基于SDN节点淆乱机制的接收方不可追踪的混合匿名通道

doi:10.11959/j.issn.1000-436x.2019155

Abstract

Abstract:

Leveraging the advantages of software defined networking (SDN),a new anonymous communication solution was de-signed for recipient untraceability.An obfuscation scheme in SDN domain was proposed to build a hybrid anonymous channel to solve the problem of large and highly variable delays and download time when using existing anonymous com-munication system such as Tor.The hybrid anonymous channel concatenated two sender anonymous channels in Tor and SDN to provide both sender and receiver anonymity.Adversaries can trace smaller portions of the path in hybrid channel.Experimental results show that the hybrid channel is as anonymous as two connected Tor circuits,with only a small larger latency (15%) compared with Tor.

Key words: anonymous communication, SDN, hybrid channel, obfuscated node

CLC Number:

TP393

Hui ZHAO, Liangmin WANG. Hybrid anonymous channel for recipient untraceability via SDN-based node obfuscation scheme[J]. Journal on Communications, 2019, 40(10): 55-66.

Figures/Tables 16

References 39

[1]	ALSABAH M , GOLDBERG I . Performance and security improvements for Tor:a survey[J]. ACM Computing Surveys, 2016,49(2): 1-36.
[2]	DINGLEDINE R , MATHEWSON N , SYVERSON P . Tor:the second-generation onion router[C]// The 13th USENIX Security Symposium. USENIX, 2004: 1-18.
[3]	BOYAN J . The anonymizer:protecting user privacy on the Web[J]. Computer-Mediated Communication, 1997,4(9): 1-6.
[4]	HERRMANN M , GROTHOFF C . Privacy-implications of performance-based peer selection by onion-routers:a real-world case study using I2P[C]// International Symposium on Privacy Enhancing Technologies Symposium. Springer, 2011: 155-174.
[5]	BERTHOLD O , FEDERRATH H , K?PSELL ，et al. Web MIXes:a system for anonymous and unobservable Internet access[C]// International Workshop on Designing Privacy Enhancing Technologies:Design Issues in Anonymity and Unobservability. Springer, 2000: 115-129.
[6]	CLARKE I , SANDBERG O , WILEY B . Freenet:a distributed anonymous information storage and retrieval system[C]// International Workshop on Designing Privacy Enhancing Technologies:Design Issues in Anonymity and Unobservability. Springer, 2000: 44-66.
[7]	LING Z , LUO J , WU K . TorWard:discovery,blocking,and traceback of malicious traffic over tor[J]. IEEE Transactions on Information Forensics and Security, 2015,10(12): 2515-2530.
[8]	RAYMOND J F , . Traffic analysis:protocols,attacks,design issues,and open problems[M]// Designing Privacy Enhancing Technologies. Berlin Heidelberg:Springer, 2001: 10-29.
[9]	WANG T , GOLDBERG I . On realistically attacking tor with website fingerprinting[J]. Proceedings on Privacy Enhancing Technologies, 2016(4): 21-36.
[10]	BIRYUKOV A , KHOVRATOVICH D , PUSTOGAROV I . Deanonymisation of clients in Bitcoin P2P network[C]// ACM SIGSAC Conference on Computer and Communications Security. ACM, 2014: 15-29.
[11]	黄韬, 刘江, 张晨 ,等. 基于 SDN 的网络试验床综述[J]. 通信学报, 2018,39(6): 155-168.
	HUANG T , LIU J , ZHANG C ，et al Survey on SDN-based network testbeds[J]. Journal on Communications, 2018,39(6): 155-168.
[12]	CHAUM D L . Untraceable electronic mail,return addresses and digital pseudonyms[J]. Communication of the ACM, 1981,24(2): 84-88.
[13]	EDMAN M , YENE R ， BüLEN T . On anonymity in an electronic society:a survey of anonymous communication systems[J]. ACM Computing Surveys, 2009,42(1): 1-35.
[14]	KELLY D , RAINES R , BALDWIN R ,et al. Exploring extant and emerging issues in anonymous networks:a taxonomy and survey of protocols and metrics[J]. IEEE Communications Surveys ＆ Tutorials, 2012,14(2): 579-606.
[15]	KWON A , LAZAR D , DEVADAS S . Riffle:an efficient communication system with strong anonymity[J]. Proceedings on Privacy Enhancing Technologies, 2016(2): 115-134.
[16]	LEBLOND S , CHOFFNES D , ZHOU W . Towards efficient traffic analysis resistant anonymity networks[J]. ACM SIGCOMM Computer Communication Review, 2013,43(4): 303-314.
[17]	BLOND S L , CHOFFNES D , CALDWELL W . Herd:a scalable,traffic analysis resistant anonymity network for VoIP systems[C]// The 2015 ACM Conference. ACM, 2015: 639-652.
[18]	CHEN C . Infrastructure-based anonymous communication protocols in future internet architectures[D]. Pittsburgh:Carnegie Mellon University, 2018.
[19]	SANKEY J , WRIGHT M . Dovetail:stronger anonymity in next generation internet routing[C]// International Symposium on Privacy Enhancing Technologies Symposium. Springer, 2014: 283-303.
[20]	CHEN C , ASONI D E , BARRERA D . HORNET:high-speed onion routing at the network layer[C]// The 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 2015: 1441-1454.
[21]	CHEN C , PERRIG A . PHI:path-hidden lightweight anonymity protocol at network layer[J]. Proceedings on Privacy Enhancing Technologies, 2017(1): 1-18.
[22]	CHEN C , DANIELE E , DANEZIS G . TARANET:traffic analysis resistant anonymity at the network layer[C]// IEEE European Symposium on Security and Privacy. IEEE, 2018: 137-152.
[23]	王啸, 方滨兴, 刘培朋 ,等. Tor匿名通信网络节点家族的测量与分析[J]. 通信学报, 2015,36(2): 80-87.
	WANG X , FANG B X , LIU P P ,et al. Measuring and analyzing node families in the Tor anonymous communication network[J]. Journal on Communications, 2015,36(2): 80-87.
[24]	BAUER K , MCCOY D , GRUNWALD D ,et al. Low-resource routing attacks against tor[C]// Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society. ACM, 2007: 11-20.
[25]	潘吴斌, 程光, 郭晓军 ,等. 网络加密流量识别研究综述及展望[J]. 通信学报, 2016,37(9): 154-167.
	PAN W B , CHENG G , GUO X J ,et al. Review and perspective on encrypted traffic identification research[J]. Journal on Communications, 2016,37(9): 154-167.
[26]	CHAKRAVARTY S , BARBERA M V , PORTOKALIDIS G . On the effectiveness of traffic analysis against anonymity networks using flow records[C]// International Conference on Passive and Active Network Measurement. Springer, 2014: 247-257.
[27]	LING Z , LUO J , YU W ,et al. Protocol-level attacks against Tor[J]. Computer Networks, 2013,57(4): 869-886.
[28]	KWON A , ALSABAH M , LAZAR D . Circuit fingerprinting attacks:passive deanonymization of tor hidden services[C]// USENIX Conference on Security Symposium. USENIX Association, 2015: 287-302.
[29]	ZHU T , FENG D , WANG F . Efficient anonymous communication in sdn-based data center networks[J]. IEEE/ACM Transactions on Networking, 2017,25(6): 3767-3780.
[30]	MEIER R , GUGELMANN D , VANBEVER L . iTAP:in-network traffic analysis prevention using software-defined networks[C]// The Symposium on SDN Research. ACM, 2017: 102-114.
[31]	TATLICIOGLU S , CIVANLAR S , GORKEMLI B . A security services platform for software defined networks[C]// IEEE Conference on Network Function Virtualization and Software Defined Networks. IEEE, 2016: 39-43.
[32]	JAFARIAN J H , AL-SHAER E , DUAN Q . OpenFlow random host mutation:transparent moving target defense using software defined networking[C]// ACM SIGCOMM Workshop on Hot Topics in Software Defined Networks. ACM, 2012: 127-132.
[33]	MACFARLAND D C , SHUE C A . The SDN shuffle:creating a moving-target defense using host-based software-defined networking[C]// The 2th ACM Workshop on Moving Target Defense. ACM, 2015: 37-41.
[34]	SKOWYRA R , BAUER K , DEDHIA V . No PHEAR:networks without identifiers[C]// The 3th ACM Workshop on Moving Target Defense. ACM, 2016: 3-14.
[35]	SILVA E G D , KNOB L A D , WICKBOLDT J A . Capitalizing on SDN-based SCADA systems:an anti-eavesdropping case-study[C]// IFIP/IEEE International Symposium on Integrated Network Management. IEEE, 2015: 165-173.
[36]	LING Z , LUO J , WU K . Protocol-level hidden server discovery[C]// The 32th IEEE International Conference on Computer Communications. IEEE, 2013: 1043-1051.
[37]	KONG J J , HONG X Y . ANODR:anonymous on demand routing with untraceable routes for mobile ad-hoc networks[C]// International Symposium on Mobile Ad Hoc Networking and Computing. ACM, 2003: 291-302.
[38]	SAKAI K , SUN M T , KU W S . Performance and security analyses of onion-based anonymous routing for delay tolerant networks[J]. IEEE Transactions on Mobile Computing, 2017,16(12): 3473-3487.
[39]	WIRTZ G , SANDMANN W , LOESING K . Performance measurements and statistics of tor hidden services[C]// International Symposium on Applications and the Internet. IEEE, 2008: 1-7.

Metrics

Recommended 0

No Suggested Reading articles found!

典型工具	协议层位置	可拓展性	时延性	吞吐量	安全性	匿名性	部署规模
Mix-net	应用层	低	高	<100 kbit/s	强	抵制流量分析	区域部署
Tor/I2P	应用层	中	中	100 Mbit/s	中	按位不可关联	全球规模化部署
LAP/Dovetail	网络层	高	低	100 Gbit/s	弱	隐藏转发路径	尚未规模化部署

符号	定义
Alice	消息发送方节点
Bob	消息接收方节点
Bobo	接收方节点选择的淆乱节点
SC	SDN控制器
TDS	目标目录服务器
PK_X	节点X的公钥
SK_X	节点X的私钥
K_XY	节点X和Y共享的对称密钥
g^XY	Diffie-Hellman握手
{M}	混合通道中使用对称加密传输的消息

匿名属性	R₁∈C		R_r∈C		R₁∈C且R_r∈C
匿名属性	Tor	混合通道	Tor	混合通道	Tor	混合通道
发送方身份保护	8	8	9	9	8	8
发送方内容保护	9	9	9	9	8	9
接收方身份保护	9	9	8	9	8	9
接收方内容保护	9	9	8	9	8	9
通信关联性保护	9	9	9	9	8	9

步骤	说明
a₁	Bob向控制器申请到Bobo的SDN匿名通道
a₂	Bob建立到引入点的Tor电路
b₁	Alice建立到TDS的Tor电路，查询下载Bob淆乱节点连接信息
b₂	Alice建立到隐藏目录服务器的Tor电路，查询下载引入点信息
c₁	Alice建立到Bobo的Tor电路
c₂	Alice建立到Bobo的Tor电路；同时Alice向汇聚节点建立Tor电路，请求该节点做自己的汇聚节点并得到应答
d₁	Alice通过Tor电路连接到Bobo，发送DH握手的前半部分和向Bob的访问请求，由Bobo中继消息给Bob
d₂	Alice通过Tor电路连接到引入点，发送DH握手的前半部分，汇聚点信息和向Bob的访问请求，由引入节点中继消息给Bob
e₁	Bobo通过SDN匿名通道中继d1步骤中来自Alice的消息给Bob
e₂	引入点通过Tor电路中继d₂步骤中来自Alice的消息给Bob
f₁	Bob把应答和DH握手的另一半，通过SDN匿名通道发送给Bobo，由Bobo中继消息给Alice
f₂	Bob 把应答通过 Tor 电路发送给引入点，由引入点中继给Alice
g₁	Bobo通过Tor电路中继f₁步骤中来自Bob的消息给Alice，至此，Alice和Bob完成握手
g₂	引入点通过Tor电路向Alice中继Bob的应答消息，Alice收到后撤销与引入点之间的Tor电路
h₁	Alice和Bob通过Bobo进行数据通信
h₂	Bob向汇聚点建立Tor电路，发送DH握手的另一半，将汇聚点中继给Alice，Alice和Bob完成握手
i₂	Alice和Bob通过汇聚点进行数据通信

Hybrid anonymous channel for recipient untraceability via SDN-based node obfuscation scheme

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 16

References 39

Related Articles 15

Metrics

Recommended 0

[1]	Zhiyong LUO, Yu ZHANG, Qing WANG, Weiwei SONG. Study of SDN intrusion intent identification algorithm based on Bayesian attack graph [J]. Journal on Communications, 2023, 44(4): 216-225.
[2]	Jianzhong SU, Huayu ZHANG, Hailong ZHU. Computing method for periodic stream reservation in TSN combined with SDN controller [J]. Journal on Communications, 2021, 42(10): 23-31.
[3]	Yaomin WANG,Xia WANG,Yi DONG,Songhai ZHANG,Xinling SHI. Data center traffic scheduling strategy based on Fibonacci tree optimization algorithm [J]. Journal on Communications, 2020, 41(6): 112-127.
[4]	Zhenzhen HAN,Guofeng ZHAO,Chuan XU,Wentao ZHOU,Yangyang ZHOU. Dynamic SDN controller placement based on latency in LEO satellite network [J]. Journal on Communications, 2020, 41(3): 126-135.
[5]	Wenlong KE,Yong WANG,Miao YE,Junqi CHEN. Priority differentiated multicast flow scheduling method in Ceph cloud storage network [J]. Journal on Communications, 2020, 41(11): 40-51.
[6]	Hongyan QIAN,Hao XUE,Ming CHEN. UDM:NFV-based prevention mechanism against DDoS attack on SDN controller [J]. Journal on Communications, 2019, 40(3): 116-124.
[7]	Tong DUAN,Julong LAN,Yuxiang HU,Hongwei FAN. Orchestration mechanism for VNF hardware acceleration resources in SDN/NFV architecture [J]. Journal on Communications, 2018, 39(6): 98-108.
[8]	Songjie WEI,Xin SUN,Rudong ZHAO,Chao WU. Tracing IP-spoofed packets in software defined network [J]. Journal on Communications, 2018, 39(11): 181-189.
[9]	Zhi-yuan ZHAO,Xiang-ru MENG,Yu-ze SU,Zhen-tao LI. Virtual SDN embedding with differentiated QoS under multiple controller [J]. Journal on Communications, 2017, 38(8): 101-110.
[10]	Zhi SUN,Ming CHEN. PriQoS:priority-differentiated flow control mechanism based on SDN [J]. Journal on Communications, 2017, 38(2): 115-124.
[11]	Tao WANG,Hong-chang CHEN,Guo-zhen CHENG. Research on software-defined network and the security defense technology [J]. Journal on Communications, 2017, 38(11): 133-160.
[12]	Jian WANG,Guo-sheng ZHAO,Zhi-xin LI. Research on mapping algorithm of virtual network oriented to SDN [J]. Journal on Communications, 2017, 38(10): 26-35.
[13]	Zhi-geng HAN,Xia FENG,Geng CHEN. SDN based e-mail repudiation source restraining method [J]. Journal on Communications, 2016, 37(9): 55-67.
[14]	Jun-fei LI,Ju-long LAN,Yu-xiang HU,Jiang-xing WU. Quantitative approach of multi-controller’s consensus in SDN [J]. Journal on Communications, 2016, 37(6): 86-93.
[15]	Yan-wei ZHOU,Zhen-qiang WU,Bo YANG. Diversity of controllable anonymous communication system [J]. Journal on Communications, 2015, 36(6): 105-115.