网络层匿名通信协议综述

doi:10.11959/j.issn.2096-109x.2020006

Abstract

Abstract:

An anonymous communication system is an overlay network built on the application layer and combining various privacy protection technologies such as data forwarding,content encryption,and traffic obfuscation to hide communication relationships between entities and forwarded contents.However,there is a deficiency in the balance between performance and security as an anonymous communication system operating over an overlay network.With the advance of the future internet architectures,it is possible to build an infrastructure-based anonymous communication system.Such anonymous communication systems design anonymity as network infrastructure services and provide encryption operations for routers,which can solve the part problem of scalability and performance limitations of anonymous network.They can also be called network-layer anonymous communication protocols.The existing network-layer anonymous communication protocols (LAP,Dovetail,Hornet,PHI and Taranet) were studied.The classification standard of network-layer anonymous communication protocols were introduced.Its innovation point and specific encryption ideas were briefly described,and how to keep balance between security and performance was analyzed.The shortcomings and advantages of these kinds of network anonymous communication protocols were also pointed out.Finally,the challenges faced in the development of anonymous communication systems and the problems that need to be studied in depth were proposed.

Key words: anonymous communication, protocol, network-layer, survey

CLC Number:

TP393

Liangmin WANG,Xiaoling NI,Hui ZHAO. Survey of network-layer anonymous communication protocols[J]. Chinese Journal of Network and Information Security, 2020, 6(1): 11-26.

Figures/Tables 13

References 56

[1]	DANEZIS G , DIAZ C , SYVERSON P . Systems for anonymous communication[J]. Handbook of Financial Cryptography and Security,Cryptography and Network Security Series, 2009: 341-389.
[2]	DIAZ C . Anonymity and privacy in electronic services[D]. Heverlee:Katholieke Universiteit Leuven, 2005.
[3]	刘湘雯, 王良民 . 数据发布匿名技术进展[J]. 江苏大学学报(自然科学版), 2016,37(5): 562-571.
	LIU X W , WANG L M . Advancement of anonymity technique for data publishing[J]. Journal of Jiangsu University(Natural Science Edition), 2016,37(5): 562-571.
[4]	赵福祥 . 网络匿名连接中的安全可靠性技术研究[D]. 西安:西安电子科技大学, 2001.
	ZHAO F X . Research on security and authentication techniques of anonymous network connection[D]. Xian:Xidian University, 2001.
[5]	杨云, 李凌燕, 魏庆征 . 匿名网络 Tor 与 I2P 的比较研究[J]. 网络与信息安全学报, 2019,5(1): 70-81.
	YANG Y , LI L Y , WEI Q Z . Comparative study of anonymous network Tor and I2P[J]. Chinese Journal of Network and Information Security, 2019,5(1): 70-81.
[6]	GüLCüC G , TSUDIK G , . Mixing email with BABEL[C]// 1996 Symposium on Network and Distributed System Security. 1996.
[7]	LE BLOND S , CHOFFNES D , ZHOU W ,et al. Towards efficient traffic-analysis resistant anonymity networks[J]. ACM SIGCOMM Computer Communication Review, 2013,43(4): 303-314.
[8]	DANEZIS G , DINGLEDINE R , MATHEWSON N . Mixminion:design of a type III anonymous remailer protocol[C]// IEEE S＆P,2003I/O (SNAPI'03). 2003.
[9]	DANEZIS G , GOLDBERG I . Sphinx:a compact and provably secure mix format[C]// IEEE Symposium on Security ＆ Privacy. 2009.
[10]	DINGLEDINE R , MATHEWSON N , SYVERSON P . Tor:the second-generation onion router[C]// The 13th USENIX Security Symposium. 2004.
[11]	ZHU Y , FU X W , GRAHAM B ,et al. On flow correlation attacks and countermeasures in mix networks[C]// The Privacy Enhancing Technologies Symposium (PETS). 2004: 207-225.
[12]	MURDOCH S J , DANEZIS G . Low-cost traffic analysis of Tor[C]// The IEEE Symposium on Security and Privacy (Oakland). 2005: 183-195.
[13]	MITTAL P , KHURSHID A , JUEN J ,et al. Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting[C]// The ACM Conference on Computer and Communications Security (CCS). 2011.
[14]	B N LEVINE , M K REITER , C X WANG ,et al. Timing attacks in low-latency mix-based systems[C]// The International Conference on Financial Cryptography (FC). 2004.
[15]	GILAD Y , HERZBERG A . Spying in the dark:TCP and Tor traffic analysis[C]// 12th Privacy Enhancing Technologies Symposium (PETS 2012). 2012: 100-119.
[16]	CHEN C . Infrastructure-based anonymous communication protocols in future internet architectures[D]. Pittsburgh:Carnegie Mellon University, 2018.
[17]	HSIAO H C , KIM T J , PERRIG A ,et al. LAP:lightweight anonymity and privacy.IEEE Security ＆ Privacy[M]// 2014.19: 506-520.
[18]	SANKEY J , WRIGHT M . Dovetail:stronger anonymity in next-generation internet routing[M]// Lecture Notes in Computer Science. 2014.
[19]	CHEN C , PERRIG A . PHI：path-hidden lightweight anonymity protocol at network layer[J]. Nephron Clinical Practice 2017, 2017(1): 100-117.
[20]	CHEN C , ASONI D E , BARRERA D ,et al. HORNET:high-speed onion routing at the network layer[J]. arXiv:1507.05724, 2015.
[21]	CHEN C , ASONI D E , PERRIG A ,et al. TARANET:traffic-analysis resistant anonymity at the network layer[J]. EuroS＆P, 2018: 137-152.
[22]	CHAUM D L . Untraceable electronic mail,return addresses,and digital pseudonyms[J]. Communications of the ACM, 1981,24(2).
[23]	王继林, 伍前红, 陈德人 ,等. 匿名技术的研究进展[J]. 通信学报, 2005,26(2): 112-118.
	WANG J L , WU J H , CHEN D R ,et al. A survey on the technology of anonymity[J]. Journal on Communications, 2005,26(2): 112-118.
[24]	GüLCü C , TSUDIK G , . Mixing email with Babel[C]// The Network and Distributed System Security Symposium (NDSS). 1996.
[25]	M?LLER U , COTTRELL L , PALFRADER P ,et al. Mixmaster protocol version 2[S]. Draft, 2003,154:28.
[26]	SHOSTACK A , GOLDBERG I.Freedom systems 1 . 0 security issues and analysis[J]. White Paper,Zero Knowledge Systems, 2001,10.
[27]	BROWN Z , . Cebolla:pragmatic IP anonymity[C]// The Ottawa Linux Symposium. 2002.
[28]	REED M G , SYVERSON P F , GOLDSCHLAG D M . Anonymous connections and onion routing[J]. IEEE Journal on Selected Areas in Communications, 1998,16(4): 482-494.
[29]	ALI A , KHAN M , SADDIQUE M ,et al. Tor vs I2P:a comparative study[C]// 2016 IEEE International Conference on Industrial Technology (ICIT). 2016.
[30]	REITER M K , RUBIN A D . Crowds:anonymity for web transactions[J]. ACM Transactions on Information and System Security, 1997,1(1): 66-92.
[31]	FREEDMAN M J , MORRIS R . Tarzan:a peer-to-peer anonym zing network layer[C]// The ACM Conference on Computer and Communications Security (CCS). 2002: 121-129.
[32]	BLOND S L , CHOFFNES D , CALDWELL W ,et al. Herd:a scalable,traffic analysis resistant anonymity network for VoIP systems[C]// The ACM Conference of the Special Interest Group on Data Communication (SIGCOMM). 2015.
[33]	BLOND S L , CHOFFNES D , ZHOU W X ,et al. Towards efficient traffic-analysis resistant anonymity networks[C]// ACM SIGCOMM. 2013
[34]	SHERWOOD R , BHATTACHARJEE B , SRINIVASAN A . P5:a protocol for scalable anonymous communication[C]// The IEEE Symposium on Security and Privacy (Oakland). 2002.
[35]	CHAUM D . The dining cryptographers problem:unconditional sender and recipient untraceability[J]. Journal of Cryptology, 1988,1(1): 65-75.
[36]	GOLLE P , JUELS A . Dining cryptographers revisited[C]// The International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT). 2004: 456-473.
[37]	WOLINSKY D I , CORRIGAN-GIBBS H , FORD B ,et al. Dissent in numbers:making strong anonymity scale[C]// The USENIX Symposium on Operating Systems Design and Implementation (OSDI). 2012.
[38]	CORRIGAN-GIBBS H , BONEH D , MAZIèRES D . Riposte:an anonymous messaging system handling millions of users[C]// The IEEE Symposium on Security and Privacy (Oakland). 2015: 321-338.
[39]	MURDOCH S J , DANEZIS G . Low-cost traffic analysis of Tor[C]// IEEE Symposium on Scrubby and Privacy. 2005: 193-195.
[40]	SYVERSON P , TSUDIK G , REED M ,et al. Towards an analysis of onion routing security[M]// Designing Privacy Enhancing Technologies. 2001: 96-144.
[41]	MURDOCH S J , ZIELINSKI P . Sampled traffic analysis by internet-exchange-level adversaries[C]// The 2007 Privacy Enhancing Technologies Workshop. 2007.
[42]	SYVERSON P , TSUDIK G , REED M ,et al. Towards an analysis of onion routing security[M]// Designing Privacy Enhancing Technologies. 2001.
[43]	SNADER R , BORISOV N . EigenSpeed:secure peer-to-peer bandwidth evaluation[C]// The International Workshop on Peer-to-Peer Systems (IPTPS). 2009:9.
[44]	SHERR M , BLAZE M , LOO B T . Scalable link-based relay selection for anonymous routing[C]// The Privacy Enhancing Technologies Symposium (PETS). 2009: 73-93.
[45]	SHERR M , MAO A , MARCZAK W R ,et al. A3:an extensible platform for application-aware anonymity[C]// The Network and Distributed System Security Symposium (NDSS). 2010.
[46]	TSCHORSCH F , SCHEUERMANN B . Mind the gap:towards a backpressure-based transport protocol for the Tor network[C]// The USENIX Symposium on Networked Systems Design and Implementation (NSDI). 2016.
[47]	PREVIDI S , SH R , HOMEFFER M ,et al. SPRING problem statement and requirements[J]. Der Orthop?de, 2016,36(4): 360-364.
[48]	FILSFILS C , NAINAR N K , PIGNATARO C ,et al. The segment routing architecture[C]// 2015 IEEE Global Communications Conference. 2015.
[49]	FILSFILS C , MICHIELSEN K , TALAULIKAR K . Segment Routing详解（第一卷）[M]. 北京: 人民邮电出版社, 2017.
	FILSFILS C , MICHIELSEN K , TALAULIKAR K . Segment Routing part I[M]. Beijing: Posts ＆ Telecom Press Co LTDPress, 2017.
[50]	YANG X , WETHERALL D . Source selectable path diversity viarouting deflections. ACM SIGCOMM Computer Communication Review, 2006(36): 159-170.
[51]	ZHANG X , HSIAO H C , HASKER G ,et al. SCION:scalability,control,and isolation on next-generation networks[C]// 2011 IEEE Symposium on Security and Privacy. 2011: 212-227.
[52]	ANDERSON T , BIRMAN K , BROBERG R ,et al. The NEBULA future internet architecture[J]. The Future Internet, 2013: 16-26.
[53]	D RAYCHAUDHURI , K NAGARAJA , VENKATARAMANI A . MobilityFirst:a robust and trust worthy mobility-centric architecture for the future internet[J]. ACM SIGMOBILE Mobile Computing and Communications Review, 2012,16(3): 2-13.
[54]	ANAND A , DOGAR F , HAN D ,et al. XIA:an architecture for an evolvable and trust worthy internet[C]// The ACM Workshop on Hot Topics in Networks (HotNets). 2011.
[55]	ZHANG X , C HSIAO H , HASKER G ,et al. SCION:Scalability,control,and isolation on next-generation networks[C]// The IEEE Symposium on Security and Privacy (Oakland). 2011.
[56]	PERRIG A , SZALACHOWSKI P , M REISCHUK R ,et al. SCION:a secure internet architecture[M]. Springer International Publishing AG, 2017.

Metrics

Recommended 0

No Suggested Reading articles found!

类别（性质）	在当前网络中所处的位置	可拓展性	延迟	吞吐量	安全性	目前的部署规模
基于覆盖网络的匿名通信协议（以Tor为例）	应用层	低	高	低	高	全球用户大规模使用
网络层匿名通信协议	网络层	高	低	高	低	尚未大规模部署

协议	吞吐量/（Gbit·s^-1）	是否信任第一跳节点	隐藏拓扑信息	是否需要源控制路径	是否达到低延迟目标	可拓展性	是否实现位模式不可链接性	是否抵制流量分析
LAP	≈100	是	否	否	是	是	否	否
Dovetail	≈100	否	否	是	是	是	否	否
PHI	≈100	否	是	是	是	是	否	否
Hornet	92	否	是	是	是	是	是	否
Taranet	50	否	是	是	是	是	是	是

Survey of network-layer anonymous communication protocols

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 13

References 56

Related Articles 15

Metrics

Recommended 0

[1]	Jingyi YUAN, Zichuan LI, Guojun PENG. EN-Bypass: a security assessment method on e-mail user interface notification [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 90-101.
[2]	Yan PAN, Wei LIN, Yuefei ZHU. Progressive active inference method of protocol state machine [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 81-93.
[3]	Liquan CHEN, Xiao LI, Zheyi YANG, Sijie QIAN. Blockchain-based high transparent PKI authentication protocol [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 1-11.
[4]	Qianxin CHEN, Renwan BI, Jie LIN, Biao JIN, Jinbo XIONG. Privacy-preserving federated learning framework with irregular-majority users [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 139-150.
[5]	Xieli ZHANG, Yuefei ZHU, Chunxiang GU, Xi CHEN. Security protocol code analysis method combining model learning and symbolic execution [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 93-104.
[6]	Pu ZHAO, Wentao ZHAO, Zhangjie FU, Qiang LIU. SDN self-protection system based on Renyi entropy [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 85-94.
[7]	Wang ZHOU, Honggang HU, Nenghai YU. Rapid responsive and efficient multi-valued Byzantine consensus scheme [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 57-64.
[8]	Jingjing SHANG,Yujia ZHU,Qingyun LIU. Analysis of security extension protocol in e-mail system [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 69-79.
[9]	Sui CHENG,Xianzheng LIN,Nenghai YU. Improvement of the blockchain protocol based on memory-hard function [J]. Chinese Journal of Network and Information Security, 2020, 6(5): 21-26.
[10]	Yunfei XIA,Li ZHANG,Kun YANG,Peijie LI,Liming XU. Architecture design of multi-protocol controller based on software definition [J]. Chinese Journal of Network and Information Security, 2020, 6(5): 139-147.
[11]	Renwan BI,Qianxin CHEN,Jinbo XIONG,Ximeng LIU. Design method of secure computing protocol for deep neural network [J]. Chinese Journal of Network and Information Security, 2020, 6(4): 130-139.
[12]	Lixin MIAO,Qinrang LIU,Xin WANG. Software-defined protocol independent parser based on FPGA [J]. Chinese Journal of Network and Information Security, 2020, 6(1): 70-76.
[13]	Jie DU,Yongzhong HE,Ye DU. Improved method of Tor network flow watermarks based on IPD interval [J]. Chinese Journal of Network and Information Security, 2019, 5(4): 91-98.
[14]	Xiao YU,Li TIAN,Zhe LIU,Jie WANG. Research on key management and authentication protocol of PDA in smart grid [J]. Chinese Journal of Network and Information Security, 2018, 4(3): 68-75.
[15]	Mingyuan ZHANG,Xinyu QI,Yubo SONG,Rongrong GU,Aiqun HU,Zhenchao ZHU. Analysis of communication data of mobile terminal based on protocol reversal [J]. Chinese Journal of Network and Information Security, 2018, 4(12): 54-61.