Improving Anonymity using Social Links

Krishna P. N. Puttaswamy
Alessandra Sala
Ben Y. Zhao

IEEE International Workshop on Secure Network Protocols (NPSec 2008)

[Full Text in GZIP PS Format, 80KB]
[Full Text in PDF Format, 164KB]

Paper Abstract

Protecting user privacy in network communication is vital in today's open networking environment. Current anonymous routing protocols provide anonymity by forwarding traffic through a static path of randomly selected relay nodes. In practice, however, malicious relays can perform passive logging attacks to compromise the anonymity of a flow. This degradation is accelerated when nodes fail, forcing source node to reconstruct a path, and in doing so, leaking more information to passive loggers. This "predecessor attack" is highly effective and difficult to defend against on current systems. In this paper, we propose a highly effective approach to blocking predecessor attacks by leveraging trusted links from social networks. We first show how users can completely shield themselves from traditional logging attacks. We then propose a hybrid logging attack optimized for social networks, and perform detailed analysis to show that we can defend against it using optimized path selection techniques. Finally, we analyze detailed measurement traces from Facebook to show that our approach is indeed feasible given the user behavior in social networks today.