ANON: an IP-layer anonymizing infrastructure

Author

Cheng, Chen-Mou ; Kung, H.T. ; Tan, Koan-Sin ; Bradner, Scott

Volume

2

fYear

2003

fDate

22-24 April 2003

Firstpage

78

Abstract

This paper demonstrates an IP-layer anonymizing infrastructure, called ANON, which allows server addresses to be hidden from clients and vice versa. In providing address anonymity, ANON uses a network resident set of IP-layer anonymizing forwarders that can forward IP packets with nested encryption and decryption applied to their source and destination addresses. To prevent adversaries from compromising the anonymity by learning the forwarding path, ANON incorporates a suite of countermeasures, including link padding and non-malleable, semantically secure link encryption. To prevent denial of service (DoS) attacks through the anonymizing infrastructure itself ANON uses rate limiting. Finally, to increase the resilience against attacks and infrastructure failures, ANON uses redundant forwarders with anycast addresses and a fault-tolerant overlay network to connect forwarders.

Keywords

Internet; client-server systems; cryptography; data privacy; fault tolerant computing; protocols; ANON; DoS attacks; IP packets; IP-layer anonymizing infrastructure; Internet; address anonymity; anonymizing forwarders; anycast addresses; client address hiding; countermeasures; decryption; denial of service; fault-tolerant overlay network; infrastructure failures; link padding; nested encryption; network resident set; nonmalleable encryption; rate limiting; redundant forwarders; semantically secure link encryption; server address hiding; Computer crime; Cryptography; Fault tolerance; Monitoring; Network servers; Probes; Tagging; Telecommunication traffic; Timing; Traffic control;

fLanguage

English

Publisher

ieee

Conference_Titel

DARPA Information Survivability Conference and Exposition, 2003. Proceedings

Print_ISBN

0-7695-1897-4

Type

conf

DOI

10.1109/DISCEX.2003.1194926

Filename

1194926