Performance Modeling of Anonymity Protocols - PowerPoint PPT Presentation

1 / 40
About This Presentation
Title:

Performance Modeling of Anonymity Protocols

Description:

Performance Modeling of Anonymity Protocols Carey Williamson Niklas Carlsson Andreas Hirt Michael J. Jacobson, Jr. Department of Computer Science – PowerPoint PPT presentation

Number of Views:59
Avg rating:3.0/5.0
Slides: 41
Provided by: Andreas179
Category:

less

Transcript and Presenter's Notes

Title: Performance Modeling of Anonymity Protocols


1
Performance Modelingof Anonymity Protocols
  • Carey Williamson Niklas Carlsson
  • Andreas Hirt Michael J. Jacobson, Jr.
  • Department of Computer Science
  • University of Calgary
  • Financial support for this research support was
    provided by
  • Natural Sciences and Engineering Research Council
    (NSERC),
  • Informatics Circle of Research Excellence
    (iCORE),
  • Alberta Ingenuity Fund (AIF), and
  • Canada Foundation for Innovation (CFI)

2
Introduction
  • Anonymous communication conceals who communicates
    what, to whom, and when
  • Allows individuals to communicate without fear of
    embarrassment, ridicule, or retribution
  • Cornerstone for freedom of speech

3
Some Real World Applications
  • Good
  • Freedom of speech in totalitarian regime
  • Crime stoppers
  • On-line counseling
  • Whistle blowing
  • Group evaluations
  • Military communications
  • Bad
  • Organized crime
  • Terrorist groups
  • ...

4
Outline
  • Review of Anonymity Schemes
  • Our Work Buses, Taxis, Motorcyles
  • Performance Modeling
  • Numerical Results
  • Conclusion

5
Re-routing with Layered Encryption
  • Layered Encryption Add layers of encryption to
    make message contents change each hop

hello
qkdx
iwqm
ykrz
xmkz
6
Re-routing with Layered Encryption
  • Layered Encryption Add layers of encryption to
    make message contents change each hop

hello
iwqm
ykrz
xmkz
7
Re-routing with Layered Encryption
  • Layered Encryption Add layers of encryption to
    make message contents change each hop

hello
ykrz
xmkz
8
Re-routing with Layered Encryption
  • Layered Encryption Add layers of encryption to
    make message contents change each hop
  • Problem Timing analysis

Sender?
hello
xmkz
hello
9
Mixes
  • Senders use nested (layered) encryption along
    re-routing path
  • Mixes (re-routing nodes) mix input-output
    correlations
  • Collect input batch
  • Peel encryption layer away
  • Output in random order

Message 1
Message 2
Message 2
Message 4
Message 3
Message 3
Message 4
Message 1
Message 5
Message 5
10
Current Solutions
No Cover Traffic Partial Cover Traffic Full Cover Traffic
Schemes Crowds, TOR JAP, MorphMix Mixmaster, Mixminion, Tarzan
Anonymity Weak Moderate Strong
Problems Vulnerable to known attacks Vulnerable to known attacks Not suitable for interactive applications, dont scale well
11
Classic Buses ProtocolBeimel and Dolev 2003
  • Metaphor city bus, with regularly scheduled
    route, which obscures the movements of its
    messengers
  • Assume dark windows, and enclosed garages at each
    stop

hello
hello
12
Anonymity in Buses
  • Sender Anonymity Suspected sender can claim they
    are forwarding a message on behalf of any other
    participant on the bus path
  • Receiver Anonymity Suspected receiver can claim
    they forwarded a message to any other participant
    on the bus path

13
Key Ideas in Our Buses
  • Indirection path re-routing path on top of bus
    overlay
  • Layered Encryption encryption on reverse
    indirection path
  • Owned Seats Each participant replaces owned
    seats every bus tour (online)
  • Receiving seats bus copied and decrypted offline
    to find messages

14
Buses Protocol
S
R
hello
15
Buses Protocol
S
R
hello
xmkz
16
Buses Protocol
S
R
hello
ymkq
17
Buses Protocol
S
R
hello
18
Buses Protocol
S
R
hello
19
Buses Protocol
S
R
hello
ymkq
xmkz
20
Buses Protocol
S
R
hello
hello
xmkz
21
Improvements with Taxis
  • Processing Delay decreased by O(n)
  • Owned seats are delayed once per bus tour instead
    of n times (see MASCOTS 2008 paper )
  • Networking Delay decreased by O(n)
  • Forwarding of unowned taxis can be pipelined by
    giving unowned taxis network priority over owned
    taxis (see MASCOTS 2008 paper)

22
Improvements with Motorcycles
  • Routing Path length decreased to O(log n)
  • Chord-based routing using finger table
  • Forwarding delay actually increases
  • More message transfers occur at nodes
  • Still a net win overall!

23
Model Overview
  • Performance metric one-way message delay DSR
  • Five main components
  • Sender S must create/encrypt and send message
  • Load-dependent sender-side delay
  • Queueing of (average) duration Ws
  • Load-independent path delay
  • Path length HSR with (DprocDnet) delay on each
    node
  • Load-dependent transfer delay
  • Queueing at HT transfer nodes, each with duration
    WT
  • Target receiver R must decrypt and receive message

24
Load-independent Delays
Anonymity Protocol Processing Dproc Network Dnet
Buses KNDseat KNs/rp
Taxis KDseat Ks/rp
Motorcycles KDseat Ks/rp
  • N nodes K seats per node Dseat processing per
    seat s/r transmission time per seat p per-hop
    propagation delay

25
Hop counts
Metric Buses/Taxis Motorcycles
HSR (end-to-end) N/2, if L0 (1L)(N1)/2, otherwise
HT (transfers) L HSR 1
26
Load-dependent Delays
Protocol Sender WS Transfers WT Cycle Time TC
Buses
Taxis
Motor
27
Light Load Case
  • Light load No queueing QC ? 0
  • Example Buses protocol
  • Dproc N Dnet N TC N2 hence, DSR N2
  • Scaling behavior
  • Buses DSR N2
  • Taxis DSR N
  • Motorcycles DSR log2N

28
Queueing Analysis (1 of 3)
(1 HT)?/N
Either - service period of duration TC -
vacation period of duration TC
Node i
  • Single-seat (K1) case
  • Analysis on per-node basis
  • New messages at rate ?/N
  • Message transfers at rate HT?/N
  • Assume Poisson arrivals at aggregate rate (1
    HT)?/N

29
Queueing Analysis (2 of 3)
  • Can be shown that generating function
  • In our system

30
Queueing Analysis (3 of 3)
  • Expected queue length
  • Other metrics relatively straightforward to
    obtain, given the generating function
  • Variance
  • State probabilities q0, q1, , qm

31
Experimental Validation (Buses)
32
Experimental Validation (Taxis)
33
Simulation Validation (Buses)
34
Simulation Validation (Taxis)
35
Simulation Validation (Motorcycles)
36
Impact of message generation rate ?
N4
N16
  • Different saturation points (? ? 1)
  • E.g., capacity planning

37
Buses
Impact of node utilization ?
Taxis
  • Queueing delays dominate when ? gt 0.8
  • Note higher saturation point
  • can sustain higher ?
  • Hence, differences even greater than shown

Motorcycles
38
Buses
Scaling results for light load with K seats per
node
Taxis
  • Low load results
  • As expected, scales as (roughly)
  • Buses N2
  • Taxis N
  • Motorcycles log2N

Motorcycles
39
Buses
Scaling results for different load levels
Taxis
  • Relative performance differences maintained at
    higher loads
  • In summary Motorcycles provide a robust and
    scalable approach for anonymous network
    communication.

Motorcycles
40
Conclusions
  • The average message latency of Practical Buses
    scales quadratically with number of participants
  • Analysis, simulation, and experimental results
  • The average message latency of Taxis scales
    linearly with the number of participants
  • Analysis, simulation, and experimental results
  • The average message latency of Motorcycles scales
    logarithmically with the number of participants
  • Analysis and simulation results
Write a Comment
User Comments (0)
About PowerShow.com