Jump to ContentJump to Main Navigation
Show Summary Details

Proceedings on Privacy Enhancing Technologies

2 Issues per year

Open Access
Online
ISSN
2299-0984
See all formats and pricing




Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation

Yaoqi Jia
  • National University of Singapore
  • :
/ Guangdong Bai
  • National University of Singapore
  • :
/ Prateek Saxena
  • National University of Singapore
  • :
/ Zhenkai Liang
  • National University of Singapore
  • :
Published Online: 2016-07-14 | DOI: https://doi.org/10.1515/popets-2016-0041

Abstract

The peer-assisted CDN is a new content distribution paradigm supported by CDNs (e.g., Akamai), which enables clients to cache and distribute web content on behalf of a website. Peer-assisted CDNs bring significant bandwidth savings to website operators and reduce network latency for users. In this work, we show that the current designs of peer-assisted CDNs expose clients to privacy-invasive attacks, enabling one client to infer the set of browsed resources of another client. To alleviate this, we propose an anonymous peer-assisted CDN (APAC), which employs content delivery while providing initiator anonymity (i.e., hiding who sends the resource request) and responder anonymity (i.e., hiding who responds to the request) for peers. APAC can be a web service, compatible with current browsers and requiring no client-side changes. Our anonymity analysis shows that our APAC design can preserve a higher level of anonymity than state-of-the-art peer-assisted CDNs. In addition, our evaluation demonstrates that APAC can achieve desired performance gains.

Keywords: Peer-assisted CDNs; Anonymity; Inference Attacks

References

  • [1] Akamai. http://www.akamai.com/. Accessed: 2015.

  • [2] Akamai netsession interface. http://www.akamai.com/client. Accessed: 2015.

  • [3] Bemtv. http://bem.tv/. Accessed: 2015.

  • [4] Cloudflare. https://www.cloudflare.com/. Accessed: 2015.

  • [5] crypto-js: Javascript implementations of standard and secure cryptographic algorithms. https://code.google.com/p/cryptojs/. Accessed: 2015.

  • [6] The "data" url scheme. http://tools.ietf.org/html/rfc2397. Accessed: 2015.

  • [7] Datagram transport layer security. https://tools.ietf.org/html/rfc4347. Accessed: 2015.

  • [8] Freenet: The free network. https://freenetproject.org. Accessed: 2015.

  • [9] Geolocation api specification. http://www.w3.org/TR/geolocation-API/. Accessed: 2015.

  • [10] htop - an interactive process viewer for unix. http://hisham.hm/htop/. Accessed: 2016.

  • [11] I2p: The invisible internet project. https://geti2p.net/en/. Accessed: 2015.

  • [12] iftop: display bandwidth usage on an interface. http://www.exparrot. com/pdw/iftop/. Accessed: 2016.

  • [13] Indexed database api. http://www.w3.org/TR/IndexedDB/. Accessed: 2015.

  • [14] Network address translation. http://en.wikipedia.org/wiki/Network_address_translation. Accessed: 2015.

  • [15] Octoshape. http://www.octoshape.com/. Accessed: 2015.

  • [16] P2psp. http://www.p2psp.org/webrtc-streaming/. Accessed: 2015.

  • [17] Peercdn. https://peercdn.com/.

  • [18] The peerjs library. http://peerjs.com/. Accessed: 2015.

  • [19] Session traversal utilities for nat (stun). https://tools.ietf.org/html/rfc5389. Accessed: 2015.

  • [20] Swarmify. http://www.swarmify.com/. Accessed: 2015.

  • [21] Tor: Hidden service protocol. https://www.torproject.org/docs/hidden-services.html.en. Accessed: 2015.

  • [22] Total transfer size & total requests. http://httparchive.org/trends.php. Accessed: 2016.

  • [23] The transport layer security (tls) protocol. https://tools.ietf.org/html/rfc5246. Accessed: 2015.

  • [24] Tribler. http://www.tribler.org/. Accessed: 2015.

  • [25] Velocix. http://www.velocix.com/. Accessed: 2014.

  • [26] Webrtc. http://www.webrtc.org/. Accessed: 2015.

  • [27] The weibull distribution. http://reliawiki.org/index.php/The_Weibull_Distribution. Accessed: 2015.

  • [28] Wireshark. https://www.wireshark.org/. Accessed: 2015.

  • [29] P. Aditya, M. Zhao, Y. Lin, A. Haeberlen, P. Druschel, B. M. Maggs, and B. Wishon. Reliable client accounting for p2pinfrastructure hybrids. In NSDI, 2012.

  • [30] M. Akhoondi, C. Yu, and H. V. Madhyastha. Lastor: A lowlatency as-aware tor client. In IEEE S&P, 2012.

  • [31] R. Annessi and M. Schmiedecker. Navigator: Finding faster paths to anonymity. In IEEE Euro S&P, 2016.

  • [32] K. Bauer, D. McCoy, D. Grunwald, and D. Sicker. Bitblender: Light-weight anonymity for bittorrent. In AIPACa, 2008.

  • [33] P. Boucher, A. Shostack, and I. Goldberg. Freedom systems 2.0 architecture. Zero Knowledge Systems, Inc, 2000.

  • [34] J. Boyan. The anonymizer: Protecting user privacy on the web. Computer-Mediated Communication Magazine, 1997.

  • [35] F. Burgstaller, A. Derler, S. Kern, G. Schanner, and A. Reiter. Anonymous communication in the browser via onion-routing.

  • [36] F. Cangialosi, D. Levin, and N. Spring. Ting: Measuring and exploiting latencies between all tor nodes. In IMC, 2015.

  • [37] J. Daemen and V. Rijmen. The design of Rijndael: AES-the advanced encryption standard. 2002.

  • [38] G. Danezis, R. Dingledine, and N. Mathewson. Mixminion: Design of a type iii anonymous remailer protocol. In IEEE S&P, 2003.

  • [39] G. Danezis, C. Lesniewski-Laas, M. F. Kaashoek, and R. Anderson. Sybil-resistant dht routing. In ESORICS. 2005.

  • [40] C. Diaz, S. Seys, J. Claessens, and B. Preneel. Towards measuring anonymity. In PET, 2003.

  • [41] R. Dingledine, N. Mathewson, and P. F. Syverson. Tor: The second-generation onion router. In USENIX Security, 2004.

  • [42] J. R. Douceur. The sybil attack. In Peer-to-peer Systems. 2002.

  • [43] M. El Dick, E. Pacitti, and B. Kemme. Flower-cdn: a hybrid p2p overlay for efficient query processing in cdn. In EDBT, 2009.

  • [44] M. J. Freedman. Experiences with coralcdn: A five-year operational view. In NSDI, 2010.

  • [45] M. J. Freedman, E. Freudenthal, and D. Mazières. Democratizing content publication with coral. In NSDI, 2004.

  • [46] M. J. Freedman and R. Morris. Tarzan: A peer-to-peer anonymizing network layer. In CCS, 2002.

  • [47] Y. Gao, L. Deng, A. Kuzmanovic, and Y. Chen. Internet cache pollution attacks and countermeasures. In ICNP, 2006.

  • [48] C. Huang, A. Wang, J. Li, and K. W. Ross. Understanding hybrid cdn-p2p: why limelight needs its own red swoosh. In NOSSDAV, 2008.

  • [49] T. Isdal, M. Piatek, A. Krishnamurthy, and T. Anderson. Privacy-preserving p2p data sharing with oneswarm. In CCR, 2010.

  • [50] S. Iyer, A. Rowstron, and P. Druschel. Squirrel: A decentralized peer-to-peer web cache. In PODC, 2002.

  • [51] Y. Jia, Y. Chen, X. Dong, P. Saxena, J. Mao, and Z. Liang. Man-in-the-browser-cache: Persisting https attacks via browser cache poisoning. Computers & Security, 2015.

  • [52] Y. Jia, X. Dong, Z. Liang, and P. Saxena. I know where you’ve been: Geo-inference attacks via the browser cache. IEEE Internet Computing, 2014.

  • [53] T. Karagiannis, P. Rodriguez, and K. Papagiannaki. Should internet service providers fear peer-assisted content distribution? In SIGCOMM, 2005.

  • [54] S. Le Blond, A. Uritesc, C. Gilbert, Z. L. Chua, P. Saxena, and E. Kirda. A look at targeted attacks through the lense of an ngo. In USENIX Security, 2014.

  • [55] C. Liu, R. W. White, and S. Dumais. Understanding web browsing behaviors through weibull analysis of dwell time. In SIGIR, 2010.

  • [56] A. Mislove, G. Oberoi, A. Post, C. Reis, P. Druschel, and D. S. Wallach. Ap3: Cooperative, decentralized anonymous communication. In SIGOPS European Workshop, 2004.

  • [57] P. Mittal and N. Borisov. Shadowwalker: peer-to-peer anonymous communication using redundant structured topologies. In CCS, 2009.

  • [58] P. Mittal, F. Olumofin, C. Troncoso, N. Borisov, and I. Goldberg. Pir-tor: scalable anonymous communication using private information retrieval. In USENIX Security, 2011.

  • [59] P. Mittal, M. Wright, and N. Borisov. Pisces: Anonymous communication using social networks. In NDSS, 2012.

  • [60] U. Möller, L. Cottrell, P. Palfrader, and L. Sassaman. Mixmaster protocol-version 2. 2003.

  • [61] G. Nakibly, J. Schcolnik, and Y. Rubin. Website-targeted false content injection by network operators. arXiv preprint arXiv:1602.07128, 2016.

  • [62] A. Nambiar and M. Wright. Salsa: a structured approach to large-scale anonymity. In CCS, 2006.

  • [63] T. Peng, C. Leckie, and K. Ramamohanarao. Survey of network-based defense mechanisms countering the dos and ddos problems. CSUR, 2007.

  • [64] M. G. Reed, P. F. Syverson, and D. M. Goldschlag. Anonymous connections and onion routing. J-SAC, 1998.

  • [65] M. K. Reiter and A. D. Rubin. Crowds: Anonymity for web transactions. TISSEC, 1998.

  • [66] M. Rennhard and B. Plattner. Introducing morphmix: peer-topeer based anonymous internet usage with collusion detection. In WPES, 2002.

  • [67] V. Scarlata, B. N. Levine, and C. Shields. Responder anonymity and anonymous peer-to-peer file sharing. In ICNP, 2001.

  • [68] D. Stutzbach and R. Rejaie. Understanding churn in peer-topeer networks. In Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, pages 189-202. ACM, 2006.

  • [69] J. Terrace, H. Laidlaw, H. E. Liu, S. Stern, and M. J. Freedman. Bringing p2p to the web: Security and privacy in the firecoral network. In IPTPS, 2009.

  • [70] L. Vu, I. Gupta, K. Nahrstedt, and J. Liang. Understanding overlay characteristics of a large-scale peer-to-peer iptv system. TOMCCAP, 2010.

  • [71] T. Wang, K. Bauer, C. Forero, and I. Goldberg. Congestionaware path selection for tor. In FC. 2012.

  • [72] G. Wondracek, T. Holz, E. Kirda, and C. Kruegel. A practical attack to de-anonymize social network users. In IEEE S&P, 2010.

  • [73] H. Yin, X. Liu, T. Zhan, V. Sekar, F. Qiu, C. Lin, H. Zhang, and B. Li. Design and deployment of a hybrid cdn-p2p system for live video streaming: experiences with livesky. In MM, 2009.

  • [74] H. Yu, C. Shi, M. Kaminsky, P. B. Gibbons, and F. Xiao. Dsybil: Optimal sybil-resistance for recommendation systems. In IEEE S&P, 2009.

  • [75] J. Zhang, H. Duan, W. Liu, and J. Wu. Anonymity analysis of p2p anonymous communication systems. Computer Communications, 2011.

  • [76] L. Zhang, F. Zhou, A. Mislove, and R. Sundaram. Maygh: Building a cdn from client web browsers. In EuroSys, 2013.

  • [77] M. Zhao, P. Aditya, A. Chen, Y. Lin, A. Haeberlen, P. Druschel, B. Maggs, B. Wishon, and M. Ponec. Peer-assisted content distribution in akamai netsession. In IMC, 2013.


Received: 2016-02-29

Revised: 2016-06-02

Accepted: 2016-06-02

Published Online: 2016-07-14

Published in Print: 2016-10-01


Citation Information: Proceedings on Privacy Enhancing Technologies. Volume 2016, Issue 4, Pages 294–314, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2016-0041, July 2016

© 2016. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. (CC BY-NC-ND 4.0)

Comments (0)

Please log in or register to comment.