Fredrickson, K. (CSE) – Practical Anonymity with Formal Resistance to Traffic Analysis

Anonymous communication systems hide who is talking to whom, not just what is said. However, existing systems are either vulnerable to traffic analysis attacks–attacks where adversaries observe and correlate the network traffic of users–or are forced to rely on unrealistic and unenforceable assumptions about how users behave. Worse, existing theory lacks tools to rigorously model traffic analysis attacks, much less inform whether if a system is secure against traffic analysis or how to design systems that are.

We make several contributions toward our goal of practical anonymity systems that resist traffic analysis. First, we develop the first formal framework for describing the security of systems against traffic analysis attacks, allowing us to quantitatively describe and compare the security of all existing works. Second, leveraging this framework, we develop a security definition that distinguishes between systems that are and are not susceptible to traffic analysis. We call this property input/output independence. We use this definition to prove that the dominant model of systems–synchronous systems–cannot practically provide input/output independence. We then design a new asynchronous anonymity functionality, deferred retrieval, that achieves input/output independence with far more flexible user assumptions and up to 3400 times less traffic overhead for the same latency compared to prior methods. Finally, we design and implement Sparta, a family of high-throughput, scalable instantiations of deferred retrieval using trusted execution environments and oblivious algorithms, yielding the first practical anonymity systems that are formally resistant to long-term traffic analysis.

Event Host: Kyle Fredrickson, Ph.D. Candidate, Computer Science and Engineering

Advisor: Darrell Long

Zoom – https://ucsc.zoom.us/j/98133127429?pwd=QNICsMrQa6bQUKNPo40PthZyQEQCFl.1

Passcode – 242206