dPHI: An improved high-speed network-layer anonymity protocol

Authors: Alexander Bajic (Digital Society Institute, ESMT Berlin), Georg T. Becker (Digital Society Institute, ESMT Berlin)

Volume: 2020
Issue: 3
Pages: 304–326
DOI: https://doi.org/10.2478/popets-2020-0054


Download PDF

Abstract: The Internet infrastructure has not been built with security or privacy in mind. As a result, an adversary who has control over a single Autonomous System can set-up mass surveillance systems to gather meta data by passively collecting the headers of the messages they route. To solve this problem, lightweight anonymous routing protocols such as LAP, DOVETAIL and most recently PHI have been proposed which are efficient enough to be deployed in a large scale infrastructure such as the Internet. In this paper we take a closer look at PHI and introduce several de-anonymization attacks malicious nodes can perform to reduce the sender and receiver anonymity. As a direct consequence of this analysis we propose a new protocol called dependable PHI (dPHI). The security analysis of dPHI includes a detailed quantitative anonymity analysis that compares dPHI with PHI, LAP and HORNET. Together with the performance analysis, this allows for a good comparison of trade-offs for these anonymity protocols.

Keywords: Anonymous routing, network security, masssurveillance, Internet infrastructure

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs license.