【 摘 要 】

We evaluate a state of the art P2P anonymous communication system, Salsa. Salsa is based on a distributed hash table, and uses secure lookups to locate relays for anonymous communication. To analyze user anonymity in Salsa, we first build an analytic model for the lookup security in Salsa, and model its path building mechanism as a stochastic activity network in the M\"{o}bius framework. Next, we analyze information leaks in the lookup mechanisms of Salsa and show how these leaks can be used to compromise anonymity. We show that the techniques that are used to combat active attacks on the lookup mechanism dramatically increase information leaks and increase the efficacy of passive attacks. Thus there is a tradeoff between active and passive attacks. We find that, by combining both passive and active attacks, anonymity can be compromised much more effectively than previously thought.We also show that Salsa is vulnerable to a selective DoS attack, where an adversary denies service whenever he/she is unable to compromise user anonymity. This attack is devastating for user anonymity in Salsa, rendering the system insecure for most proposed uses. Finally, we perform a first step towards an entropy based evaluation of Salsa, instead of consideringthe binary metric of path compromise, which results in an even lower user anonymity. Our study therefore motivates the search for new approaches to P2P anonymous communication.

【 预 览 】

附件列表

Files	Size	Format	View
A security evaluation of the salsa anonymous communication system	393KB	PDF	download