Re3: Relay reliability reputation for anonymity systems

Anupam Das; Nikita Borisov; Prateek Mittal; Matthew Caesar

doi:10.1145/2590296.2590338

Re³: Relay reliability reputation for anonymity systems

Anupam Das, Nikita Borisov, Prateek Mittal, Matthew Caesar

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Scopus citations

Abstract

To conceal user identities, Tor, a popular anonymity system, forwards traffic through multiple relays. These relays, however, are often unreliable, leading to a degraded user experience. Worse yet, malicious relays may strategically introduce deliberate failures to increase their chance of compromising anonymity. In this paper we propose a reputation system that profiles the reliability of relays in an anonymity system based on users' past experience. A particular challenge is that an observed failure in an anonymous communication cannot be uniquely attributed to a single relay. This enables an attack where malicious relays can target a set of honest relays in order to drive down their reputation. Our system defends against this attack in two ways. Firstly, we use an adaptive exponentially-weighted moving average (EWMA) that ensures malicious relays adopting time-varying strategic behavior obtain low reputation scores over time. Secondly, we propose a filtering scheme based on the evaluated reputation score that can effectively discard relays involved in such attacks. We use probabilistic analysis, simulations, and real-world experiments to validate our reputation system. We show that the dominant strategy for an attacker is to not perform deliberate failures, but rather maintain a high quality of service. Our reputation system also significantly improves the reliability of path construction even in the absence of attacks. Finally, we show that the benefits of our reputation system can be realized with a moderate number of observations, making it feasible for individual clients to perform their own profiling, rather than relying on an external entity.

Original language	English (US)
Title of host publication	ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security
Publisher	Association for Computing Machinery, Inc
Pages	63-74
Number of pages	12
ISBN (Electronic)	9781450328005
DOIs	https://doi.org/10.1145/2590296.2590338
State	Published - Jun 4 2014
Event	9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014 - Kyoto, Japan Duration: Jun 4 2014 → Jun 6 2014

Publication series

Name	ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security

Other

Other	9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014
Country/Territory	Japan
City	Kyoto
Period	6/4/14 → 6/6/14

All Science Journal Classification (ASJC) codes

Software
Computer Networks and Communications
Computer Science Applications
Information Systems

Keywords

Measurement
Security

Access to Document

10.1145/2590296.2590338

Cite this

Das, A., Borisov, N., Mittal, P., & Caesar, M. (2014). Re³: Relay reliability reputation for anonymity systems. In ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (pp. 63-74). (ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security). Association for Computing Machinery, Inc. https://doi.org/10.1145/2590296.2590338

Das, Anupam ; Borisov, Nikita ; Mittal, Prateek et al. / Re³ : Relay reliability reputation for anonymity systems. ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. Association for Computing Machinery, Inc, 2014. pp. 63-74 (ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security).

@inproceedings{859a71a6652d41d5905932b2323c41a9,

title = "Re3: Relay reliability reputation for anonymity systems",

abstract = "To conceal user identities, Tor, a popular anonymity system, forwards traffic through multiple relays. These relays, however, are often unreliable, leading to a degraded user experience. Worse yet, malicious relays may strategically introduce deliberate failures to increase their chance of compromising anonymity. In this paper we propose a reputation system that profiles the reliability of relays in an anonymity system based on users' past experience. A particular challenge is that an observed failure in an anonymous communication cannot be uniquely attributed to a single relay. This enables an attack where malicious relays can target a set of honest relays in order to drive down their reputation. Our system defends against this attack in two ways. Firstly, we use an adaptive exponentially-weighted moving average (EWMA) that ensures malicious relays adopting time-varying strategic behavior obtain low reputation scores over time. Secondly, we propose a filtering scheme based on the evaluated reputation score that can effectively discard relays involved in such attacks. We use probabilistic analysis, simulations, and real-world experiments to validate our reputation system. We show that the dominant strategy for an attacker is to not perform deliberate failures, but rather maintain a high quality of service. Our reputation system also significantly improves the reliability of path construction even in the absence of attacks. Finally, we show that the benefits of our reputation system can be realized with a moderate number of observations, making it feasible for individual clients to perform their own profiling, rather than relying on an external entity.",

keywords = "Measurement, Security",

author = "Anupam Das and Nikita Borisov and Prateek Mittal and Matthew Caesar",

year = "2014",

month = jun,

day = "4",

doi = "10.1145/2590296.2590338",

language = "English (US)",

series = "ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security",

publisher = "Association for Computing Machinery, Inc",

pages = "63--74",

booktitle = "ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security",

}

Das, A, Borisov, N, Mittal, P & Caesar, M 2014, Re³: Relay reliability reputation for anonymity systems. in ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, Association for Computing Machinery, Inc, pp. 63-74, 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014, Kyoto, Japan, 6/4/14. https://doi.org/10.1145/2590296.2590338

Re³: Relay reliability reputation for anonymity systems. / Das, Anupam; Borisov, Nikita; Mittal, Prateek et al.
ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. Association for Computing Machinery, Inc, 2014. p. 63-74 (ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Re3

T2 - 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014

AU - Das, Anupam

AU - Borisov, Nikita

AU - Mittal, Prateek

AU - Caesar, Matthew

PY - 2014/6/4

Y1 - 2014/6/4

N2 - To conceal user identities, Tor, a popular anonymity system, forwards traffic through multiple relays. These relays, however, are often unreliable, leading to a degraded user experience. Worse yet, malicious relays may strategically introduce deliberate failures to increase their chance of compromising anonymity. In this paper we propose a reputation system that profiles the reliability of relays in an anonymity system based on users' past experience. A particular challenge is that an observed failure in an anonymous communication cannot be uniquely attributed to a single relay. This enables an attack where malicious relays can target a set of honest relays in order to drive down their reputation. Our system defends against this attack in two ways. Firstly, we use an adaptive exponentially-weighted moving average (EWMA) that ensures malicious relays adopting time-varying strategic behavior obtain low reputation scores over time. Secondly, we propose a filtering scheme based on the evaluated reputation score that can effectively discard relays involved in such attacks. We use probabilistic analysis, simulations, and real-world experiments to validate our reputation system. We show that the dominant strategy for an attacker is to not perform deliberate failures, but rather maintain a high quality of service. Our reputation system also significantly improves the reliability of path construction even in the absence of attacks. Finally, we show that the benefits of our reputation system can be realized with a moderate number of observations, making it feasible for individual clients to perform their own profiling, rather than relying on an external entity.

AB - To conceal user identities, Tor, a popular anonymity system, forwards traffic through multiple relays. These relays, however, are often unreliable, leading to a degraded user experience. Worse yet, malicious relays may strategically introduce deliberate failures to increase their chance of compromising anonymity. In this paper we propose a reputation system that profiles the reliability of relays in an anonymity system based on users' past experience. A particular challenge is that an observed failure in an anonymous communication cannot be uniquely attributed to a single relay. This enables an attack where malicious relays can target a set of honest relays in order to drive down their reputation. Our system defends against this attack in two ways. Firstly, we use an adaptive exponentially-weighted moving average (EWMA) that ensures malicious relays adopting time-varying strategic behavior obtain low reputation scores over time. Secondly, we propose a filtering scheme based on the evaluated reputation score that can effectively discard relays involved in such attacks. We use probabilistic analysis, simulations, and real-world experiments to validate our reputation system. We show that the dominant strategy for an attacker is to not perform deliberate failures, but rather maintain a high quality of service. Our reputation system also significantly improves the reliability of path construction even in the absence of attacks. Finally, we show that the benefits of our reputation system can be realized with a moderate number of observations, making it feasible for individual clients to perform their own profiling, rather than relying on an external entity.

KW - Measurement

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=84984863573&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84984863573&partnerID=8YFLogxK

U2 - 10.1145/2590296.2590338

DO - 10.1145/2590296.2590338

M3 - Conference contribution

AN - SCOPUS:84984863573

T3 - ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security

SP - 63

EP - 74

BT - ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security

PB - Association for Computing Machinery, Inc

Y2 - 4 June 2014 through 6 June 2014

ER -

Das A, Borisov N, Mittal P, Caesar M. Re³: Relay reliability reputation for anonymity systems. In ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security. Association for Computing Machinery, Inc. 2014. p. 63-74. (ASIA CCS 2014 - Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security). doi: 10.1145/2590296.2590338