Research Article
GuardedGossip: Secure and Anonymous Node Discovery in Untrustworthy Networks
@INPROCEEDINGS{10.1007/978-3-030-90019-9_7, author={Andriy Panchenko and Asya Mitseva and Torsten Ziemann and Till Hering}, title={GuardedGossip: Secure and Anonymous Node Discovery in Untrustworthy Networks}, proceedings={Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6--9, 2021, Proceedings, Part I}, proceedings_a={SECURECOMM}, year={2021}, month={11}, keywords={Node lookup DHT Tor Onion routing Anonymity}, doi={10.1007/978-3-030-90019-9_7} }
- Andriy Panchenko
Asya Mitseva
Torsten Ziemann
Till Hering
Year: 2021
GuardedGossip: Secure and Anonymous Node Discovery in Untrustworthy Networks
SECURECOMM
Springer
DOI: 10.1007/978-3-030-90019-9_7
Abstract
Node discovery is a fundamental service for any overlay network. It is a particular challenge to provide unbiased discovery in untrustworthy environments, e.g., anonymization networks. Although a major line of research focused on solving this problem, proposed methods have been shown to be vulnerable either to active attacks or to leak routing information, both threatening the anonymity of users. In response, we propose GuardedGossip—a novel gossip-based node discovery protocol—that achieves an unbiased random node discovery in a fully-decentralized and highly-scalable fashion. It is built on top of a Chord distributed hash table (DHT) and relies on witness nodes and bound checks to resist active attacks. To limit routing information leakages, GuardedGossip uses gossiping to create uncertainty in the process of node discovery. By incorporating the principles of DHTs with the unstructured nature of gossiping in a subtle way, we profit from the strengths of both techniques while carefully mitigating their shortcomings. We show that GuardedGossip provides a sufficient level of security for users even if 20% of the participating nodes are malicious. Concurrently, our system scales gracefully and provides an adequate overhead for its security and privacy benefits.