Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation

Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation Abstract The peer-assisted CDN is a new content distribution paradigm supported by CDNs (e.g., Akamai), which enables clients to cache and distribute web content on behalf of a website. Peer-assisted CDNs bring significant bandwidth savings to website operators and reduce network latency for users. In this work, we show that the current designs of peer-assisted CDNs expose clients to privacy-invasive attacks, enabling one client to infer the set of browsed resources of another client. To alleviate this, we propose an anonymous peer-assisted CDN (APAC), which employs content delivery while providing initiator anonymity (i.e., hiding who sends the resource request) and responder anonymity (i.e., hiding who responds to the request) for peers. APAC can be a web service, compatible with current browsers and requiring no client-side changes. Our anonymity analysis shows that our APAC design can preserve a higher level of anonymity than state-of-the-art peer-assisted CDNs. In addition, our evaluation demonstrates that APAC can achieve desired performance gains. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Proceedings on Privacy Enhancing Technologies de Gruyter

Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation

Download PDF
21 pages

Loading next page...
 
/lp/de-gruyter/anonymity-in-peer-assisted-cdns-inference-attacks-and-mitigation-LGE1UK0fzB
Publisher
de Gruyter
Copyright
Copyright © 2016 by the
ISSN
2299-0984
eISSN
2299-0984
DOI
10.1515/popets-2016-0041
Publisher site
See Article on Publisher Site

Abstract

Abstract The peer-assisted CDN is a new content distribution paradigm supported by CDNs (e.g., Akamai), which enables clients to cache and distribute web content on behalf of a website. Peer-assisted CDNs bring significant bandwidth savings to website operators and reduce network latency for users. In this work, we show that the current designs of peer-assisted CDNs expose clients to privacy-invasive attacks, enabling one client to infer the set of browsed resources of another client. To alleviate this, we propose an anonymous peer-assisted CDN (APAC), which employs content delivery while providing initiator anonymity (i.e., hiding who sends the resource request) and responder anonymity (i.e., hiding who responds to the request) for peers. APAC can be a web service, compatible with current browsers and requiring no client-side changes. Our anonymity analysis shows that our APAC design can preserve a higher level of anonymity than state-of-the-art peer-assisted CDNs. In addition, our evaluation demonstrates that APAC can achieve desired performance gains.

Journal

Proceedings on Privacy Enhancing Technologiesde Gruyter

Published: Oct 1, 2016

References

  • The data url scheme http tools ietf org html rfc Accessed
  • protocol version
    Möller
  • The peerjs http peerjs com Accessed
  • iftop display bandwidth usage on an interface http www exparrot com pdw iftop Accessed
  • Building a cdn from client web browsers In
    Zhang
  • Salsa a structured approach to large - scale anonymity In
    Nambiar
  • Tor Hidden service protocol https www torproject org docs hidden services html en Accessed
  • Peer - assisted content distribution in akamai netsession In
    Zhao
  • Tor The second - generation onion router In
    Dingledine
  • Bringing to the web privacy in the firecoral network In
    Terrace
  • Total transfer size total requests http httparchive org trends php Accessed
  • Privacy preserving data sharing with oneswarm In
    Isdal
  • know where you ve been : Geo - inference attacks via the browser cache
    Jia
  • Building a cdn from client web browsers In
    Zhang
  • Cooperative decentralized anonymous communication In Workshop
    Mislove
  • lowlatency as aware tor client In
    Akhoondi
  • The sybil attack In Peer - to - peer Systems
    Douceur
  • tor scalable anonymous communication using private information retrieval In
    Mittal
  • Understanding hybrid cdn why limelight needs its own red swoosh In
    Huang
  • cdn a hybrid overlay for efficient query processing in cdn In
    El Dick
  • Ting Measuring and exploiting latencies between all tor nodes In
    Cangialosi
  • Design and deployment of a hybrid cdn system for live video streaming : experiences with livesky In MM
    Yin
  • Cooperative decentralized anonymous communication In Workshop
    Mislove
  • The sybil attack In Peer - to - peer Systems
    Douceur
  • Tarzan peer to - peer anonymizing network layer In
    Freedman
  • Understanding web browsing behaviors through weibull analysis of dwell time In
    Liu
  • The design of the advanced encryption standard
    Daemen
  • The anonymizer Protecting user privacy on the web Mediated Communication Magazine
    Boyan
  • Should internet service providers fear peer - assisted content distribution In
    Karagiannis
  • cdn a hybrid overlay for efficient query processing in cdn In
    El Dick
  • Goldschlag Anonymous connections onion routing SAC
    Reed
  • Tor Hidden service protocol https www torproject org docs hidden services html en Accessed
  • https peercdn com
    Peercdn
  • Design and deployment of a hybrid cdn system for live video streaming : experiences with livesky In MM
    Yin
  • Network address translation http en wikipedia org wiki Network address translation Accessed
  • practical attack to de - anonymize social network users In
    Wondracek
  • Man in the browser cache Persisting https attacks via browser cache poisoning Computers
    Jia
  • Anonymous communication in the browser via onion - routing
    Burgstaller
  • The weibull distribution http reliawiki org index php The Weibull Distribution Accessed
  • http www webrtc org Accessed
    Webrtc
  • Indexed database http www org Accessed
    IndexedDB
  • Anonymous communication using social networks In
    Mittal
  • Website - targeted false content injection by network operators arXiv preprint arXiv
    Nakibly
  • traversal utilities for stun https tools ietf org html rfc Accessed
    Session
  • Squirrel decentralized peer to peer web cache In
    Iyer
  • Anonymous communication using social networks In
    Mittal
  • Understanding churn in peer - topeer networks In Proceedings of the th SIGCOMM conference on Internet measurement pages
    Stutzbach
  • crypto js Javascript implementations of standard and secure cryptographic algorithms https code google com p cryptojs Accessed
  • Salsa a structured approach to large - scale anonymity In
    Nambiar
  • resistant dht routing In
    Danezis
  • The invisible internet project https geti net en Accessed
  • http www swarmify com Accessed
    Swarmify
  • Survey of network - based defense mechanisms countering the dos and ddos problems
    Peng
  • tor scalable anonymous communication using private information retrieval In
    Mittal
  • know where you ve been : Geo - inference attacks via the browser cache
    Jia
  • Total transfer size total requests http httparchive org trends php Accessed
  • traversal utilities for stun https tools ietf org html rfc Accessed
    Session
  • Bringing to the web privacy in the firecoral network In
    Terrace
  • http www swarmify com Accessed
    Swarmify
  • The anonymizer Protecting user privacy on the web Mediated Communication Magazine
    Boyan
  • Design of a type iii anonymous remailer protocol In
    Danezis
  • Internet cache pollution attacks and countermeasures In
    Gao
  • Anonymity analysis of anonymous communication systems
    Zhang
  • Navigator Finding faster paths to anonymity In Euro
    Annessi
  • Sicker Light weight anonymity for bittorrent In
    Bauer
  • Anonymity analysis of anonymous communication systems
    Zhang
  • Congestionaware path selection for tor In FC
    Wang
  • Peer - assisted content distribution in akamai netsession In
    Zhao
  • The design of the advanced encryption standard
    Daemen
  • https peercdn com
    Peercdn
  • psp http www psp org webrtc streaming Accessed
  • http bem tv Accessed
    Bemtv
  • Ting Measuring and exploiting latencies between all tor nodes In
    Cangialosi
  • psp http www psp org webrtc streaming Accessed
  • Experiences with coralcdn five year operational view In
    Freedman
  • Towards measuring anonymity In PET
    Diaz
  • Crowds Anonymity for web transactions
    Reiter
  • iftop display bandwidth usage on an interface http www exparrot com pdw iftop Accessed
  • protocol version
    Möller
  • Understanding web browsing behaviors through weibull analysis of dwell time In
    Liu
  • crypto js Javascript implementations of standard and secure cryptographic algorithms https code google com p cryptojs Accessed
  • Towards measuring anonymity In PET
    Diaz
  • Democratizing content publication with coral In
    Freedman
  • Should internet service providers fear peer - assisted content distribution In
    Karagiannis
  • The peerjs http peerjs com Accessed
  • Reliable client accounting for pinfrastructure hybrids In
    Aditya
  • Blond look at targeted attacks through the lense of an ngo In
    Le
  • Understanding hybrid cdn why limelight needs its own red swoosh In
    Huang
  • Navigator Finding faster paths to anonymity In Euro
    Annessi
  • Optimal sybil - resistance for recommendation systems In
    Yu
  • Optimal sybil - resistance for recommendation systems In
    Yu
  • Introducing morphmix : peer - topeer based anonymous internet usage with collusion detection In
    Rennhard
  • Crowds Anonymity for web transactions
    Reiter
  • http www akamai com Accessed
    Akamai
  • specification http www org TR geolocation API Accessed
    Geolocation
  • Indexed database http www org Accessed
    IndexedDB
  • Understanding overlay characteristics of a large - scale peer - to - peer iptv system
    Vu
  • peer - to - peer anonymous communication using redundant structured topologies In
    Mittal
  • transport layer security https tools ietf org html rfc Accessed
    Datagram
  • netsession interface http www akamai com client Accessed
    Akamai
  • peer - to - peer anonymous communication using redundant structured topologies In
    Mittal
  • anonymity and anonymous peer - to - peer file sharing In
    Scarlata
  • The transport layer security tls protocol https tools ietf org html rfc Accessed
  • http www webrtc org Accessed
    Webrtc
  • Introducing morphmix : peer - topeer based anonymous internet usage with collusion detection In
    Rennhard
  • Tor The second - generation onion router In
    Dingledine
  • Democratizing content publication with coral In
    Freedman
  • Sicker Light weight anonymity for bittorrent In
    Bauer
  • Understanding overlay characteristics of a large - scale peer - to - peer iptv system
    Vu
  • http www akamai com Accessed
    Akamai
  • Reliable client accounting for pinfrastructure hybrids In
    Aditya
  • Network address translation http en wikipedia org wiki Network address translation Accessed
  • Design of a type iii anonymous remailer protocol In
    Danezis
  • http www velocix com Accessed
    Velocix
  • Website - targeted false content injection by network operators arXiv preprint arXiv
    Nakibly
  • Anonymous communication in the browser via onion - routing
    Burgstaller
  • Survey of network - based defense mechanisms countering the dos and ddos problems
    Peng
  • The invisible internet project https geti net en Accessed
  • netsession interface http www akamai com client Accessed
    Akamai
  • specification http www org TR geolocation API Accessed
    Geolocation
  • The transport layer security tls protocol https tools ietf org html rfc Accessed
  • https www cloudflare com Accessed
    Cloudflare
  • Tarzan peer to - peer anonymizing network layer In
    Freedman
  • Privacy preserving data sharing with oneswarm In
    Isdal
  • Man in the browser cache Persisting https attacks via browser cache poisoning Computers
    Jia
  • The data url scheme http tools ietf org html rfc Accessed
  • Goldschlag Anonymous connections onion routing SAC
    Reed
  • https www cloudflare com Accessed
    Cloudflare
  • https www wireshark org Accessed
    Wireshark
  • https www wireshark org Accessed
    Wireshark
  • Congestionaware path selection for tor In FC
    Wang
  • Squirrel decentralized peer to peer web cache In
    Iyer
  • http www tribler org Accessed
    Tribler
  • Blond look at targeted attacks through the lense of an ngo In
    Le
  • The weibull distribution http reliawiki org index php The Weibull Distribution Accessed
  • http www octoshape com Accessed
    Octoshape
  • lowlatency as aware tor client In
    Akhoondi
  • Experiences with coralcdn five year operational view In
    Freedman
  • practical attack to de - anonymize social network users In
    Wondracek
  • http bem tv Accessed
    Bemtv
  • Understanding churn in peer - topeer networks In Proceedings of the th SIGCOMM conference on Internet measurement pages
    Stutzbach
  • anonymity and anonymous peer - to - peer file sharing In
    Scarlata
  • http www velocix com Accessed
    Velocix
  • Internet cache pollution attacks and countermeasures In
    Gao
  • transport layer security https tools ietf org html rfc Accessed
    Datagram
  • http www tribler org Accessed
    Tribler
  • http www octoshape com Accessed
    Octoshape
  • resistant dht routing In
    Danezis