| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | February 17, 2010 |
| Latest Amendment Date: | February 24, 2014 |
| Award Number: | 0954133 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
Deborah Shands
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | March 1, 2010 |
| End Date: | February 29, 2016 (Estimated) |
| Total Intended Award Amount: | $499,880.00 |
| Total Awarded Amount to Date: | $515,880.00 |
| Funds Obligated to Date: |
FY 2011 = $119,003.00 FY 2012 = $137,866.00 FY 2013 = $68,944.00 FY 2014 = $65,498.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
701 S NEDDERMAN DR ARLINGTON TX US 76019-9800 (817)272-2105 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
701 S NEDDERMAN DR ARLINGTON TX US 76019-9800 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): |
Networking Technology and Syst, TRUSTWORTHY COMPUTING, Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01001112DB NSF RESEARCH & RELATED ACTIVIT 01001213DB NSF RESEARCH & RELATED ACTIVIT 01001314DB NSF RESEARCH & RELATED ACTIVIT 01001415DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Overlay anonymity systems like Tor are effective against many kinds of attacks
on privacy, but they have significantly slower network performance than regular
Internet traffic. The purpose of this project is to explore the design of
anon.next, an anonymity system for the next-generation Internet. In anon.next,
we embed anonymizing proxies into new Internet architectures, so that the
network itself can provide efficient and effective privacy protection in a way
that overlay designs cannot. This project seeks to make major advances in two
areas key to the design of anon.next. First, methods to construct
high-throughput paths of anonymizing proxies to route the user's packets to
their destinations with minimal leakage of privacy. Second, secure methods to
locate those proxies without relying on centralized directory servers or
exposing the users' packet routes. Both components require us to develop new
metrics for the privacy provided by a given anonymizing path and by the system
as a whole. We are conducting analysis and simulation studies and validating
these with extensive experimentation on GENI testbeds. These efforts will
provide major insights into the design of anonymity systems, which provide
personal privacy as well as censorship resistance and protection for
whistle-blowers, journalists, and intelligence services. Our project is also
part of the large effort required to understand and design distributed systems
in the next-generation Internet. This project involves students at many levels,
including middle and high school students in summer camp settings,
undergraduate students in research into finding new attacks against our
systems, and graduate students.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Anonymity systems like Tor provide privacy and security for Internet users, particularly groups such as journalists, whistleblowers, activists, intelligence agencies, and police. As research grows in the area of future Internet designs, such as with NSF's GENI testbed, it isimportant to build anonymity systems that work for these designs as well the current Internet. In this project, we explored three major directions related toanonymity systems and next-generation Internet anonymity: 1. topology, 2. traffic analysis, and 3. P2P designs.
1. In the area of topology, our Dovetail design raised the bar on security for future Internet anonymity systems that protect privacy while maintaining much lower costs than today's systems like Tor. Compared with the prior work, which did not protect users from local eavesdroppers, Dovetail offers protection against any single point of attack in the network. An overview of the Dovetail design is shown in Fig. 1. We investigated the privacy of this approach in extensive simulations on full Internet topologies, finding it provides effective resilience against an attacker anywhere in the system. Beyond this, we also studied topologies for systems providing high security against eavesdroppers, finding algorithms to select efficient connections between relays. Finally, we explored path selection in theTor system for more efficient and secure connections.
2. With traffic analysis, an attacker can undermine the privacy protections of an anonymity system by observing some of the system's activity and inferring the link between a sender and receiver. For our work on traffic analysis, we examined both short-term and long-term attacks against anonymity systems, as well as defenses against these attacks. In a series of works on stepping stone detection and covert channels, we demonstrated ways for communications to evade observation and blend in with other traffic. For long-term traffic analysis, we explored novel attacks and novel defenses like receiver-bound cover, in which the anonymity system sends extra traffic to the users' destinations. Our findings are informing the design of Lilac, a highly secure and usable anonymous chat service that we are developing and is available to try at http://thelilacproject.org. Fig. 2 shows a screenshot of the service.
3. Systems like Tor rely on centralized servers to gather and distribute critical information that users need to connect securely, but this approach is vulnerable to malicious hackers and denial-of-service attacks. Peer-to-peer (P2P) designs provide a decentralized way to access information about relays in Tor and matchmaker nodes in Dovetail. Such designs, however, are challenging to design securely when considering the range of possible attacks. We explored a technique by which many P2P systems can be improved through building reputation on inferred paths in the system. Our experiments showed that, perhaps surprisingly, sharing reputation information in this setting is counterproductive. Analysis further demonstrated the security of our techniques against a range of attacker strategies. We also explored a P2P anonymity design called Pisces that leverages social network information to significantly improve the security of path selection in a P2P anonymity system compared to the state of the art.
Dissemination: The project findings were disseminated in numerous publications in leading conferences and journals. As the principle investigator for this project, Dr. Wright gave 17 invited talks about the work.
Dr. Wright was the program co-chair of the Privacy EnhancingTechnologies Symposium in 2012 and 2013 as well as the co-chair of a DIMACS working group on measuring anonymity in May 2013. He served on a panel for an NSF CAREER workshop in May 2013. These efforts to serve ...
Please report errors in award information by writing to: awardsearch@nsf.gov.
