Evaluation of the model based on PIR

The implementation and deployment of our proposal inR for the evaluation of the PIR model is de-veloped in Python language. More specifically, we base our implementation on the modulednspython [105] for the construction and resolution of DNS queries; and the moduleM2Crypto[132] (a wrapper for the OpenSSL library [143]) for the verification of digital signatures defined by DNSSEC.

We measured in our evaluations the time required for resolving queries fromRtoGwith different testbeds, where the size of the query range of each testbed increments from thirty to more than one hundred. Each testbed consists indeed on the generation of three sets of random queries, one for each Si ∈ G. Each testbed is launched multiple times towards cumulative series of NAPTR queries. Each

0 0.5 1 1.5 2 2.5 3 3.5

30 40 50 60 70 80 90 100

Resolution Time (s)

Range Size

UDP-DNS UDP-DNSSEC

(a)UDP tests

2 4 6 8 10 12 14 16 18 20

30 40 50 60 70 80 90 100

Resolution Time (s)

Range Size

TCP-DNS TCP-DNSSEC

(b)TCP tests

Figure 4.2:Experimental results of the evaluation of the PIR model

series is created at random during the execution of the first testbed, but persistently stored. It is then loaded into the rest of testbeds to allow comparison of results. We split our whole evaluation in four different stages. During the first two stages, the transport layer utilised between R andGis based on the TCP protocol. First stage is used for the resolution of DNS queries, while stage two is used to resolve DNSSEC queries. Similarly, stage three and four are based on UDP traffic for the resolution of, respectively, DNS and DNSSEC queries. During these two last experiments based on DNSSEC,Rverifies the integrity and the authenticity of the queries received from the different servers inG. The verification procedures have been implemented as defined in DNSSEC RFCs (cf.Chapter2, Section2.2.1). We show in Figure4.2the results that we obtained during the execution of these four experiments.

We can appreciate by looking at Figure 4.2that the latency increases linearly with the size of the range of queries. TCP-based experiments show worst performance than UDP-based queries — due to

the overhead imposed by the establishment of sessions. UDP protocol is clearly the best choice for the deployment of our proposal. Given an acceptable latency of no more than two seconds, UDP results show that the probability of guessing the true query isP_i = _3·80¹ = ₂₄₀¹ '0.004167. We consider this result as satisfactory. In general terms, we should expect that the certainty for obtaining a queryiwithin a range of sizenandmdifferent servers isPi=_n·m¹ .

Besides the difficulties imposed by our model for predicting the original petition, we are conscious of the high bandwidth increase that it represents. This is an important drawback in scenarios where the bandwidth consumption is a critical factor. However, if this is the case, it is possible to reduce the size of the range of queries. Since there is a clear relation between both parameters,i.e., the bandwidth consumption is inversely proportional to the prediction probability, we believe that a proper balance between bandwidth consumption and prediction probability can be enough to enhance the privacy of the service. Let us recall that reducing the size of each range of queries to a fifty per cent, the prediction probability for the attacker is proportionally increased by two. On the other hand, let us observe how the penalty in the response times introduced by DNSSEC is not specially significant, solving the integrity and authenticity problems that appeared in the other approaches. This is the reason why we consider the activation of DNSSEC as a decisive factor for avoiding manipulation network traffic attacks.

4.7 Conclusion

The use of the DNS as the underlying technology of new lookup services, such the ENUM protocol, might have unwanted consequences from the point of view of security and privacy. We have analysed two proposal that could mitigate the privacy problems aforementioned: the use of the Tor infrastructure, and the use of range of queries.

On the one hand, we have analysed the network latency of Tor performing NAPTR DNS queries, as well as the degree of anonymity. Taking into account the security model of Tor, we consider the results obtained as very satisfactory. In addition, and in order to guarantee the integrity and authenticity of the received responses, we have also analysed the implication of combining the anonymity offered by Tor together with the use of DNSSEC. The results obtained are also satisfactory with a minimum penalty.

On the other hand, we have implemented an approach inspired on a PIR model. The goal of our model is to reduce privacy threats at both channel and server level. The proposal is indeed inspired on two previous works surveyed by Zhaoet al.Security deficiencies detected in both contributions have been addressed. Again, the combination of our model with the use of DNSSEC has had a minimal impact. The main drawback of this contribution is still a high increase on the bandwidth consumption of the service.

Formal modelling of Tor node selection 5

criteria

“

”

ALBERTEINSTEIN

As we have introduced previously, Tor allows the construction of anonymous channels with latency enough to route traffic for services like the DNS. However, it might still impact its network performance and degree of anonymity depending on the specific strategy used for the establishment of the channel.

In this chapter, we address the influence of circuit construction strategies on the anonymity degree of Tor.

In particular, we introduce a formal model providing a definition of the selection of Tor nodes process, of the adversary model targeting the communication anonymity of Tor users, and an analytical expression to compute the anonymity degree of the Tor infrastructure based on the circuit construction criteria.

This formal model becomes an useful tool as a way to compare different node selection algorithms from the standpoint of the degree of anonymity. In conjunction with network latency measurements, it can allow a user to choose a particular selection algorithm depending on its needs and regarding the trade-off between degree of anonymity and network performance. We also show how this formal model can allow to infer other underlying properties of the algorithms.

51

5.1 Formal model

In this section, we introduce our formal model composed by four related topics: the Tor circuit, the adversary model,the degree of anonymity, andthe selection criteria. Following, we introduce the notation and core definitions for each one of them.