A Flexible In-Network IP Anonymization Service - High Performance ...

yuba.stanford.edu

A Flexible In-Network IP Anonymization Service - High Performance ...

Seconds181614121086420Fig. 1.Web Request - wikipedia.orgBASE-Los Altos PROXY TORWebpage load time using common privacy tools.latency is close to zero. Additionally, AnonyFlowrequires no changes to endpoints which facilitates itsdeployment considerably. Unlike Network AddressTranslation (NAT) based tools, AnonyFlow is ableto provide intra-domain anonymity, as well asdynamic, on-demand addresses. This ability toprovide disposable, flow-based identifiers preventsmalicious endpoints from tracking behavior andlaunching attacks on users.To evaluate AnonyFlow’s functionality and performancein managed networks, we implemented asimple prototype using the OpenFlow platform [12].OpenFlow enables execution of network-level servicesthrough a controller, which dictates the behavior andactions of switches under it’s jurisdiction. This enablesthe implementation of in-network, on-the-fly,packet morphing actions. Our simple evaluation overthe hardware-based testbed showed that AnonyFlowprovides higher flexibility in IP anonymization withno impact on the end-to-end latency and a minor deteriorationin TCP throughput in wide-area networks.By design, AnonyFlow places a degree of trust inthe network infrastructure provider who operates theOpenFlow controller. As discussed above, networkinfrastructure providers have all the incentives toprovide anonymity to its users in a transparent fashion,with minimal impact on performance.II. DESIGN GOALSBefore describing our design goals, we brieflyoverview the threat model we employ.Threat ModelUnlike systems that wish to offer full anonymity,we place a measure of trust in the managed networkprovider and the network privacy service. In our work,the main “adversary” is the other endpoint. To alesser extent, we also hide information from thirdpartyswitches outside the managed network whentraffic crosses the Internet.In the network today, an intrusive endpoint mayattempt to track user behavior based on the IP addressof the connection. By correlating network logs withuser actions, the “anonymity” that many users believeis implicit on the Internet is destroyed as usagepatterns such as when the user connects, how often, towhat services, etc. can be extracted. Furthermore, theproliferation of services such as WHOIS and IP geolocationallows third-party providers to learn a greatdeal about the location and possibly the real identityof the user. Besides passively monitoring user activity,active attacks may take place based on the informationgleaned from IP address, where user experience maybe altered or user access may even be blocked. Whileit is possible that user profiling may be used for abenign purpose, they can also lead to censorship orgross violations of user privacy. Our privacy serviceattempts to decouple network identifiers from locationand identity in order to provide users with truly freeand universal Internet experience.GoalsAnonyFlow is designed to protect users primarilyfrom endpoint logging, while minimizing its impacton performance.Below, we list our main design goals:• Endpoint privacy – the other endpoints should notbe able to track source behavior or location.• Minimal performance impact – no additional perceivedlatency on web traffic.• Network-based design – should require no changeto the endpoints.• Straightforward deployment – the service shouldbe easily deployed and managed, with a minimalamount of specialized network hardware.We should also point out that AnonyFlow does nottry to address the following issues:• Data security – we allow applications to enforcetheir desired level of protection from eavesdroppingand tampering by leaving the data encryptionto the application layer. Likewise, we leave it toour users to select applications that are privacyawareand will not leak identity information tothe other endpoint.• Steganography – we do not attempt to achieve unobservabilitynor hide the existence of messageswithin other data, such as digital media [4], [11].6754

More magazines by this user
Similar magazines