University of Illinois Urbana-Champaign

A security evaluation of the salsa anonymous communication system

Mittal, Prateek

Permalink

https://hdl.handle.net/2142/16135

Description

Title
A security evaluation of the salsa anonymous communication system
Author(s)
Mittal, Prateek
Issue Date
2010-05-19T18:38:25Z
Director of Research (if dissertation) or Advisor (if thesis)
Borisov, Nikita
Department of Study
Electrical & Computer Eng
Discipline
Electrical & Computer Engr
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
M.S.
Degree Level
Thesis
Keyword(s)
  • anonymity
  • information-leaks
  • Selective denial-of-service attacks
  • peer-to-peer
Abstract
"We evaluate a state of the art P2P anonymous communication system, Salsa. Salsa is based on a distributed hash table, and uses secure lookups to locate relays for anonymous communication. To analyze user anonymity in Salsa, we first build an analytic model for the lookup security in Salsa, and model its path building mechanism as a stochastic activity network in the M\""{o}bius framework. Next, we analyze information leaks in the lookup mechanisms of Salsa and show how these leaks can be used to compromise anonymity. We show that the techniques that are used to combat active attacks on the lookup mechanism dramatically increase information leaks and increase the efficacy of passive attacks. Thus there is a tradeoff between active and passive attacks. We find that, by combining both passive and active attacks, anonymity can be compromised much more effectively than previously thought. We also show that Salsa is vulnerable to a selective DoS attack, where an adversary denies service whenever he/she is unable to compromise user anonymity. This attack is devastating for user anonymity in Salsa, rendering the system insecure for most proposed uses. Finally, we perform a first step towards an entropy based evaluation of Salsa, instead of considering the binary metric of path compromise, which results in an even lower user anonymity. Our study therefore motivates the search for new approaches to P2P anonymous communication."
Graduation Semester
2010-5
Permalink
http://hdl.handle.net/2142/16135
Copyright and License Information
Copyright 2010 Prateek Mittal

Owning Collections

Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at Illinois
Dissertations and Theses - Electrical and Computer Engineering
Dissertations and Theses in Electrical and Computer Engineering