Feedback and Optimisation for Well-behaved Anonymous Communication Networks
Lead Research Organisation:
University of Edinburgh
Department Name: Sch of Informatics
Abstract
Anonymous communication networks (ACNs), like Tor and mix networks, protect our sensitive communication meta-data, such as whom we talk with, how often we chat and for how long. This meta-data is privacy sensitive since it can be used to reveal secrets that might otherwise be hidden, even when end-to-end encryption is used. This project is timely since mainstream interest in communication privacy on the Internet has grown since the Snowden-revelations about state-level mass surveillance.
However, it is a challenge for ACNs to be deployed since it is hard to tune system parameters that matches the actual realised level of privacy.
This is due to the fact that the privacy, security, and performance of ACNs
is critically impacted by environmental conditions and user behaviour. For example, it is often assumed that
messages are not fragmented---broken up into smaller pieces---as they flow over the network. However,
the reality is that messages are routinely broken up for performance reasons. Similarly, it is assumed that there is a constant level of user activity, however, users tend to have diurnal activity cycles with bursts and lulls throughout the day.
To remedy this current situation, this project aims to bridge the fundamental gaps and provides a framework and a set of methodologies to measure, analyse, and tune ACNs in realistic settings.
It does this by pursuing three objectives:
1. Mapping & Tuning: New analysis to uncover and formalise relationships between abstract security parameters and real-world network measurements with the view to optimally tune the ACN.
2. Feedback: Investigate novel ACN designs with feedback loops that provide the ability to automatically tune security parameters at run time.
3. Use-case validation: Evaluate in targeted use-cases of email, web-browsing, and IoT data collection systems to validate the automated tuning methodology.
A common occurrence motivates the need for this project. Let us consider an email provider desiring to provide user anonymity as a market differentiator. Referring to the state-of-the-art in the email-securing mix networks literature it is difficult for the non-expert to reason how to correctly parametrise the mix network for the email provider's particular user base. Mapping & Tuning are the missing ingredients holding back deployment. Given a tuned ACN at start-up time, Feedback can be employed to automatically set and adjust the security parameters necessary for the email anonymity service at run time. The provider nor its system administrator needs to become expert in ACN design nor the abstract privacy metrics necessary for manual tuning.
This project will leverage recent advancements in the design of mix networks and privacy-preserving network data collection as the basis of our building blocks from which we can extend and enhance. The lasting positive impact of the resultant trustworthy intelligent and adaptive ACNs will be increased adoption and therefore robust privacy for the UK and global public. The technology, data-sets, and tooling developed will open-sourced and will be a boost to the UK privacy technologies marketplace.
However, it is a challenge for ACNs to be deployed since it is hard to tune system parameters that matches the actual realised level of privacy.
This is due to the fact that the privacy, security, and performance of ACNs
is critically impacted by environmental conditions and user behaviour. For example, it is often assumed that
messages are not fragmented---broken up into smaller pieces---as they flow over the network. However,
the reality is that messages are routinely broken up for performance reasons. Similarly, it is assumed that there is a constant level of user activity, however, users tend to have diurnal activity cycles with bursts and lulls throughout the day.
To remedy this current situation, this project aims to bridge the fundamental gaps and provides a framework and a set of methodologies to measure, analyse, and tune ACNs in realistic settings.
It does this by pursuing three objectives:
1. Mapping & Tuning: New analysis to uncover and formalise relationships between abstract security parameters and real-world network measurements with the view to optimally tune the ACN.
2. Feedback: Investigate novel ACN designs with feedback loops that provide the ability to automatically tune security parameters at run time.
3. Use-case validation: Evaluate in targeted use-cases of email, web-browsing, and IoT data collection systems to validate the automated tuning methodology.
A common occurrence motivates the need for this project. Let us consider an email provider desiring to provide user anonymity as a market differentiator. Referring to the state-of-the-art in the email-securing mix networks literature it is difficult for the non-expert to reason how to correctly parametrise the mix network for the email provider's particular user base. Mapping & Tuning are the missing ingredients holding back deployment. Given a tuned ACN at start-up time, Feedback can be employed to automatically set and adjust the security parameters necessary for the email anonymity service at run time. The provider nor its system administrator needs to become expert in ACN design nor the abstract privacy metrics necessary for manual tuning.
This project will leverage recent advancements in the design of mix networks and privacy-preserving network data collection as the basis of our building blocks from which we can extend and enhance. The lasting positive impact of the resultant trustworthy intelligent and adaptive ACNs will be increased adoption and therefore robust privacy for the UK and global public. The technology, data-sets, and tooling developed will open-sourced and will be a boost to the UK privacy technologies marketplace.
People |
ORCID iD |
| Mohammad Tariq Ehsan Elahi (Principal Investigator) |
| Description | We have discovered that it is not necessary to use sophisticated control systems that utilise state-space or other methods. It turns out that PID control, a classic approach, provides a robust enough and performant enough solution. |
| Exploitation Route | We believe that real-world deployments can benefit by integrating our findings and control and feedback mechanisms to better protect existing operational anonymous communication networks. Of course, there are still challenges of how we can implement and deploy these changes that do not disrupt the current operations but could be phased in. |
| Sectors | Digital/Communication/Information Technologies (including Software) |
| Title | Data-driven Mixnet security parameter relationship explorer |
| Description | Using any open-source mix network simulator (of which there are currently two that are public) our methodology and tool-chain provide insights into the dynamic behaviour of mix networks and how system parameters contribute to the security and performance of the mix network. Our tool-chain incorporates the mix network simulator into a testing harness that is controlled by scripts to collect empirical results from the executing of the mix network under relevant system parameter configurations. This automation reduces the time and error rates from the manual approach that would be necessary in the absence of our tools. The tool-chain links together the data pipeline from acquisition, to cleaning, to processing, to producing results. The user can configure the experiment parameters (these are the system parameters to test, the number of runs per experiment, etc) and then the tool-chain automates the rest. |
| Type Of Material | Improvements to research infrastructure |
| Year Produced | 2022 |
| Provided To Others? | No |
| Impact | We have been successful in establishing an empirically-derived equation linking two mix network security parameters. This equation has been verified under different network topologies (using our tool-chain) that are relevant to real world deployments in mix networks. This was a critical step in allowing us to make progress on the overarching objective of the project which is to design control strategies for mix networks that are robust to changes in client behaviours. This results of this work are currently under preparation for submission. |
| Description | Systems security group talk |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Postgraduate students |
| Results and Impact | We have presented the progress of our work to a wider community of systems security researchers within the School of Informatics at the University of Edinburgh. This event is held weekly and attracts researchers in secure hardware, theoretical privacy and security, and privacy. It includes both faculty and postgraduate students. The aim of our talks was to provide a broad overview of our work and to communicate the challenges and approach we have adopted. The positive outcomes have been refinements on the problem definitions to make them more clear as well as getting technical feedback on aspects of systems security that are also relevant to our designs. |
| Year(s) Of Engagement Activity | 2021,2022 |