A security evaluation of the salsa anonymous communication system
Mittal, Prateek
Content Files
Mittal_Prateek.pdf
Loading…
Download Files
Loading…
Download Counts (All Files)
Loading…
Edit File
Loading…
Permalink
https://hdl.handle.net/2142/16135
Description
Title
A security evaluation of the salsa anonymous communication system
Author(s)
Mittal, Prateek
Issue Date
2010-05-19T18:38:25Z
Director of Research (if dissertation) or Advisor (if thesis)
Borisov, Nikita
Department of Study
Electrical & Computer Eng
Discipline
Electrical & Computer Engr
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
M.S.
Degree Level
Thesis
Date of Ingest
2010-05-19T18:38:25Z
Keyword(s)
anonymity
information-leaks
Selective denial-of-service attacks
peer-to-peer
Abstract
"We evaluate a state of the art P2P anonymous communication system, Salsa. Salsa is based on a distributed hash table, and uses secure lookups to locate relays for anonymous communication. To analyze user anonymity in Salsa, we first build an analytic model
for the lookup security in Salsa, and model its path building mechanism as a stochastic activity network in the M\""{o}bius framework.
Next, we analyze information leaks in the lookup mechanisms of Salsa and show how these leaks can be used to compromise anonymity. We show that the techniques that are used to combat active attacks on the lookup mechanism dramatically increase information leaks and increase the efficacy of passive attacks. Thus there is a tradeoff between active and passive attacks. We find that, by combining both passive and active attacks, anonymity can be compromised much more effectively than previously thought.
We also show that Salsa is vulnerable to a selective DoS attack, where an adversary denies service whenever he/she is unable to compromise user anonymity. This attack is devastating for user anonymity in Salsa, rendering the system insecure for most proposed uses. Finally, we perform a
first step towards an entropy based evaluation of Salsa, instead of considering
the binary metric of path compromise, which results in an even lower user anonymity.
Our study therefore motivates the search for new approaches to P2P anonymous communication."
Use this login method if you
don't
have an
@illinois.edu
email address.
(Oops, I do have one)
IDEALS migrated to a new platform on June 23, 2022. If you created
your account prior to this date, you will have to reset your password
using the forgot-password link below.
Mittal_Prateek.pdf
