Resilient P2P Anonymous Routing by Using Redundancy

1
Resilient P2P Anonymous Routing by Using
Redundancy

• Yingwu Zhu

2
Outline

• Introduction
• Motivation
• Design
• Evaluation
• Conclusion and Future Work

3
Introduction

• Two main groups of anonymity protocols in the
  literature
• Multicast-based (through multicast groups)
• Mix-based (through a set of relay nodes)

4
Why P2P anonymous routing?

• A potentially large anonymity set
• Sidesteps political background and local
  jurisdiction issues
• Good scalability
• Communication patterns and heterogeneity of peer
  nodes location render P2P networks an appealing
  environment for hiding anonymous traffics

5
Motivation of this work

• Churn is a hurdle to P2P anonymous routing
• Complicates anonymous path construction in
  mix-based protocols, usually involving expensive
  asymmetric encryption/decryption
• Makes anonymous paths fragile and short-lived,
  resulting in message loss and communication
  failures

6
Naïve design

• Use broadcasting/multicasting
• But, it incurs costly bandwidth consumption due
  to
• Massive messages
• Cover traffics

7
Our approach

• Simple yet powerful idea routing resilience can
  be achieved by redundancy
• Message redundancy using erasure coding
• Path redundancy
• Using Onion Routing scheme
• Goals strike a balance between resilience and
  bandwidth cost while preserving sender anonymity

8
Our design (SimEra)

• A sender needs to anonymously send a message M to
  a responder
• Use erasure coding to spit M into n segments,
  each of length M/m
• Evenly distribute n segments over k paths, each
  of which consists of L relay nodes
• The responder reconstructs M upon receiving m
  segments
• Thus, tolerate up to k(1 - (1/r)) path failures,
  where r n/m

9
Message segment allocation in SimEra

• Provide 3 observations
• A guideline for choosing k and replication factor
  r in erasure coding upon different node
  availabilities in order to maximize routing
  resilience

10
Evaluation

• P2PSim 3.0 developed by MIT
• Node membership management by OneHop, a
  hierarchical gossip protocol
• Compare SimEra and CurMix (current mix-based
  protocols)
• Measure path construction success rate and
  routing resilience under churn

11
Validation of 3 observations in SimEra
Different ks have different impact on SimEra
(success of routing) under different node
availabilities of 0.70, 0.86, and 0.95
12
Performance comparisons
Protocols Durability (Sec) Path construction attempts Latency (ms) Bandwidth (KB)
CurMix 700 8.4 374 4
SimEra(k2, r2) 1140 2.8 270 6.2
SimEra(k4, r4) 1377 2.4 406 8.8

• Node churn follows a Pareto distribution
• Message size is 1KB
• SimEra improves both path construction and
  routing resilience, at the cost of
• moderate bandwidth overhead

13
Performance of SimEra under different churn rates
Lifetime (minutes) 20 30 60 80 120
Durability (Sec) 987 1101 1377 2448 2549
Path construction attempts 27.4 10 2.4 1.4 1
Latency (ms) 270 371 406 365 288
Bandwidth (KB) 7.4 8.2 8.8 9.2 10.4

1. Lower (median) node lifetimes mean higher churn,
   modeled as a Pareto distribution
2. K4, r4

14
Performance of SimEra under different node churn
distributions
Distribution Pareto Uniform Exponential
Durability (Sec) 1377 284 1271
Path construction attempts 2.4 2.2 3.4
Latency (ms) 406 370 415
Bandwidth (KB) 8.8 8.4 7.8

• k4, r4

15
Conclusion

• P2P anonymous routing resilience can be achieved
  by message redundancy based on erasure coding and
  path redundancy
• Strike a balance between resilience and bandwidth
  cost by choosing different ks and rs

16
Future work

• Explore weighted message segment allocations over
  k paths
• Choose stable nodes as mix in each single path,
  prolonging single path durability
• Compare with existing work such as TAP and
  Cashmere

17
QA

• ?