Low -latency anonymity systems: Statistical attacks and new applications
In this dissertation, we study low-latency anonymity protocols and systems. Such systems enable anonymous communication where latency is not tolerated well, such as browsing the web, but also introduce new vulnerabilities not present in systems that hide timing information. We examine one such vulnerability, the profiling attack, as well as possible defenses to such an attack. We also examine the feasibility of using low-latency anonymity techniques to support a new application, Voice over IP (VoIP). First, we show that profiling attacks on low-latency anonymity systems are feasible. The attack we study is based upon pre-constructing profiles of communication and identifying the sender of encrypted, anonymized traffic on the basis of these profiles. Second, we present results from a large-scale measurement study and the application of this attack to the measured data. These results indicate that profiling is practical across sets of thousands of possible initiators and that such profiles remain valid for weeks at a time. Third, we evaluate defenses against the profiling attack and their effects upon system performance. We then demonstrate the feasibility of supporting anonymous VoIP; specifically, we show supporting measurement data and outline the changes current anonymity systems would require to carry such traffic. We also show how such systems are potentially more vulnerable to known attacks and start to examine the tradeoffs between VoIP performance and anonymity inherent in such systems.