Progressive Pruning: Analyzing the Impact of Intersection Attacks

TL;DR

We address the vulnerability of stream-based anonymous communication to intersection attacks by introducing progressive pruning, a method to quantify sender anonymity over time via the metric $A(s) = |\

Abstract

Stream-based communication dominates today's Internet, posing unique challenges for anonymous communication networks (ACNs). Traditionally designed for independent messages, ACNs struggle to account for the inherent vulnerabilities of streams, such as susceptibility to intersection attacks. In this work, we address this gap and introduce progressive pruning, a novel methodology for quantifying the susceptibility to intersection attacks. Progressive pruning quantifies and monitors anonymity sets over time, providing an assessment of an adversary's success in correlating senders and receivers. We leverage this methodology to analyze synthetic scenarios and large-scale simulations of the Tor network using our newly developed TorFS simulator. Our findings reveal that anonymity is significantly influenced by stream length, user population, and stream distribution across the network. These insights highlight critical design challenges for future ACNs seeking to safeguard stream-based communication against traffic analysis attacks.

Figures (5)

• Figure 1: For some user (yellow), an attacker aims to identify the communication partner (red or blue) using traffic analysis.
• Figure 2: Progressive Pruning: For each sender message (yellow), potential receiver messages are identified based on the network delay bounds $D_{min}$ and $D_{max}$. Receivers of messages within this window (red, blue) are considered as candidates. The stream's anonymity set is determined by intersecting these message anonymity sets over time.
• Figure 3: Influence of different stream properties on the anonymity set size.
• Figure 4: Anonymity sets.
• Figure 5: Anonymity sets by stream length (percentiles).