Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Proceedings on Privacy Enhancing Technologies

4 Issues per year

Open Access
See all formats and pricing
More options …

Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation

Yaoqi Jia / Guangdong Bai / Prateek Saxena / Zhenkai Liang
Published Online: 2016-07-14 | DOI: https://doi.org/10.1515/popets-2016-0041


The peer-assisted CDN is a new content distribution paradigm supported by CDNs (e.g., Akamai), which enables clients to cache and distribute web content on behalf of a website. Peer-assisted CDNs bring significant bandwidth savings to website operators and reduce network latency for users. In this work, we show that the current designs of peer-assisted CDNs expose clients to privacy-invasive attacks, enabling one client to infer the set of browsed resources of another client. To alleviate this, we propose an anonymous peer-assisted CDN (APAC), which employs content delivery while providing initiator anonymity (i.e., hiding who sends the resource request) and responder anonymity (i.e., hiding who responds to the request) for peers. APAC can be a web service, compatible with current browsers and requiring no client-side changes. Our anonymity analysis shows that our APAC design can preserve a higher level of anonymity than state-of-the-art peer-assisted CDNs. In addition, our evaluation demonstrates that APAC can achieve desired performance gains.

Keywords: Peer-assisted CDNs; Anonymity; Inference Attacks


  • [1] Akamai. http://www.akamai.com/. Accessed: 2015.Google Scholar

  • [2] Akamai netsession interface. http://www.akamai.com/client. Accessed: 2015.Google Scholar

  • [3] Bemtv. http://bem.tv/. Accessed: 2015.Google Scholar

  • [4] Cloudflare. https://www.cloudflare.com/. Accessed: 2015.Google Scholar

  • [5] crypto-js: Javascript implementations of standard and secure cryptographic algorithms. https://code.google.com/p/cryptojs/. Accessed: 2015.Google Scholar

  • [6] The "data" url scheme. http://tools.ietf.org/html/rfc2397. Accessed: 2015.Google Scholar

  • [7] Datagram transport layer security. https://tools.ietf.org/html/rfc4347. Accessed: 2015.Google Scholar

  • [8] Freenet: The free network. https://freenetproject.org. Accessed: 2015.Google Scholar

  • [9] Geolocation api specification. http://www.w3.org/TR/geolocation-API/. Accessed: 2015.Google Scholar

  • [10] htop - an interactive process viewer for unix. http://hisham.hm/htop/. Accessed: 2016.Google Scholar

  • [11] I2p: The invisible internet project. https://geti2p.net/en/. Accessed: 2015.Google Scholar

  • [12] iftop: display bandwidth usage on an interface. http://www.exparrot. com/pdw/iftop/. Accessed: 2016.Google Scholar

  • [13] Indexed database api. http://www.w3.org/TR/IndexedDB/. Accessed: 2015.Google Scholar

  • [14] Network address translation. http://en.wikipedia.org/wiki/Network_address_translation. Accessed: 2015.Google Scholar

  • [15] Octoshape. http://www.octoshape.com/. Accessed: 2015.Google Scholar

  • [16] P2psp. http://www.p2psp.org/webrtc-streaming/. Accessed: 2015.Google Scholar

  • [17] Peercdn. https://peercdn.com/.Google Scholar

  • [18] The peerjs library. http://peerjs.com/. Accessed: 2015.Google Scholar

  • [19] Session traversal utilities for nat (stun). https://tools.ietf.org/html/rfc5389. Accessed: 2015.Google Scholar

  • [20] Swarmify. http://www.swarmify.com/. Accessed: 2015.Google Scholar

  • [21] Tor: Hidden service protocol. https://www.torproject.org/docs/hidden-services.html.en. Accessed: 2015.Google Scholar

  • [22] Total transfer size & total requests. http://httparchive.org/trends.php. Accessed: 2016.Google Scholar

  • [23] The transport layer security (tls) protocol. https://tools.ietf.org/html/rfc5246. Accessed: 2015.Google Scholar

  • [24] Tribler. http://www.tribler.org/. Accessed: 2015.Google Scholar

  • [25] Velocix. http://www.velocix.com/. Accessed: 2014.Google Scholar

  • [26] Webrtc. http://www.webrtc.org/. Accessed: 2015.Google Scholar

  • [27] The weibull distribution. http://reliawiki.org/index.php/The_Weibull_Distribution. Accessed: 2015.Google Scholar

  • [28] Wireshark. https://www.wireshark.org/. Accessed: 2015.Google Scholar

  • [29] P. Aditya, M. Zhao, Y. Lin, A. Haeberlen, P. Druschel, B. M. Maggs, and B. Wishon. Reliable client accounting for p2pinfrastructure hybrids. In NSDI, 2012.Google Scholar

  • [30] M. Akhoondi, C. Yu, and H. V. Madhyastha. Lastor: A lowlatency as-aware tor client. In IEEE S&P, 2012.Google Scholar

  • [31] R. Annessi and M. Schmiedecker. Navigator: Finding faster paths to anonymity. In IEEE Euro S&P, 2016.Google Scholar

  • [32] K. Bauer, D. McCoy, D. Grunwald, and D. Sicker. Bitblender: Light-weight anonymity for bittorrent. In AIPACa, 2008.Google Scholar

  • [33] P. Boucher, A. Shostack, and I. Goldberg. Freedom systems 2.0 architecture. Zero Knowledge Systems, Inc, 2000.Google Scholar

  • [34] J. Boyan. The anonymizer: Protecting user privacy on the web. Computer-Mediated Communication Magazine, 1997.Google Scholar

  • [35] F. Burgstaller, A. Derler, S. Kern, G. Schanner, and A. Reiter. Anonymous communication in the browser via onion-routing.Google Scholar

  • [36] F. Cangialosi, D. Levin, and N. Spring. Ting: Measuring and exploiting latencies between all tor nodes. In IMC, 2015.Google Scholar

  • [37] J. Daemen and V. Rijmen. The design of Rijndael: AES-the advanced encryption standard. 2002.Google Scholar

  • [38] G. Danezis, R. Dingledine, and N. Mathewson. Mixminion: Design of a type iii anonymous remailer protocol. In IEEE S&P, 2003.Google Scholar

  • [39] G. Danezis, C. Lesniewski-Laas, M. F. Kaashoek, and R. Anderson. Sybil-resistant dht routing. In ESORICS. 2005.Google Scholar

  • [40] C. Diaz, S. Seys, J. Claessens, and B. Preneel. Towards measuring anonymity. In PET, 2003.Google Scholar

  • [41] R. Dingledine, N. Mathewson, and P. F. Syverson. Tor: The second-generation onion router. In USENIX Security, 2004.Google Scholar

  • [42] J. R. Douceur. The sybil attack. In Peer-to-peer Systems. 2002.Google Scholar

  • [43] M. El Dick, E. Pacitti, and B. Kemme. Flower-cdn: a hybrid p2p overlay for efficient query processing in cdn. In EDBT, 2009.Google Scholar

  • [44] M. J. Freedman. Experiences with coralcdn: A five-year operational view. In NSDI, 2010.Google Scholar

  • [45] M. J. Freedman, E. Freudenthal, and D. Mazières. Democratizing content publication with coral. In NSDI, 2004.Google Scholar

  • [46] M. J. Freedman and R. Morris. Tarzan: A peer-to-peer anonymizing network layer. In CCS, 2002.Google Scholar

  • [47] Y. Gao, L. Deng, A. Kuzmanovic, and Y. Chen. Internet cache pollution attacks and countermeasures. In ICNP, 2006.Google Scholar

  • [48] C. Huang, A. Wang, J. Li, and K. W. Ross. Understanding hybrid cdn-p2p: why limelight needs its own red swoosh. In NOSSDAV, 2008.Google Scholar

  • [49] T. Isdal, M. Piatek, A. Krishnamurthy, and T. Anderson. Privacy-preserving p2p data sharing with oneswarm. In CCR, 2010.Google Scholar

  • [50] S. Iyer, A. Rowstron, and P. Druschel. Squirrel: A decentralized peer-to-peer web cache. In PODC, 2002.Google Scholar

  • [51] Y. Jia, Y. Chen, X. Dong, P. Saxena, J. Mao, and Z. Liang. Man-in-the-browser-cache: Persisting https attacks via browser cache poisoning. Computers & Security, 2015.Google Scholar

  • [52] Y. Jia, X. Dong, Z. Liang, and P. Saxena. I know where you’ve been: Geo-inference attacks via the browser cache. IEEE Internet Computing, 2014.Google Scholar

  • [53] T. Karagiannis, P. Rodriguez, and K. Papagiannaki. Should internet service providers fear peer-assisted content distribution? In SIGCOMM, 2005.Google Scholar

  • [54] S. Le Blond, A. Uritesc, C. Gilbert, Z. L. Chua, P. Saxena, and E. Kirda. A look at targeted attacks through the lense of an ngo. In USENIX Security, 2014.Google Scholar

  • [55] C. Liu, R. W. White, and S. Dumais. Understanding web browsing behaviors through weibull analysis of dwell time. In SIGIR, 2010.Google Scholar

  • [56] A. Mislove, G. Oberoi, A. Post, C. Reis, P. Druschel, and D. S. Wallach. Ap3: Cooperative, decentralized anonymous communication. In SIGOPS European Workshop, 2004.Google Scholar

  • [57] P. Mittal and N. Borisov. Shadowwalker: peer-to-peer anonymous communication using redundant structured topologies. In CCS, 2009.Google Scholar

  • [58] P. Mittal, F. Olumofin, C. Troncoso, N. Borisov, and I. Goldberg. Pir-tor: scalable anonymous communication using private information retrieval. In USENIX Security, 2011.Google Scholar

  • [59] P. Mittal, M. Wright, and N. Borisov. Pisces: Anonymous communication using social networks. In NDSS, 2012.Google Scholar

  • [60] U. Möller, L. Cottrell, P. Palfrader, and L. Sassaman. Mixmaster protocol-version 2. 2003. Google Scholar

  • [61] G. Nakibly, J. Schcolnik, and Y. Rubin. Website-targeted false content injection by network operators. arXiv preprint arXiv:1602.07128, 2016.Google Scholar

  • [62] A. Nambiar and M. Wright. Salsa: a structured approach to large-scale anonymity. In CCS, 2006.Google Scholar

  • [63] T. Peng, C. Leckie, and K. Ramamohanarao. Survey of network-based defense mechanisms countering the dos and ddos problems. CSUR, 2007.Google Scholar

  • [64] M. G. Reed, P. F. Syverson, and D. M. Goldschlag. Anonymous connections and onion routing. J-SAC, 1998.Google Scholar

  • [65] M. K. Reiter and A. D. Rubin. Crowds: Anonymity for web transactions. TISSEC, 1998.Google Scholar

  • [66] M. Rennhard and B. Plattner. Introducing morphmix: peer-topeer based anonymous internet usage with collusion detection. In WPES, 2002.Google Scholar

  • [67] V. Scarlata, B. N. Levine, and C. Shields. Responder anonymity and anonymous peer-to-peer file sharing. In ICNP, 2001.Google Scholar

  • [68] D. Stutzbach and R. Rejaie. Understanding churn in peer-topeer networks. In Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, pages 189-202. ACM, 2006.Google Scholar

  • [69] J. Terrace, H. Laidlaw, H. E. Liu, S. Stern, and M. J. Freedman. Bringing p2p to the web: Security and privacy in the firecoral network. In IPTPS, 2009.Google Scholar

  • [70] L. Vu, I. Gupta, K. Nahrstedt, and J. Liang. Understanding overlay characteristics of a large-scale peer-to-peer iptv system. TOMCCAP, 2010.Google Scholar

  • [71] T. Wang, K. Bauer, C. Forero, and I. Goldberg. Congestionaware path selection for tor. In FC. 2012.Google Scholar

  • [72] G. Wondracek, T. Holz, E. Kirda, and C. Kruegel. A practical attack to de-anonymize social network users. In IEEE S&P, 2010.Google Scholar

  • [73] H. Yin, X. Liu, T. Zhan, V. Sekar, F. Qiu, C. Lin, H. Zhang, and B. Li. Design and deployment of a hybrid cdn-p2p system for live video streaming: experiences with livesky. In MM, 2009.Google Scholar

  • [74] H. Yu, C. Shi, M. Kaminsky, P. B. Gibbons, and F. Xiao. Dsybil: Optimal sybil-resistance for recommendation systems. In IEEE S&P, 2009.Google Scholar

  • [75] J. Zhang, H. Duan, W. Liu, and J. Wu. Anonymity analysis of p2p anonymous communication systems. Computer Communications, 2011.Google Scholar

  • [76] L. Zhang, F. Zhou, A. Mislove, and R. Sundaram. Maygh: Building a cdn from client web browsers. In EuroSys, 2013.Google Scholar

  • [77] M. Zhao, P. Aditya, A. Chen, Y. Lin, A. Haeberlen, P. Druschel, B. Maggs, B. Wishon, and M. Ponec. Peer-assisted content distribution in akamai netsession. In IMC, 2013.Google Scholar

About the article

Received: 2016-02-29

Revised: 2016-06-02

Accepted: 2016-06-02

Published Online: 2016-07-14

Published in Print: 2016-10-01

Citation Information: Proceedings on Privacy Enhancing Technologies, Volume 2016, Issue 4, Pages 294–314, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2016-0041.

Export Citation

© 2016. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. BY-NC-ND 4.0

Comments (0)

Please log in or register to comment.
Log in