Organizational networks are vulnerable to traffic-analysis attacks that enable adversaries to infer sensitive information from the network traffic - even if encryption is used. Typical anonymous communication networks are tailored to the Internet and are poorly suited for organizational networks. We present PriFi, an anonymous communication protocol for LANs, which protects users against eavesdroppers and provides high-performance traffic-analysis resistance. PriFi builds on Dining Cryptographers networks but reduces the high communication latency of prior work via a new client/relay/server architecture, in which a client's packets remain on their usual network path without additional hops, and in which a set of remote servers assist the anonymization process without adding latency. PriFi also solves the challenge of equivocation attacks, which are not addressed by related works, by encrypting the traffic based on the communication history. Our evaluation shows that PriFi introduces a small latency overhead (~100ms for 100 clients) and is compatible with delay-sensitive applications such as VoIP.
翻译:组织网络容易受到交通分析攻击,这种攻击使对手能够从网络交通中推断出敏感信息 -- -- 即使使用加密手段。典型的匿名通信网络是专门为互联网设计的,不适合组织网络。我们为局域网提供了匿名通信协议PriFi,它保护用户不受窃听者,并提供高性能的交通分析阻力。PriFi以Dining加密器网络为基础,但减少了以前通过新的客户/中继/服务器结构进行工作的高通信耐久性。在这种结构中,客户的包留在通常的网络路径上,没有额外的跳动,而且有一套远程服务器协助匿名进程,而不增加静默化。PriFi也通过根据通信历史加密流量,解决了相关工作无法解决的静默攻击的挑战。我们的评估表明,PriFi在通信中引入了少量的固定管理费(100个客户~100米),并且与像VoIP这样的延迟敏感应用兼容。
相关内容
微信扫码咨询专知VIP会员