Change search
ReferencesLink to record
Permanent link

Direct link
Mitigating Denial of Service Attacks using Anonymity Networks: Relationship Anonymity-Communication Overhead Trade-off
KTH, School of Electrical Engineering (EES), Communication Networks.
KTH, School of Electrical Engineering (EES), Communication Networks.ORCID iD: 0000-0002-4876-0223
KTH, School of Electrical Engineering (EES), Communication Networks.ORCID iD: 0000-0002-3704-1338
(English)Manuscript (preprint) (Other academic)
Abstract [en]

Denial-of-service attacks are a significant threat to mission critical communication infrastructures, e.g., to industrial control systems. They are relatively easy to perpetrate, as an attacker that has access to communication links or equipment could observe the source and destination addresses for every message, and can identify and discard the messages exchanged between particular communication participants. Mix networks and anonymity networks could render these attacks more difficult by providing anonymous communication via relaying. Nevertheless, relaying introduces overhead and increases the end-to-end message delivery delay, which in practice must often be low. Hence, an important question is how to optimize anonymity for limited overhead and delay. In this paper we address this question by studying two anonymity networks: MCrowds, an extension of Crowds, which provides unbounded communication delay and Minstrels, which provides bounded communication delay. We derive exact and approximate analytical expressions for the relationship anonymity for these systems. Using MCrowds and Minstrels we show that, contrary to intuition, increased overhead does not always improve anonymity. We investigate the impact of the system's parameters on anonymity and on the optimal anonymity network parameters, and the sensitivity of anonymity to the misestimation of the number of attackers.

National Category
Communication Systems Computer Systems
Research subject
Electrical Engineering
URN: urn:nbn:se:kth:diva-145336OAI: diva2:717745

QC 201040708

Available from: 2014-05-16 Created: 2014-05-16 Last updated: 2014-07-08Bibliographically approved

Open Access in DiVA

fulltext(571 kB)31 downloads
File information
File name FULLTEXT01.pdfFile size 571 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Vuković, OgnjenDán, GyörgyKarlsson, Gunnar
By organisation
Communication Networks
Communication SystemsComputer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 31 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 56 hits
ReferencesLink to record
Permanent link

Direct link