
Buses Protocol S R hello hello xmkz
Improvements with Taxis • Processing Delay decreased by O(n) • Owned seats are delayed once per bus tour instead of n times (see MASCOTS 2008 paper ) • Networking Delay decreased by O(n) • Forwarding of unowned taxis can be pipelined by giving unowned taxis network priority over owned taxis (see MASCOTS 2008 paper)
Improvements with Motorcycles • Routing Path length decreased to O(log n) • Chord-based routing using finger table • Forwarding delay actually increases • More “message transfers” occur at nodes • Still a net win overall!
Model Overview • Performance metric: one-way message delay DSR • Five main components • Sender S must create/encrypt and send message • Load-dependent sender-side delay • Queueing of (average) duration Ws • Load-independent path delay • Path length HSR with (Dproc+Dnet) delay on each node • Load-dependent transfer delay • Queueing at HT transfer nodes, each with duration WT • Target receiver R must decrypt and receive message
Load-independent Delays • N nodes; K seats per node; Dseat processing per seat; s/r transmission time per seat; p per-hop propagation delay
Light Load Case • Light load: No queueing QC 0 • Example: Buses protocol • Dproc ~ N; Dnet ~ N; TC ~ N2; hence, DSR ~ N2 • Scaling behavior • Buses: DSR ~ N2 • Taxis: DSR ~ N • Motorcycles: DSR ~ log2N
Queueing Analysis (1 of 3) • Single-seat (K=1) case • Analysis on per-node basis • New messages at rate /N • Message transfers at rate HT/N • Assume Poisson arrivals at aggregate rate (1+ HT)/N (1+ HT)/N Either: - service period of duration TC - vacation period of duration TC Node i
Queueing Analysis (2 of 3) • Can be shown that generating function • In our system
Queueing Analysis (3 of 3) • Expected queue length • Other metrics “relatively straightforward” to obtain, given the generating function • Variance • State probabilities q0,q1,…,qm
Impact of message generation rate N=4 N=16 • Different saturation points ( 1) • E.g., capacity planning
Buses Impact of node utilization • Queueing delays dominate when > 0.8 • Note higher saturation point … • can sustain higher • Hence, differences even greater than shown … Taxis Motorcycles
Buses Scaling results for light load with K seats per node • Low load results • As expected, scales as (roughly) • Buses N2 • Taxis N • Motorcycles log2N Taxis Motorcycles
Buses Scaling results for different load levels • Relative performance differences maintained at higher loads • In summary: Motorcycles provide a robust and scalable approach for anonymous network communication. Taxis Motorcycles
Conclusions • The average message latency of Practical Buses scales quadratically with number of participants • Analysis, simulation, and experimental results • The average message latency of Taxis scales linearly with the number of participants • Analysis, simulation, and experimental results • The average message latency of Motorcycles scales logarithmically with the number of participants • Analysis and simulation results