Design and Implementation of Secure Trusted Overlay Networks (thesis)

Report ID: TR-865-09

---

Author: Jacob, Matthias

---

Date: 2009-08-00

---

Pages: 136

---

Download Formats: |PDF|

---

Abstract:

Denial-of-service attacks, malicious routing updates, and online identity theft are clearly on the rise on the Internet, costing the US industry billions of dollars. In reaction, there is a large effort to design new technologies such as Trusted Computing that solve many of these problems efficiently. However, state-of-the-art systems for anonymous communication have various weaknesses against traffic analysis and are often designed for one specific purpose. So far, Trusted Computing has not been considered for improving the efficiency of Internet anonymity and privacy and building a general-purpose architecture to solve the problem.

In this thesis we describe the design and implementation of Secure Trusted Overlay Networks (STONe). STONe is the first system for general-purpose anonymous communication that is entirely based on Trusted Computing. STONe significantly improves anonymous communication on the Internet and makes three main contributions. First, STONe uses Trusted Computing to protect against Byzantine Failures on the network stack to provide an overlay network for scalable, efficient secure routing, and end-to-end communication. This prevents many active denial-of-service attacks on an anonymity network and provides a foundation for more robust protection against traffic analysis. Second, STONe is the first system to provide anonymous routing through load-balancing by random routing previously used for local cluster networks. This turns out to better protect against most existing traffic analysis attacks. Such attacks have yet been difficult to come by, namely the Predecessor Attack and the Intersection Attack. Third, on the application-level, STONe provides application-level anonymity through trusted anonymous sockets and a trusted name service, an inexpensive trusted certification mechanism with one-way per-session authentication. We implemented and evaluated a prototype of STONe on PlanetLab and show that it significantly outperforms state-of-the-art systems for anonymous communication at the expense of additional Trusted Computing hardware.