Abstract
This paper describes an IP-layer anonymizing infrastructure, called ANON which allows server addresses to be hidden from clients and vice versa. In providing address anonymity, ANON uses a network resident set of IP-layer anonymizing forwarders that can forward IP packets with nested encryption and decryption applied to their source and destination addresses. To prevent adversaries from compromising the anonymity by learning the forwarding path, ANON incorporates a suite of countermeasures, including non-malleable, semantically secure link encryption and link padding. To lower the bandwidth cost of padding traffic, two novel algorithms are suggested: on demand link padding and probabilistic link padding. To prevent inband denial of service (DoS) attacks through the anonymizing infrastructure itself ANON uses rate limiting. Finally, ANON makes use of fault-tolerant transport networks to enhance its resilience against failures and out-band attacks.
Original language | English |
---|---|
Title of host publication | Proceedings - DARPA Information Survivability Conference and Exposition, DISCEX 2003 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 62-75 |
Number of pages | 14 |
ISBN (Electronic) | 0769518974, 9780769518978 |
DOIs | |
State | Published - 2003 |
Externally published | Yes |
Event | DARPA Information Survivability Conference and Exposition, DISCEX 2003 - Washington, United States Duration: 22 04 2003 → 24 04 2003 |
Publication series
Name | Proceedings - DARPA Information Survivability Conference and Exposition, DISCEX 2003 |
---|---|
Volume | 1 |
Conference
Conference | DARPA Information Survivability Conference and Exposition, DISCEX 2003 |
---|---|
Country/Territory | United States |
City | Washington |
Period | 22/04/03 → 24/04/03 |
Bibliographical note
Publisher Copyright:© 2003 IEEE.
Keywords
- Authentication
- Bandwidth
- Computer crime
- Costs
- Laboratories
- Monitoring
- Probability distribution
- Protocols
- Telecommunication traffic
- Testing