Enhancing the Unlinkability of Circuit-Based Anonymous Communications with k-Funnels

Vítor Nunes; José Brás; Afonso Carvalho; Diogo Barradas; Kevin Gallagher; Nuno Santos

Informações chave

Autores:

Vítor Nunes (Vítor Manuel Sobrinho Nunes); José Brás (José Brás); Afonso Carvalho (Afonso Manuel Vieira Machado Barros de Carvalho); Diogo Barradas (Diogo Miguel Barrinha Barradas); Kevin Gallagher (Kevin Christopher Gallagher); Nuno Santos (Nuno Miguel Carvalho dos Santos)

Publicado em

28/11/2023

Resumo

research-article Open access Enhancing the Unlinkability of Circuit-Based Anonymous Communications with k-Funnels Authors: Vítor Nunes, José Brás, Afonso Carvalho, Diogo Barradas, Kevin Gallagher, Nuno SantosAuthors Info & Claims Proceedings of the ACM on Networking, Volume 1, Issue CoNEXT3 Article No.: 18, Pages 1 - 26 https://doi.org/10.1145/3629140 Published: 28 November 2023 Publication History 0 citation 330 Downloads PDF eReader Proceedings of the ACM on Networking Volume 1, Issue CoNEXT3 Previous Next Abstract References Index Terms Recommendations Comments ACM Digital Library Information & Contributors Bibliometrics & Citations View Options References94 Share Abstract Anonymous communication systems are essential tools for preserving privacy and freedom of expression. However, traffic analysis attacks make it challenging to maintain unlinkability in circuit-based anonymity networks like Tor, enabling adversaries to deanonymize communications. To address this problem, we introduce k-funnel, a new security primitive that enhances the unlinkability of circuit-based anonymity networks, and we present BriK, a Tor pluggable transport that implements k-funnels. k-Funnels offer k-anonymity to a group of k clients by jointly tunneling their circuits' traffic through a bridge while ensuring that the client-generated flows are indistinguishable. BriK incorporates several defense mechanisms against traffic analysis attacks, including traffic shaping schemes, synchronization protocols, and approaches for monitoring exposure to statistical disclosure attacks. Our evaluation shows that BriK is able to support web browsing and video streaming while offering k-anonymity. We evaluate the security of BriK against traffic correlation attacks leveraging state-of-the-art deep learning classifiers without considering auxiliary information and find it highly resistant. Although k-funnels require the cooperation of mutually trusted clients, limiting their coordination, our work presents a new practical solution to strengthen unlinkability in circuit-based anonymity systems. References [1] Ittai Abraham, Benny Pinkas, and Avishay Yanai. 2020. Blinder--Scalable, Robust Anonymous Committed Broadcast. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1233--1252. Digital Library Google Scholar [2] Masoud Akhoondi, Curtis Yu, and Harsha V. Madhyastha. 2012. LASTor: A low-latency AS-aware Tor client. In Proceedings of the IEEE Symposium on Security and Privacy. Google Scholar [3] Nikolaos Alexopoulos, Aggelos Kiayias, Riivo Talviste, and Thomas Zacharias. 2017. MCMix: Anonymous Messaging via Secure Multiparty Computation. In Proceedings of the USENIX Security Symposium. 1217--1234. Google Scholar [4] Mishari Almishari and Gene Tsudik. 2012. Exploring linkability of user reviews. In Proceedings of the European Symposium on Research in Computer Security. 307--324. Crossref Google Scholar Show all references Index Terms Enhancing the Unlinkability of Circuit-Based Anonymous Communications with k-Funnels Networks Network properties Network privacy and anonymity Security and privacy Human and societal aspects of security and privacy Usability in security and privacy Security services Privacy-preserving protocols Pseudonymity, anonymity and untraceability Recommendations Improving the Privacy of Tor Onion Services Applied Cryptography and Network Security Read More AnoA: A Framework for Analyzing Anonymous Communication Protocols CSF '13: Proceedings of the 2013 IEEE 26th Computer Security Foundations Symposium Read More Bridging unlinkability and data utility: Privacy preserving data publication schemes for healthcare informatics Read More Comments Download PDF View Issue’s Table of Contents Close modal Export Citations BibTeX @article{10.1145/3629140, author = {Nunes, V\'{\i}tor and Br\'{a}s, Jos\'{e} and Carvalho, Afonso and Barradas, Diogo and Gallagher, Kevin and Santos, Nuno}, title = {Enhancing the Unlinkability of Circuit-Based Anonymous Communications with k-Funnels}, year = {2023}, issue_date = {December 2023}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, volume = {1}, number = {CoNEXT3}, url = {https://doi.org/10.1145/3629140}, doi = {10.1145/3629140}, abstract = {Anonymous communication systems are essential tools for preserving privacy and freedom of expression. However, traffic analysis attacks make it challenging to maintain unlinkability in circuit-based anonymity networks like Tor, enabling adversaries to deanonymize communications. To address this problem, we introduce k-funnel, a new security primitive that enhances the unlinkability of circuit-based anonymity networks, and we present BriK, a Tor pluggable transport that implements k-funnels. k-Funnels offer k-anonymity to a group of k clients by jointly tunneling their circuits' traffic through a bridge while ensuring that the client-generated flows are indistinguishable. BriK incorporates several defense mechanisms against traffic analysis attacks, including traffic shaping schemes, synchronization protocols, and approaches for monitoring exposure to statistical disclosure attacks. Our evaluation shows that BriK is able to support web browsing and video streaming while offering k-anonymity. We evaluate the security of BriK against traffic correlation attacks leveraging state-of-the-art deep learning classifiers without considering auxiliary information and find it highly resistant. Although k-funnels require the cooperation of mutually trusted clients, limiting their coordination, our work presents a new practical solution to strengthen unlinkability in circuit-based anonymity systems.