Dissent in Numbers: Making Strong Anonymity Scale
Abstract
Current anonymous communication systems make a trade-off between weak anonymity among many nodes via onion routing, and strong anonymity among few nodes, via DC-nets. We develop novel techniques in Dissent a practical group anonymity system, to increase by over two orders of magnitude the scalability of strong traffic analysis resistant approaches. Dissent derives its scalability from a client/server architecture, in which many unreliable clients depend on a smaller and more robust, but administratively decentralized, set of servers. Clients trust only that at least one server in the set is honest but need not know or choose which server to trust. Unlike the quadratic costs of prior peer-to-peer DC-nets schemes, Dissent's client/server design makes communication and processing costs linear in the number of clients and hence in anonymity set size. Further, Dissent's servers can unilaterally ensure progress, even if clients respond slowly or disconnect at arbitrary times, ensuring robustness against client churn, tail latencies, and DoS attacks. On DeterLab, Dissent scales to 5,000 online participants with latencies as low as 600 milliseconds for 600-client groups. An anonymous Web browsing application also shows that Dissent's performance suffices for interactive communication within smaller local-area groups.
Document Details
- Document Type
- Technical Report
- Publication Date
- Oct 01, 2012
- Accession Number
- ADA602670
Entities
People
- Aaron M. Johnson
- Bryan Ford
- David I. Wolinsky
- Henry Corrigan-gibbs
Organizations
- United States Naval Research Laboratory