网络与信息安全学报 ›› 2020, Vol. 6 ›› Issue (1): 11-26.doi: 10.11959/j.issn.2096-109x.2020006
修回日期:
2019-09-02
出版日期:
2020-02-15
发布日期:
2020-03-23
作者简介:
王良民(1977- ),男,安徽潜山人,博士,江苏大学教授、博士生导师,主要研究方向为密码学与安全协议、物联网安全、大数据安全|倪晓铃(1996- ),女,江苏南通人,江苏大学硕士生,主要研究方向为网络安全|赵蕙(1979- ),女,江苏镇江人,江苏大学博士生,主要研究方向为网络安全、隐私保护
基金资助:
Liangmin WANG(),Xiaoling NI,Hui ZHAO
Revised:
2019-09-02
Online:
2020-02-15
Published:
2020-03-23
Supported by:
摘要:
匿名通信系统是一种建立在应用层之上结合利用数据转发、内容加密、流量混淆等多种隐私保护技术来隐藏通信实体关系和内容的覆盖网络。然而,作为覆盖网络运行的匿名通信系统,在性能和安全保障上的平衡问题上存在不足。未来互联网架构的出现使构建基于基础设施的匿名通信系统成为可能。此类匿名通信系统将匿名设计为网络基础设施服务,通过为路由器配备加密操作,可解决匿名网络的可拓展性和性能限制的部分问题,因此也可称它们为网络层匿名通信协议。对现有的网络层匿名通信协议(LAP、Dovetail、Hornet、PHI和Taranet)进行了研究,介绍了网络层匿名通信协议的分类标准,简述其创新点和具体加密思想,并对它们如何在安全性和性能二者之间的权衡进行分析,也指出了这几种网络匿名通信协议的优势和不足,最后提出在匿名通信系统发展的过程中所面临的挑战和需要深入研究的问题。
中图分类号:
王良民,倪晓铃,赵蕙. 网络层匿名通信协议综述[J]. 网络与信息安全学报, 2020, 6(1): 11-26.
Liangmin WANG,Xiaoling NI,Hui ZHAO. Survey of network-layer anonymous communication protocols[J]. Chinese Journal of Network and Information Security, 2020, 6(1): 11-26.
表2
网络层匿名通信协议的性能分析 Table 2 Performance analysis of network-layer anonymous communication protocols"
协议 | 吞吐量/(Gbit·s-1) | 是否信任第一跳节点 | 隐藏拓扑信息 | 是否需要源控制路径 | 是否达到低延迟目标 | 可拓展性 | 是否实现位模式不可链接性 | 是否抵制流量分析 |
LAP | ≈100 | 是 | 否 | 否 | 是 | 是 | 否 | 否 |
Dovetail | ≈100 | 否 | 否 | 是 | 是 | 是 | 否 | 否 |
PHI | ≈100 | 否 | 是 | 是 | 是 | 是 | 否 | 否 |
Hornet | 92 | 否 | 是 | 是 | 是 | 是 | 是 | 否 |
Taranet | 50 | 否 | 是 | 是 | 是 | 是 | 是 | 是 |
[1] | DANEZIS G , DIAZ C , SYVERSON P . Systems for anonymous communication[J]. Handbook of Financial Cryptography and Security,Cryptography and Network Security Series, 2009: 341-389. |
[2] | DIAZ C . Anonymity and privacy in electronic services[D]. Heverlee:Katholieke Universiteit Leuven, 2005. |
[3] | 刘湘雯, 王良民 . 数据发布匿名技术进展[J]. 江苏大学学报(自然科学版), 2016,37(5): 562-571. |
LIU X W , WANG L M . Advancement of anonymity technique for data publishing[J]. Journal of Jiangsu University(Natural Science Edition), 2016,37(5): 562-571. | |
[4] | 赵福祥 . 网络匿名连接中的安全可靠性技术研究[D]. 西安:西安电子科技大学, 2001. |
ZHAO F X . Research on security and authentication techniques of anonymous network connection[D]. Xian:Xidian University, 2001. | |
[5] | 杨云, 李凌燕, 魏庆征 . 匿名网络 Tor 与 I2P 的比较研究[J]. 网络与信息安全学报, 2019,5(1): 70-81. |
YANG Y , LI L Y , WEI Q Z . Comparative study of anonymous network Tor and I2P[J]. Chinese Journal of Network and Information Security, 2019,5(1): 70-81. | |
[6] | GüLCüC G , TSUDIK G , . Mixing email with BABEL[C]// 1996 Symposium on Network and Distributed System Security. 1996. |
[7] | LE BLOND S , CHOFFNES D , ZHOU W ,et al. Towards efficient traffic-analysis resistant anonymity networks[J]. ACM SIGCOMM Computer Communication Review, 2013,43(4): 303-314. |
[8] | DANEZIS G , DINGLEDINE R , MATHEWSON N . Mixminion:design of a type III anonymous remailer protocol[C]// IEEE S&P,2003I/O (SNAPI'03). 2003. |
[9] | DANEZIS G , GOLDBERG I . Sphinx:a compact and provably secure mix format[C]// IEEE Symposium on Security & Privacy. 2009. |
[10] | DINGLEDINE R , MATHEWSON N , SYVERSON P . Tor:the second-generation onion router[C]// The 13th USENIX Security Symposium. 2004. |
[11] | ZHU Y , FU X W , GRAHAM B ,et al. On flow correlation attacks and countermeasures in mix networks[C]// The Privacy Enhancing Technologies Symposium (PETS). 2004: 207-225. |
[12] | MURDOCH S J , DANEZIS G . Low-cost traffic analysis of Tor[C]// The IEEE Symposium on Security and Privacy (Oakland). 2005: 183-195. |
[13] | MITTAL P , KHURSHID A , JUEN J ,et al. Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting[C]// The ACM Conference on Computer and Communications Security (CCS). 2011. |
[14] | B N LEVINE , M K REITER , C X WANG ,et al. Timing attacks in low-latency mix-based systems[C]// The International Conference on Financial Cryptography (FC). 2004. |
[15] | GILAD Y , HERZBERG A . Spying in the dark:TCP and Tor traffic analysis[C]// 12th Privacy Enhancing Technologies Symposium (PETS 2012). 2012: 100-119. |
[16] | CHEN C . Infrastructure-based anonymous communication protocols in future internet architectures[D]. Pittsburgh:Carnegie Mellon University, 2018. |
[17] | HSIAO H C , KIM T J , PERRIG A ,et al. LAP:lightweight anonymity and privacy.IEEE Security & Privacy[M]// 2014.19: 506-520. |
[18] | SANKEY J , WRIGHT M . Dovetail:stronger anonymity in next-generation internet routing[M]// Lecture Notes in Computer Science. 2014. |
[19] | CHEN C , PERRIG A . PHI:path-hidden lightweight anonymity protocol at network layer[J]. Nephron Clinical Practice 2017, 2017(1): 100-117. |
[20] | CHEN C , ASONI D E , BARRERA D ,et al. HORNET:high-speed onion routing at the network layer[J]. arXiv:1507.05724, 2015. |
[21] | CHEN C , ASONI D E , PERRIG A ,et al. TARANET:traffic-analysis resistant anonymity at the network layer[J]. EuroS&P, 2018: 137-152. |
[22] | CHAUM D L . Untraceable electronic mail,return addresses,and digital pseudonyms[J]. Communications of the ACM, 1981,24(2). |
[23] | 王继林, 伍前红, 陈德人 ,等. 匿名技术的研究进展[J]. 通信学报, 2005,26(2): 112-118. |
WANG J L , WU J H , CHEN D R ,et al. A survey on the technology of anonymity[J]. Journal on Communications, 2005,26(2): 112-118. | |
[24] | GüLCü C , TSUDIK G , . Mixing email with Babel[C]// The Network and Distributed System Security Symposium (NDSS). 1996. |
[25] | M?LLER U , COTTRELL L , PALFRADER P ,et al. Mixmaster protocol version 2[S]. Draft, 2003,154:28. |
[26] | SHOSTACK A , GOLDBERG I.Freedom systems 1 . 0 security issues and analysis[J]. White Paper,Zero Knowledge Systems, 2001,10. |
[27] | BROWN Z , . Cebolla:pragmatic IP anonymity[C]// The Ottawa Linux Symposium. 2002. |
[28] | REED M G , SYVERSON P F , GOLDSCHLAG D M . Anonymous connections and onion routing[J]. IEEE Journal on Selected Areas in Communications, 1998,16(4): 482-494. |
[29] | ALI A , KHAN M , SADDIQUE M ,et al. Tor vs I2P:a comparative study[C]// 2016 IEEE International Conference on Industrial Technology (ICIT). 2016. |
[30] | REITER M K , RUBIN A D . Crowds:anonymity for web transactions[J]. ACM Transactions on Information and System Security, 1997,1(1): 66-92. |
[31] | FREEDMAN M J , MORRIS R . Tarzan:a peer-to-peer anonym zing network layer[C]// The ACM Conference on Computer and Communications Security (CCS). 2002: 121-129. |
[32] | BLOND S L , CHOFFNES D , CALDWELL W ,et al. Herd:a scalable,traffic analysis resistant anonymity network for VoIP systems[C]// The ACM Conference of the Special Interest Group on Data Communication (SIGCOMM). 2015. |
[33] | BLOND S L , CHOFFNES D , ZHOU W X ,et al. Towards efficient traffic-analysis resistant anonymity networks[C]// ACM SIGCOMM. 2013 |
[34] | SHERWOOD R , BHATTACHARJEE B , SRINIVASAN A . P5:a protocol for scalable anonymous communication[C]// The IEEE Symposium on Security and Privacy (Oakland). 2002. |
[35] | CHAUM D . The dining cryptographers problem:unconditional sender and recipient untraceability[J]. Journal of Cryptology, 1988,1(1): 65-75. |
[36] | GOLLE P , JUELS A . Dining cryptographers revisited[C]// The International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT). 2004: 456-473. |
[37] | WOLINSKY D I , CORRIGAN-GIBBS H , FORD B ,et al. Dissent in numbers:making strong anonymity scale[C]// The USENIX Symposium on Operating Systems Design and Implementation (OSDI). 2012. |
[38] | CORRIGAN-GIBBS H , BONEH D , MAZIèRES D . Riposte:an anonymous messaging system handling millions of users[C]// The IEEE Symposium on Security and Privacy (Oakland). 2015: 321-338. |
[39] | MURDOCH S J , DANEZIS G . Low-cost traffic analysis of Tor[C]// IEEE Symposium on Scrubby and Privacy. 2005: 193-195. |
[40] | SYVERSON P , TSUDIK G , REED M ,et al. Towards an analysis of onion routing security[M]// Designing Privacy Enhancing Technologies. 2001: 96-144. |
[41] | MURDOCH S J , ZIELINSKI P . Sampled traffic analysis by internet-exchange-level adversaries[C]// The 2007 Privacy Enhancing Technologies Workshop. 2007. |
[42] | SYVERSON P , TSUDIK G , REED M ,et al. Towards an analysis of onion routing security[M]// Designing Privacy Enhancing Technologies. 2001. |
[43] | SNADER R , BORISOV N . EigenSpeed:secure peer-to-peer bandwidth evaluation[C]// The International Workshop on Peer-to-Peer Systems (IPTPS). 2009:9. |
[44] | SHERR M , BLAZE M , LOO B T . Scalable link-based relay selection for anonymous routing[C]// The Privacy Enhancing Technologies Symposium (PETS). 2009: 73-93. |
[45] | SHERR M , MAO A , MARCZAK W R ,et al. A3:an extensible platform for application-aware anonymity[C]// The Network and Distributed System Security Symposium (NDSS). 2010. |
[46] | TSCHORSCH F , SCHEUERMANN B . Mind the gap:towards a backpressure-based transport protocol for the Tor network[C]// The USENIX Symposium on Networked Systems Design and Implementation (NSDI). 2016. |
[47] | PREVIDI S , SH R , HOMEFFER M ,et al. SPRING problem statement and requirements[J]. Der Orthop?de, 2016,36(4): 360-364. |
[48] | FILSFILS C , NAINAR N K , PIGNATARO C ,et al. The segment routing architecture[C]// 2015 IEEE Global Communications Conference. 2015. |
[49] | FILSFILS C , MICHIELSEN K , TALAULIKAR K . Segment Routing详解(第一卷)[M]. 北京: 人民邮电出版社, 2017. |
FILSFILS C , MICHIELSEN K , TALAULIKAR K . Segment Routing part I[M]. Beijing: Posts & Telecom Press Co LTDPress, 2017. | |
[50] | YANG X , WETHERALL D . Source selectable path diversity viarouting deflections. ACM SIGCOMM Computer Communication Review, 2006(36): 159-170. |
[51] | ZHANG X , HSIAO H C , HASKER G ,et al. SCION:scalability,control,and isolation on next-generation networks[C]// 2011 IEEE Symposium on Security and Privacy. 2011: 212-227. |
[52] | ANDERSON T , BIRMAN K , BROBERG R ,et al. The NEBULA future internet architecture[J]. The Future Internet, 2013: 16-26. |
[53] | D RAYCHAUDHURI , K NAGARAJA , VENKATARAMANI A . MobilityFirst:a robust and trust worthy mobility-centric architecture for the future internet[J]. ACM SIGMOBILE Mobile Computing and Communications Review, 2012,16(3): 2-13. |
[54] | ANAND A , DOGAR F , HAN D ,et al. XIA:an architecture for an evolvable and trust worthy internet[C]// The ACM Workshop on Hot Topics in Networks (HotNets). 2011. |
[55] | ZHANG X , C HSIAO H , HASKER G ,et al. SCION:Scalability,control,and isolation on next-generation networks[C]// The IEEE Symposium on Security and Privacy (Oakland). 2011. |
[56] | PERRIG A , SZALACHOWSKI P , M REISCHUK R ,et al. SCION:a secure internet architecture[M]. Springer International Publishing AG, 2017. |
[1] | 袁静怡, 李子川, 彭国军. EN-Bypass:针对邮件代发提醒机制的安全评估方法[J]. 网络与信息安全学报, 2023, 9(3): 90-101. |
[2] | 潘雁, 林伟, 祝跃飞. 渐进式的协议状态机主动推断方法[J]. 网络与信息安全学报, 2023, 9(2): 81-93. |
[3] | 施凡, 钟瑶, 薛鹏飞, 许成喜. 基于SSDP和DNS-SD协议的双栈主机发现方法及其安全分析[J]. 网络与信息安全学报, 2023, 9(1): 56-66. |
[4] | 陈立全, 李潇, 杨哲懿, 钱思杰. 基于区块链的高透明度PKI认证协议[J]. 网络与信息安全学报, 2022, 8(4): 1-11. |
[5] | 陈前昕, 毕仁万, 林劼, 金彪, 熊金波. 支持多数不规则用户的隐私保护联邦学习框架[J]. 网络与信息安全学报, 2022, 8(1): 139-150. |
[6] | 何威振, 陈福才, 牛杰, 谭晶磊, 霍树民, 程国振. 面向网络层的动态跳变技术研究进展[J]. 网络与信息安全学报, 2021, 7(6): 44-55. |
[7] | 张协力, 祝跃飞, 顾纯祥, 陈熹. 模型学习与符号执行结合的安全协议代码分析技术[J]. 网络与信息安全学报, 2021, 7(5): 93-104. |
[8] | 赵普, 赵文涛, 付章杰, 刘强. 基于Renyi熵的SDN自主防护系统[J]. 网络与信息安全学报, 2021, 7(3): 85-94. |
[9] | 周旺, 胡红钢, 俞能海. 快速响应的高效多值拜占庭共识方案[J]. 网络与信息安全学报, 2021, 7(1): 57-64. |
[10] | 尚菁菁,朱宇佳,刘庆云. 电子邮件安全扩展协议应用分析[J]. 网络与信息安全学报, 2020, 6(6): 69-79. |
[11] | 程穗,林宪正,俞能海. 基于刚性内存的区块链协议改进[J]. 网络与信息安全学报, 2020, 6(5): 21-26. |
[12] | 夏云飞,张丽,杨堃,李沛杰,许立明. 基于软件定义的多协议控制器架构设计[J]. 网络与信息安全学报, 2020, 6(5): 139-147. |
[13] | 毕仁万,陈前昕,熊金波,刘西蒙. 面向深度神经网络的安全计算协议设计方法[J]. 网络与信息安全学报, 2020, 6(4): 130-139. |
[14] | 苗力心,刘勤让,汪欣. 基于FPGA的软件定义协议无关解析器[J]. 网络与信息安全学报, 2020, 6(1): 70-76. |
[15] | 杜捷,何永忠,杜晔. 基于改进IPD质心的Tor网络流水印检测方法[J]. 网络与信息安全学报, 2019, 5(4): 91-98. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|