Balancing accountability and privacy in the network

Naylor, David; Mukerjee, Matthew K.; Steenkiste, Peter

doi:10.1145/2619239.2626306

Cited by 27 publications

(16 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To this end, we should not require large amounts of state, e.g., per-host state, on verifiers. In addition, packet verification should not require additional communication overhead (e.g., a challenge-response protocol [2], [39]) for checking the validity of the segments.…”

Section: A Path Segment As Receiver's Consentmentioning

confidence: 99%

SVLAN: Secure & Scalable Network Virtualization

Kwon¹,

Lee²,

Hähni³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Network isolation is a critical modern Internet service. To date, network operators have created a logical network of distributed systems to provide communication isolation between different parties. However, the current network isolation is limited in scalability and flexibility. It limits the number of virtual networks and it only supports isolation at host (or virtualmachine) granularity. In this paper, we introduce Scalable Virtual Local Area Networking (SVLAN) that scales to a large number of distributed systems and offers improved flexibility in providing secure network isolation. With the notion of destination-driven reachability and packet-carrying forwarding state, SVLAN not only offers communication isolation but isolation can be specified at different granularities, e.g., per-application or per-process. Our proof-of-concept SVLAN implementation demonstrates its feasibility and practicality for real-world applications.

show abstract

Section: A Path Segment As Receiver's Consentmentioning

confidence: 99%

SVLAN: Secure & Scalable Network Virtualization

Kwon¹,

Lee²,

Hähni³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…MorphIT shares a common vision with Network Confessional (NC) [11]: give ISPs an interface for supplying quality-of-service feedback to end users. Both proposals are different from approaches to Internet accountability that either resort to alternative Internet protocols, such as AIP [8] and APIP [32], or alternative designs of the whole Internet architecture, such as SCION [38]. However, unlike our system, NC does not target anonymity guarantees and may interfere with existing anonymous communication systems, Tor [6], by enabling global passive de-anonymization attacks [17,27,31].…”

Section: Related Workmentioning

confidence: 99%

MorphIT: Morphing Packet Reports for Internet Transparency

Fragkouli

Argyraki

Ford

2019

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Can we improve Internet transparency without worsening user anonymity? For a long time, researchers have been proposing transparency systems, where traffic reports produced at strategic network points help assess network behavior and verify service-level agreements or neutrality compliance. However, such reports necessarily reveal when certain traffic appeared at a certain network point, and this information could, in principle, be used to compromise low-latency anonymity networks like Tor. In this paper, we examine whether more Internet transparency necessarily means less anonymity. We start from the information that a basic transparency solution would publish about a network and study how that would impact the anonymity of the network’s users. Then we study how to change, in real time, the time granularity of traffic reports in order to preserve both user anonymity and report utility. We evaluate with real and synthetic data and show that our algorithm can offer a good anonymity/utility balance, even in adversarial scenarios where aggregates consist of very few flows.

show abstract

“…We want to support any architecture, and each architecture has a different header format. For example, the Accountable and Private Internet Protocol (APIP) [14] replaces IP's source addresses with two new addresses, a return address and an accountability address. Similarly, the Internet Indirection Infrastructure (i3) [16] uses a flow identifier in place of the ultimate destination.…”

Section: Goals and Challengesmentioning

confidence: 99%

“…Many techniques have been developed to prevent headers from leaking identity information (e.g., mixes, crowds, and onion routing). More recently, a number of network architectures have also focused on improving privacy [9,14,12]. However, none of these solutions can defend against an arbitrary adversary with unlimited capabilities.…”

Section: Introductionmentioning

confidence: 99%

Do You Know Where Your Headers Are? Comparing the Privacy of Network Architectures with Share Count Analysis

Naylor

Steenkiste

2015

Proceedings of the 14th ACM Workshop on Hot Topics in Networks

Self Cite

View full text Add to dashboard Cite

Online privacy is more important now than ever. Using encryption goes a long way by hiding application data from third parties, but some amount of private information is still exposed in packet headers. Tools like Tor are designed to address this concern, and, more recently, research efforts to replace IP have begun to consider how a network architecture itself can improve privacy. Unfortunately, we do not have a good way to quantitatively compare network architectures (in terms of privacy and in general). We take the first steps in this direction by presenting share count analysis, a methodology for measuring "how private" an architecture is. We describe our design and implementation and present initial results indicating that this approach is promising.

show abstract

Balancing accountability and privacy in the network

Cited by 27 publications

References 30 publications

SVLAN: Secure & Scalable Network Virtualization

SVLAN: Secure & Scalable Network Virtualization

MorphIT: Morphing Packet Reports for Internet Transparency

Do You Know Where Your Headers Are? Comparing the Privacy of Network Architectures with Share Count Analysis

Contact Info

Product

Resources

About