Rumor Riding
Anonymizing Unstructured Peerto-Peer System
Jinsong Han and Yunhao Liu
Department of Computer Science
Hong Kong University of Science and Technology
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
1
Privacy
 the right to be let alone: one of the
rights most cherished by people.
 Who is talking to whom should be
confidential or private in the Internet.

Who is searching a public database?

Which movie are you downloading?

Which companies are collaborating?

Who are you talking to via e-mail?
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
2
However…
 Your machine’s IP uniquely identifies you across web
sites.
 Nothing illegal about cross-referencing.
 The goal of Internet anonymity: A host can
communicate with a server while nobody can
determine its identity
www.ticket-agency.com
www.insurance-advertisement.com
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
3
Anonymous Routing
 Anonymity is the state of being
indistinguishable from other members of
some group. Don’t know Who is Searching
or Downloading What from Whom.
 Main goal is to provide mechanism for
routing that hides initiator’s and
responder’s IP address.
 Not trying to protect content of message.
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
4
Previous Approaches:
Mainly Path-based
A
C
I
R
B
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
5
Path-based Examples: Mix & Onion
A
B
C
D
ABCD
Public keys IP
IPC IPD
IPC
IPB
M D IP IPD M D
C
IPC
B
IPD
IPD M D
C
C
B
IPD
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
M
APFS: Mutual Anonymity
Server
Client
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
7
Why NOT path-based?
 Path based
 Difficulty in path construction and maintenance
 Cryptographic computation overhead is high:
RSA-based
 Vulnerable to many attacks
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
8
Basic Goals: A New Mutual
Anonymity Protocol for P2P
 Non-path based Approach



No need to collect public keys for pre-construct a
“secured path”
Changing delivery paths often
Eliminating path maintenance overhead
 Lightweight: Symmetric key only
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
9
Query and Downloading in
Unstructured P2P Systems
 Flooding based query
 Reversed path based response
 Direct downloading
Initiator
Query
Responder
Response
Downloading
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
10
Our Design: Rumor Riding
IPsaq
sower sa
C=Encrypt( q )K
C
q, IPsa
Responder
K
Initiator I
Cipher rumor
Flooding
Key rumor
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
11
Response
sower sa
Responder
Initiator I
sower sb
Response cipher
Reversed path of
rumor
TCP Link
cipher rumor
IPsbRe
IPsa
Response key
Reversed Path
rumor
of key rumor
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
12
Confirm
sower sc
Responder
Initiator I
Confirm
cipher
Reversed
path of
response
rumor
cipher
rumor
TCP Link
sower sb
Confirm
Reversed
pathkey
of response
rumor
key
rumor
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
13
File Delivery
sower sa
Responder
Initiator I
Data rumor
Data rumor
TCP Link
sower sd
Data rumor
Data rumor
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
14
Several Important Issues
Setting of rumors



Can rumors meet?
Ideal collision distance?
How many sowers and where are they?
 Overhead


Traffic overhead
Cryptographic overhead
 Response time of queries
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
15
Trace Driven Simulation
 Physical network: BRITE, 30,000 - 100,000
nodes
 Overlay network: real traces, within 105
nodes (Clip2 and Ion P2P )
 Each peer issues 0.3 queries per minute
 Peer dynamically coming and leaving

Mean: 10 minutes
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
16
Collision Rate
Theoretical
vs.
Simulation
-The collision rates in the P2P topology are usually higher than the
theoretical results
-The suggested number of rumors k and TTL value of each rumor (also
the path length of each rumor) L is k × L ≥ 100
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
17
Collision Distance
 If L is larger than 25 (1 ≤ k ≤ 6), the average collision distance is no
less than 5
 When the rumors’ TTL value L is larger than 30 for k = [1..6], over
90% sowers have a collision distance larger than 5
 L > 30 and 1 ≤ k ≤ 6 can effectively guarantee the safe collision
distance and approximate random distribution of sowers.
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
18
Sower Number
Number of sowers
50
40
30
(1,1)-RR
(2,2)-RR
(3,3)-RR
(4,4)-RR
(5,5)-RR
(6,6)-RR
20
10
0
0
20
40
60
Path length of rumors
80
100
 At the least a number of sowers for each query, but obviously too
many sowers will lead to heavy overhead
 Each (k, k)-Rumor Riding scheme has no more than 10 sowers when
k × L ≤ 200
 k × L should be in a range [100, 200] in order to meet both the
reliability and the scalability requirements
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
19
Cumulative precentage of queries (%)
Traffic Overhead
100
80
60
40
20
0
0
Shortcut
(1,1)-RR
(2,2)-RR
(3,3)-RR
(4,4)-RR
(5,5)-RR
(6,6)-RR
2
4
6
8
10
Average extra traffic overhead per queryx 106
 The (6, 6)-RR is the only one larger than the
Shortcut (ICDCS’03) in the average traffic cost
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
20
Cumulative precentage of queries (%)
Cumulative precentage of queries (%)
Response Time
1
0.8
500
Shortcut
(1,1)-RR
(2,2)-RR
(3,3)-RR
(4,4)-RR
(5,5)-RR
(6,6)-RR
1
1000
1500
2000
0.6
Response time (ms)
0.8
2500
0.4
0.6
0.2
0.4
0
0
0.2
500
Shortcut
(1,1)-RR
(2,2)-RR
(3,3)-RR
(4,4)-RR
1000
1500
2000 (5,5)-RR
2500
Response time (ms)
(6,6)-RR
0
 Multiple rumor
would2000
reduce
0
500scheme
1000
1500
2500 the response
latency effectively
 Also incur more traffic overhead and message
replications
Response time (ms)
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
21
Cryptographic Overhead
5
6
10
Shortcut
Rumor riding(k<7)
Processing overhead
Processing overhead
10
4
10
3
10
2
10
0
Shortcut
Rumor riding(k<7)
5
10
4
10
3
10
2
20
40
60
Path length
80
100
10
0
20
40
60
Path length
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
80
100
22
Prototype Implementation
Experience
 Examined the throughput of algorithms

Key generation, 128 bits AES En/Decryption,
CRC-32, 1024bits RSA En/Decryption
TABLE I Throughput of Algorithms
Algorithms
Throughput (Mbytes/s)
128-bit AES key generation
0.217±0.00443
128-bit AES Encryption
8.155±0.256
CRC-32 calculation
137.48±4.79
1024-bit RSA Encryption
0.148±0.00280
1024-bit RSA Decryption
0.00670±0.000126
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
23
Thank you !
Jinsong Han and Yunhao Liu
HKUST
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
24
Background
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
25
Peer-to-Peer Model (P2P)
 Peer to Peer(P2P)
 Fully utilizing the resource of the whole system
 Peers are both clients and servers in an overlay
network
 Unstructured P2P architecture
 Centralized, Decentralized, and Hybrid
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
26
Broadcasting Based
 Broadcast or multicast
 Using the receivers’ public key to
encrypt the message
 P5 (S&P’02)
Responder
Initiator
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
27
Anonymity Guarantees
Message coding attack
Withstands attacks
Local collaborating attack
Withstands unless all neighbors
are malicious
Timing attack
Withstands attacks
Traceback attack
Withstands unless global
adversary
Predecessor attack
Withstands attacks
Traffic analysis attack
Withstands attacks
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
28
Message Coding Attack
 Attackers analyze the message coding format
 Especially effective to fresh nodes

The fresh node would lose its anonymity immediately if
sending first plaintext query to the observer.
 Solving method: encryption

RR uses AES encryption and split the message into two
parts. Any single rumor will not expose the information of
the query.
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
29
Local Collaborating
 Two collaborating adversaries could be neighbors of
the initiator.
 To confuse the local adversaries, a sower selects a
subset of its neighbors to send the plaintext query,
and the two collaborating nodes will not receive the
(plaintext+cipher/key).
I
c
a
s
k
b
a
b
I and s will not send the plaintext query to a and b
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
30
Time and Traffic Analysis
 Check the correlation between two traffics
I
P1
Pn
∆t
∆t’
k
K+1
1:00
1:05
1
R
2
k
Time difference
Packet number account
K’
K’+1
1:20
1:25
1
2
k
Latency analysis
Clogging packets
Shaping the traffic
……
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
31
Invulnerable to Timing & Traffic
Analysis Attack
 The random walking property of rumors
make it hard to build the correlation of
traffics
 Messages of a query cycle are not
belonging to a same traffic
 No continuous path in RR
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
32
Predecessor Attack
 Predecessor attack



 RR


An initiator repeatedly communicates to a specific
responder in many rounds
Adversaries simply log any node that sends a message to
the path
In this case, the initiator is most likely the one which
appears more
Rumors correlating to a message walk randomly and
interact with random sowers unpredictably
Sowers are not fixed
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12
33