通信学报 ›› 2019, Vol. 40 ›› Issue (10): 55-66.doi: 10.11959/j.issn.1000-436x.2019155
赵蕙, 王良民
修回日期:
2019-06-06
出版日期:
2019-10-25
发布日期:
2019-11-07
作者简介:
赵蕙(1979- ),女,江苏镇江人,江苏大学博士生,主要研究方向为网络安全、隐私保护。|王良民(1977- ),男,安徽潜山人,博士,江苏大学教授、博士生导师,主要研究方向为密码学与安全协议、物联网安全、大数据安全。
基金资助:
Hui ZHAO, Liangmin WANG
Revised:
2019-06-06
Online:
2019-10-25
Published:
2019-11-07
Supported by:
摘要:
针对以Tor为代表的匿名通信系统在时延和下载时间方面的用户体验不够理想的问题,利用新一代软件定义网络带来的优势,面向接收方不可追踪,设计了新的匿名解决方案。提出使用 SDN 域内淆乱的方法,构建基于Tor和SDN的混合匿名通道,提供发送方和接收方匿名,拓展了Tor匿名通道的纵深,有效降低了攻击者对匿名路径的追踪率。实验结果表明,相比Tor,所提方案在增加15%时延的代价下,可提供相当于2条Tor电路的抗追踪能力。
中图分类号:
赵蕙, 王良民. 基于SDN节点淆乱机制的接收方不可追踪的混合匿名通道[J]. 通信学报, 2019, 40(10): 55-66.
Hui ZHAO, Liangmin WANG. Hybrid anonymous channel for recipient untraceability via SDN-based node obfuscation scheme[J]. Journal on Communications, 2019, 40(10): 55-66.
表4
图9各步骤说明"
步骤 | 说明 |
a1 | Bob向控制器申请到Bobo的SDN匿名通道 |
a2 | Bob建立到引入点的Tor电路 |
b1 | Alice建立到TDS的Tor电路,查询下载Bob淆乱节点连接信息 |
b2 | Alice建立到隐藏目录服务器的Tor电路,查询下载引入点信息 |
c1 | Alice建立到Bobo的Tor电路 |
c2 | Alice建立到Bobo的Tor电路;同时Alice向汇聚节点建立Tor电路,请求该节点做自己的汇聚节点并得到应答 |
d1 | Alice通过Tor电路连接到Bobo,发送DH握手的前半部分和向Bob的访问请求,由Bobo中继消息给Bob |
d2 | Alice通过Tor电路连接到引入点,发送DH握手的前半部分,汇聚点信息和向Bob的访问请求,由引入节点中继消息给Bob |
e1 | Bobo通过SDN匿名通道中继d1步骤中来自Alice的消息给Bob |
e2 | 引入点通过Tor电路中继d2步骤中来自Alice的消息给Bob |
f1 | Bob把应答和DH握手的另一半,通过SDN匿名通道发送给Bobo,由Bobo中继消息给Alice |
f2 | Bob 把应答通过 Tor 电路发送给引入点,由引入点中继给Alice |
g1 | Bobo通过Tor电路中继f1步骤中来自Bob的消息给Alice,至此,Alice和Bob完成握手 |
g2 | 引入点通过Tor电路向Alice中继Bob的应答消息,Alice收到后撤销与引入点之间的Tor电路 |
h1 | Alice和Bob通过Bobo进行数据通信 |
h2 | Bob向汇聚点建立Tor电路,发送DH握手的另一半,将汇聚点中继给Alice,Alice和Bob完成握手 |
i2 | Alice和Bob通过汇聚点进行数据通信 |
[1] | ALSABAH M , GOLDBERG I . Performance and security improvements for Tor:a survey[J]. ACM Computing Surveys, 2016,49(2): 1-36. |
[2] | DINGLEDINE R , MATHEWSON N , SYVERSON P . Tor:the second-generation onion router[C]// The 13th USENIX Security Symposium. USENIX, 2004: 1-18. |
[3] | BOYAN J . The anonymizer:protecting user privacy on the Web[J]. Computer-Mediated Communication, 1997,4(9): 1-6. |
[4] | HERRMANN M , GROTHOFF C . Privacy-implications of performance-based peer selection by onion-routers:a real-world case study using I2P[C]// International Symposium on Privacy Enhancing Technologies Symposium. Springer, 2011: 155-174. |
[5] | BERTHOLD O , FEDERRATH H , K?PSELL ,et al. Web MIXes:a system for anonymous and unobservable Internet access[C]// International Workshop on Designing Privacy Enhancing Technologies:Design Issues in Anonymity and Unobservability. Springer, 2000: 115-129. |
[6] | CLARKE I , SANDBERG O , WILEY B . Freenet:a distributed anonymous information storage and retrieval system[C]// International Workshop on Designing Privacy Enhancing Technologies:Design Issues in Anonymity and Unobservability. Springer, 2000: 44-66. |
[7] | LING Z , LUO J , WU K . TorWard:discovery,blocking,and traceback of malicious traffic over tor[J]. IEEE Transactions on Information Forensics and Security, 2015,10(12): 2515-2530. |
[8] | RAYMOND J F , . Traffic analysis:protocols,attacks,design issues,and open problems[M]// Designing Privacy Enhancing Technologies. Berlin Heidelberg:Springer, 2001: 10-29. |
[9] | WANG T , GOLDBERG I . On realistically attacking tor with website fingerprinting[J]. Proceedings on Privacy Enhancing Technologies, 2016(4): 21-36. |
[10] | BIRYUKOV A , KHOVRATOVICH D , PUSTOGAROV I . Deanonymisation of clients in Bitcoin P2P network[C]// ACM SIGSAC Conference on Computer and Communications Security. ACM, 2014: 15-29. |
[11] | 黄韬, 刘江, 张晨 ,等. 基于 SDN 的网络试验床综述[J]. 通信学报, 2018,39(6): 155-168. |
HUANG T , LIU J , ZHANG C ,et al Survey on SDN-based network testbeds[J]. Journal on Communications, 2018,39(6): 155-168. | |
[12] | CHAUM D L . Untraceable electronic mail,return addresses and digital pseudonyms[J]. Communication of the ACM, 1981,24(2): 84-88. |
[13] | EDMAN M , YENE R , BüLEN T . On anonymity in an electronic society:a survey of anonymous communication systems[J]. ACM Computing Surveys, 2009,42(1): 1-35. |
[14] | KELLY D , RAINES R , BALDWIN R ,et al. Exploring extant and emerging issues in anonymous networks:a taxonomy and survey of protocols and metrics[J]. IEEE Communications Surveys & Tutorials, 2012,14(2): 579-606. |
[15] | KWON A , LAZAR D , DEVADAS S . Riffle:an efficient communication system with strong anonymity[J]. Proceedings on Privacy Enhancing Technologies, 2016(2): 115-134. |
[16] | LEBLOND S , CHOFFNES D , ZHOU W . Towards efficient traffic analysis resistant anonymity networks[J]. ACM SIGCOMM Computer Communication Review, 2013,43(4): 303-314. |
[17] | BLOND S L , CHOFFNES D , CALDWELL W . Herd:a scalable,traffic analysis resistant anonymity network for VoIP systems[C]// The 2015 ACM Conference. ACM, 2015: 639-652. |
[18] | CHEN C . Infrastructure-based anonymous communication protocols in future internet architectures[D]. Pittsburgh:Carnegie Mellon University, 2018. |
[19] | SANKEY J , WRIGHT M . Dovetail:stronger anonymity in next generation internet routing[C]// International Symposium on Privacy Enhancing Technologies Symposium. Springer, 2014: 283-303. |
[20] | CHEN C , ASONI D E , BARRERA D . HORNET:high-speed onion routing at the network layer[C]// The 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 2015: 1441-1454. |
[21] | CHEN C , PERRIG A . PHI:path-hidden lightweight anonymity protocol at network layer[J]. Proceedings on Privacy Enhancing Technologies, 2017(1): 1-18. |
[22] | CHEN C , DANIELE E , DANEZIS G . TARANET:traffic analysis resistant anonymity at the network layer[C]// IEEE European Symposium on Security and Privacy. IEEE, 2018: 137-152. |
[23] | 王啸, 方滨兴, 刘培朋 ,等. Tor匿名通信网络节点家族的测量与分析[J]. 通信学报, 2015,36(2): 80-87. |
WANG X , FANG B X , LIU P P ,et al. Measuring and analyzing node families in the Tor anonymous communication network[J]. Journal on Communications, 2015,36(2): 80-87. | |
[24] | BAUER K , MCCOY D , GRUNWALD D ,et al. Low-resource routing attacks against tor[C]// Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society. ACM, 2007: 11-20. |
[25] | 潘吴斌, 程光, 郭晓军 ,等. 网络加密流量识别研究综述及展望[J]. 通信学报, 2016,37(9): 154-167. |
PAN W B , CHENG G , GUO X J ,et al. Review and perspective on encrypted traffic identification research[J]. Journal on Communications, 2016,37(9): 154-167. | |
[26] | CHAKRAVARTY S , BARBERA M V , PORTOKALIDIS G . On the effectiveness of traffic analysis against anonymity networks using flow records[C]// International Conference on Passive and Active Network Measurement. Springer, 2014: 247-257. |
[27] | LING Z , LUO J , YU W ,et al. Protocol-level attacks against Tor[J]. Computer Networks, 2013,57(4): 869-886. |
[28] | KWON A , ALSABAH M , LAZAR D . Circuit fingerprinting attacks:passive deanonymization of tor hidden services[C]// USENIX Conference on Security Symposium. USENIX Association, 2015: 287-302. |
[29] | ZHU T , FENG D , WANG F . Efficient anonymous communication in sdn-based data center networks[J]. IEEE/ACM Transactions on Networking, 2017,25(6): 3767-3780. |
[30] | MEIER R , GUGELMANN D , VANBEVER L . iTAP:in-network traffic analysis prevention using software-defined networks[C]// The Symposium on SDN Research. ACM, 2017: 102-114. |
[31] | TATLICIOGLU S , CIVANLAR S , GORKEMLI B . A security services platform for software defined networks[C]// IEEE Conference on Network Function Virtualization and Software Defined Networks. IEEE, 2016: 39-43. |
[32] | JAFARIAN J H , AL-SHAER E , DUAN Q . OpenFlow random host mutation:transparent moving target defense using software defined networking[C]// ACM SIGCOMM Workshop on Hot Topics in Software Defined Networks. ACM, 2012: 127-132. |
[33] | MACFARLAND D C , SHUE C A . The SDN shuffle:creating a moving-target defense using host-based software-defined networking[C]// The 2th ACM Workshop on Moving Target Defense. ACM, 2015: 37-41. |
[34] | SKOWYRA R , BAUER K , DEDHIA V . No PHEAR:networks without identifiers[C]// The 3th ACM Workshop on Moving Target Defense. ACM, 2016: 3-14. |
[35] | SILVA E G D , KNOB L A D , WICKBOLDT J A . Capitalizing on SDN-based SCADA systems:an anti-eavesdropping case-study[C]// IFIP/IEEE International Symposium on Integrated Network Management. IEEE, 2015: 165-173. |
[36] | LING Z , LUO J , WU K . Protocol-level hidden server discovery[C]// The 32th IEEE International Conference on Computer Communications. IEEE, 2013: 1043-1051. |
[37] | KONG J J , HONG X Y . ANODR:anonymous on demand routing with untraceable routes for mobile ad-hoc networks[C]// International Symposium on Mobile Ad Hoc Networking and Computing. ACM, 2003: 291-302. |
[38] | SAKAI K , SUN M T , KU W S . Performance and security analyses of onion-based anonymous routing for delay tolerant networks[J]. IEEE Transactions on Mobile Computing, 2017,16(12): 3473-3487. |
[39] | WIRTZ G , SANDMANN W , LOESING K . Performance measurements and statistics of tor hidden services[C]// International Symposium on Applications and the Internet. IEEE, 2008: 1-7. |
[1] | 王东滨, 吴东哲, 智慧, 郭昆, 张勖, 时金桥, 张宇, 陆月明. 软件定义网络抗拒绝服务攻击的流表溢出防护[J]. 通信学报, 2023, 44(2): 1-11. |
[2] | 沙宗轩, 霍如, 孙闯, 汪硕, 黄韬. 基于深度强化学习的转发效能感知流量调度算法[J]. 通信学报, 2022, 43(8): 30-40. |
[3] | 燕昺昊, 刘勤让, 沈剑良, 汤先拓, 梁栋. 软件定义网络中一种快速无循环路径迁移策略[J]. 通信学报, 2022, 43(5): 24-35. |
[4] | 吴平, 常朝稳, 左志斌, 马莹莹. 基于地址重载的SDN分组转发验证[J]. 通信学报, 2022, 43(3): 88-100. |
[5] | 李传煌, 陈泱婷, 唐晶晶, 楼佳丽, 谢仁华, 方春涛, 王伟明, 陈超. QL-STCT:一种SDN链路故障智能路由收敛方法[J]. 通信学报, 2022, 43(2): 131-142. |
[6] | 吴平, 常朝稳, 马莹莹. 基于端址重载的SDN包转发验证[J]. 通信学报, 2021, 42(7): 70-83. |
[7] | 常朝稳, 金建树, 韩培胜, 祝现威. 基于属性签名标识的SDN数据包转发验证方案[J]. 通信学报, 2021, 42(6): 131-144. |
[8] | 周启钊, 于俊清, 李冬. SDN控制层泛洪防御机制研究:检测与缓解[J]. 通信学报, 2021, 42(11): 41-53. |
[9] | 李硕朋, 方娟, 陈肯. 基于SRv6的确定性网络服务共享保护方案[J]. 通信学报, 2021, 42(10): 32-42. |
[10] | 姚蓝,兰巨龙. 基于联盟博弈的自适应SDN交换机迁移机制[J]. 通信学报, 2020, 41(8): 1-10. |
[11] | 王耀民,王霞,董易,张松海,施心陵. 基于斐波那契树优化算法的数据中心流量调度策略[J]. 通信学报, 2020, 41(6): 112-127. |
[12] | 韩珍珍,赵国锋,徐川,周文涛,周洋洋. 基于时延的LEO卫星网络SDN控制器动态放置方法[J]. 通信学报, 2020, 41(3): 126-135. |
[13] | 赖英旭,蒲叶玮,刘静. 基于最小代价路径的交换机迁移方法研究[J]. 通信学报, 2020, 41(2): 131-142. |
[14] | 柯文龙,王勇,叶苗,陈俊奇. Ceph云存储网络中一种业务优先级区分的多播流调度方法[J]. 通信学报, 2020, 41(11): 40-51. |
[15] | 张海波,王子心,贺晓帆. SDN和MEC架构下V2X卸载与资源分配[J]. 通信学报, 2020, 41(1): 114-124. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|