Files in this item



application/pdfMittal_Prateek.pdf (403kB)
(no description provided)PDF


Title:A security evaluation of the salsa anonymous communication system
Author(s):Mittal, Prateek
Advisor(s):Borisov, Nikita
Department / Program:Electrical & Computer Eng
Discipline:Electrical & Computer Engr
Degree Granting Institution:University of Illinois at Urbana-Champaign
Selective denial-of-service attacks
Abstract:We evaluate a state of the art P2P anonymous communication system, Salsa. Salsa is based on a distributed hash table, and uses secure lookups to locate relays for anonymous communication. To analyze user anonymity in Salsa, we first build an analytic model for the lookup security in Salsa, and model its path building mechanism as a stochastic activity network in the M\"{o}bius framework. Next, we analyze information leaks in the lookup mechanisms of Salsa and show how these leaks can be used to compromise anonymity. We show that the techniques that are used to combat active attacks on the lookup mechanism dramatically increase information leaks and increase the efficacy of passive attacks. Thus there is a tradeoff between active and passive attacks. We find that, by combining both passive and active attacks, anonymity can be compromised much more effectively than previously thought. We also show that Salsa is vulnerable to a selective DoS attack, where an adversary denies service whenever he/she is unable to compromise user anonymity. This attack is devastating for user anonymity in Salsa, rendering the system insecure for most proposed uses. Finally, we perform a first step towards an entropy based evaluation of Salsa, instead of considering the binary metric of path compromise, which results in an even lower user anonymity. Our study therefore motivates the search for new approaches to P2P anonymous communication.
Issue Date:2010-05-19
Rights Information:Copyright 2010 Prateek Mittal
Date Available in IDEALS:2010-05-19
Date Deposited:May 2010

This item appears in the following Collection(s)

Item Statistics