Paper 2017/1000
No right to remain silent: Isolating Malicious Mixes
Hemi Leibowitz and Ania Piotrowska and George Danezis and Amir Herzberg
Abstract
Mix networks are a key technology to achieve network anonymity, private messaging, voting and database lookups. However, simple mix networks are vulnerable to malicious mixes, which may drop or delay packets to facilitate traffic analysis attacks. Mix networks with provable robustness address this drawback through complex and expensive proofs of correct shuffling, but come at a great cost and make limiting or unrealistic systems assumptions. We present {\em Miranda}, a synchronous mix network mechanism, which is {\em provably secure} against malicious mixes attempting active attacks to de-anonymize users, while retaining the simplicity, efficiency and practicality of mix networks designs. Miranda derives a robust mix reputation through the first-hand experience of mix node unreliability, reported by clients or other mixes. As a result, each active attack -- including dropping packets -- leads to reduced connectivity for malicious mixes and reduces their ability to attack. We show, through experiments, the effectiveness and practicality of Miranda by demonstrating that attacks are neutralized early, and that performance does not suffer.
Metadata
- Available format(s)
- Publication info
- Preprint. MINOR revision.
- Keywords
- Anonymitymix networksbyzantine attacks
- Contact author(s)
- leibo hemi @ gmail com
- History
- 2019-08-14: last of 3 revisions
- 2017-10-11: received
- See all versions
- Short URL
- https://ia.cr/2017/1000
- License
-
CC BY