|
|
Activists, whistleblowers, military and law enforcement, businesses
|
|
|
and governments, and ordinary Internet users are among those that
|
|
|
use anonymity networks to protect their privacy online. Anonymity
|
|
|
networks typically operate as network overlays on top of the Internet,
|
|
|
and aim to separate the notions of network location (where you are
|
|
|
on the network) from network identity (who you are). They permit more
|
|
|
privacy-preserving methods of communication, and are a critical component
|
|
|
of censorship-circumvention systems.
|
|
|
|
|
|
This project explored, designed, and transitioned to practice techniques
|
|
|
that improve the resilience of anonymity systems against realistic but
|
|
|
understudied threats to network anonymity, privacy, and availability.
|
|
|
Much of the existing work in developing defenses for anonymity systems
|
|
|
has focused on finding and correcting weaknesses in the design of the
|
|
|
anonymity protocols. This has led to an arms race in which developers
|
|
|
of anonymity systems harden their software against new attacks,
|
|
|
while adversaries attempt to discover new vulnerabilities. We posit
|
|
|
that adversaries who wish to stay ahead of the curve will transition
|
|
|
to new attacks that target the underlying resources on which anonymity
|
|
|
systems depend. That is, attackers will increasingly focus on alternative
|
|
|
techniques for disrupting anonymous communication. A core goal of this
|
|
|
project was to understand these alternative disruption techniques and
|
|
|
how they affect anonymity networks, and develop robust defenses.
|
|
|
|
|
|
This project led to several groundbreaking improvements in (1) safely
|
|
|
measuring anonymity networks, (2) understanding attacks against such
|
|
|
networks, and (3) developing and deploying robust defenses. In total,
|
|
|
this project led to 14 peer-reviewed papers, nearly all of which were
|
|
|
published at top academic venues (e.g., CCS, USENIX Security, NDSS,
|
|
|
TOPS, VLDB, and IMC). Highlights of this project’s findings include:
|
|
|
|
|
|
- The development of a suite of tools and protocols for safely measuring
|
|
|
anonymity networks. We have significantly advanced the state-of-the-art
|
|
|
in performing privacy-preserving measurements on anonymity networks such
|
|
|
as Tor through three separate research activities: enhancing PrivCount,
|
|
|
robust measurement taking through Historϵ, and unique counting.
|
|
|
We also conducted the most detailed measurement study to date of the
|
|
|
Tor anonymity network.
|
|
|
|
|
|
- The construction, and deployment, of multiple defenses against
|
|
|
denial-of-service attacks. Our defenses were informed by our real-world
|
|
|
measurements of actual attacks against fielded anonymity networks, and
|
|
|
have helped defend anonymity networks against actual (real-world) attacks.
|
|
|
|
|
|
- The introduction and deployment of techniques for better managing
|
|
|
resources in anonymity networks, leading to improved performance and
|
|
|
robustness against flooding-style events.
|
|
|
|
|
|
Making contributions beyond science and technology is a core component
|
|
|
of this project’s goals. Securely and privately communicating is of
|
|
|
tremendous interest to organizations and individuals seeking to freely
|
|
|
access and disseminate information. The research activities completed
|
|
|
during this project significantly improve the ability to communicate
|
|
|
privately online by increasing the resiliency of anonymity networks to
|
|
|
both present-day and future threats. Results from this project have
|
|
|
been disseminated through publications (all of which are posted online)
|
|
|
and through numerous software artifacts that have all been made publicly
|
|
|
available (under open source licenses).
|
|
|
|
|
|
This research project has also fully or partially supported three
|
|
|
Ph.D. students, all of whom have successfully completed their doctoral
|
|
|
studies.
|
|
|
|