Asynchronous Provably-Secure Hidden Services
The client-server architecture is one of the most widely used in the Internet for its simplicity and flexibility. In practice the server is assigned a public address so that its services can be consumed. This makes the server vulnerable to a number of attacks such as Distributed Denial of Service (DDoS), censorship from authoritarian governments or exploitation of software vulnerabilities.
In this work we propose an asynchronous protocol for allowing a client to issue requests to a server without revealing any information about the location of the server. In addition, our solution reveals limited information about the network topology, leaking only the distance from the client to the corrupted participants.
We also provide a simulation-based security definition capturing the requirement described above. Our protocol is secure in the semi-honest model against any number of colluding participants, and has linear communication complexity.
Finally, we extend our solution to handle active adversaries. We show that malicious participants can only trigger a premature termination of the protocol, in which case they are identified. For this solution the communication complexity becomes quadratic.
To the best of our knowledge our solution is the first asynchronous protocol that provides strong security guarantees.
We appreciate the anonymous reviewers for their helpful comments. We would also like to thank Marijn Vriens (Dreamlab Technologies AG) and Stefano Debenedetti (Dreamlab Technologies AG) for thoughtful discussions regarding the deployment of the protocol in real world environments, and Cyel AG in Switzerland for the commercial partnership.
- 3.Pfitzmann, A., Pfitzmann, B., Waidner, M.: ISDN-mixes: untraceable communication with very small bandwidth overhead. In: Effelsberg, W., Meuer, H.W., Müller, G. (eds.) Kommunikation in Verteilten Systemen, pp. 451–463. Springer, Heidelberg (1991). https://doi.org/10.1007/978-3-642-76462-2_32 CrossRefGoogle Scholar
- 4.Rackoff, C., Simon, D.R.: Cryptographic defense against traffic analysis. In: Proceedings of the Twenty-Fifth Annual ACM Symposium on Theory of Computing, pp. 672–681. ACM (1993)Google Scholar
- 5.Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. Technical report, Naval Research Lab, Washington DC (2004)Google Scholar
- 6.Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of Tor. In: 2005 IEEE Symposium on Security and Privacy, pp. 183–195. IEEE (2005)Google Scholar
- 12.Wright, M.K., Adler, M., Levine, B.N., Shields, C.: An analysis of the degradation of anonymous protocols. In: NDSS, vol. 2, pp. 39–50 (2002)Google Scholar
- 13.Shmatikov, V.: Probabilistic analysis of anonymity. In: 2002 15th IEEE Proceedings of the Computer Security Foundations Workshop, pp. 119–128. IEEE (2002)Google Scholar
- 16.Overlier, L., Syverson, P.: Locating hidden servers. In: 2006 IEEE Symposium on Security and Privacy, p. 15. IEEE (2006)Google Scholar
- 17.Katti, S., Katabi, D., Puchala, K.: Slicing the onion: anonymous routing without PKI (2005)Google Scholar
- 19.Akavia, A., LaVigne, R., Moran, T.: Topology-hiding computation on all graphs. Cryptology ePrint Archive, Report 2017/296 (2017). http://eprint.iacr.org/2017/296
- 21.Hirt, M., Maurer, U., Tschudi, D., Zikas, V.: Network-hiding communication and applications to multi-party protocols. Cryptology ePrint Archive, Report 2016/556 (2016). http://eprint.iacr.org/2016/556
- 24.Camacho, P., Krell, F.: Asynchronous provably-secure hidden services (2017). http://eprint.iacr.org/2017/888
- 25.Singh, A., et al.: Eclipse attacks on overlay networks: threats and defenses. In: IEEE INFOCOM. Citeseer (2006)Google Scholar
- 26.Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols, p. 136, October 2001Google Scholar