|Titel:||MorphMix : a peer-to-peer-based system for anonymous internet access|
|Betreuer/-in / Gutachter/-in:||Mathy, Laurent|
|Verlag / Hrsg. Institution:||Shaker|
|Verlag / Hrsg. Institution:||Aachen|
|Schlagwörter:||Mix networks; Anonymity; Peer-to-peer systems; Collusion detection|
|Fachgebiet (DDC):||004: Informatik|
|Zusammenfassung:||Contrary to popular belief, using the Internet is not anonymous at all. Since the Internet is a packet-switching network, every IP packet must carry the IP addresses of both communication endpoints. Consequently, anyone capable of observing at least one packet of a communication relationship can tell who is communicating with whom. The problem with this lack of anonymity is that it limits the privacy protection of Internet users. Today, privacy issues in the Internet are usually addressed by legislations that require operators of servers to clearly state their privacy practices and by encrypting the application data exchanged between two communicating parties. In general, privacy practices are difficult to enforce and encrypting the application data does not hide the IP addresses in the IP packets. However, learning the endpoints of communications relationships often reveals a lot of information about individual Internet users' preferences, habits, and problems; for instance when accessing web sites that provide medical information, religious sites, or the web site of a credit institution. These privacy issues can only be solved by enabling anonymous Internet communication. In this thesis, we work on the problem of achieving anonymous Internet access for low-latency applications such as web browsing. With anonymous Internet access, we mean that a client can connect to and communicate with a server such that the server does not learn the client's IP address and an attacker interested in learning who is communicating with whom cannot find out the IP addresses of both client and server. Unlike encryption, anonymity cannot be "produced" by the communication endpoints themselves, but must be provided by a third party infrastructure. The concept of mix networks is widely considered to be the most promising approach for such an infrastructure, and consequently, we focus on mix networks in these thesis. The main contribution of our work is MorphMix, which fulfils the principal goal of this thesis: to develop a practical mix network that enables anonymous low-latency Internet access for a large number of users. With practical, we mean that (1) everybody owning a state-of-the-art computer connected to the Internet can use the system, (2) the performance it offers is good enough such that users won't turn away from it, (3) it provides good protection from attacks by a realistic adversary, and (4) it scales well and can handle a large number of users. We first analyse traditional mix networks that strictly separate between the mix network infrastructure and clients that access servers through the mix network. The conclusion is that traditional mix networks are not well suited to achieve our principal goal for various reasons. To overcome their limitations, we propose MorphMix, which presents a novel way of operating and organising a mix network. In contrast to traditional mix networks, MorphMix does no longer distinguish between clients and the mix network. Rather, the clients themselves build the mix network infrastructure in a peer-to-peer fashion. After describing the basic functionality of MorphMix, we give detailed analyses to show that MorphMix scales very well and provides good protection from a realistic adversary. To analyse the performance MorphMix offers to its users, we have implemented a simulator. The simulation results show that the expected performance of MorphMix is indeed good enough to attract users, and that the requirements to use MorphMix are modest. We have also specified the complete MorphMix protocol and have implemented a prototype. The main conclusion of our work is that with respect to our principal goal, MorphMix overcomes the limitations of traditional mix networks and is the first practical system that enables anonymous low-latency Internet access for a large number of users.|
|Lizenz (gemäss Verlagsvertrag):||Lizenz gemäss Verlagsvertrag|
|Departement:||School of Engineering|
|Enthalten in den Sammlungen:||Publikationen School of Engineering|
Dateien zu dieser Ressource:
Es gibt keine Dateien zu dieser Ressource.
Alle Ressourcen in diesem Repository sind urheberrechtlich geschützt, soweit nicht anderweitig angezeigt.