Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation

Authors: Yaoqi Jia (National University of Singapore), Guangdong Bai (National University of Singapore), Prateek Saxena (National University of Singapore), Zhenkai Liang (National University of Singapore)

Volume: 2016
Issue: 4
Pages: 294–314
DOI: https://doi.org/10.1515/popets-2016-0041

Download PDF

Abstract: The peer-assisted CDN is a new content distribution paradigm supported by CDNs (e.g., Akamai), which enables clients to cache and distribute web content on behalf of a website. Peer-assisted CDNs bring significant bandwidth savings to website operators and reduce network latency for users. In this work, we show that the current designs of peerassisted CDNs expose clients to privacy-invasive attacks, enabling one client to infer the set of browsed resources of another client. To alleviate this, we propose an anonymous peerassisted CDN (APAC), which employs content delivery while providing initiator anonymity (i.e., hiding who sends the resource request) and responder anonymity (i.e., hiding who responds to the request) for peers. APAC can be a web service, compatible with current browsers and requiring no client-side changes. Our anonymity analysis shows that our APAC design can preserve a higher level of anonymity than state-of-the-art peer-assisted CDNs. In addition, our evaluation demonstrates that APAC can achieve desired performance gains.

Keywords: Peer-assisted CDNs, Anonymity, Inference Attacks

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.