Autonomous systems (AS) are key building blocks of the Internet's routing infrastructure. Surveillance of AS may allow large-scale monitoring of Internet users. Those who aim to protect the privacy of their online communications may turn to anonymity systems like Tor, but Tor is not designed to protect against such AS-level adversaries. AS-level adversaries present unique challenges for the design of robust anonymity systems and present a very different threat model from the ones used to design and study systems like Tor. Thus, new research is needed to understand this threat and to defend against it.
This project is investigating the design of anonymity systems that are resilient against AS-level adversaries. First, the project aims to quantify the capabilities of AS-level adversaries, who are powerful eavesdroppers and also capable of active attacks, but also have some limitations in practice. Second, the project is designing new route-selection strategies for anonymity systems that can limit how much of the anonymized traffic the AS-level adversary can observe and attack. Finally, the project is investigating how anonymity systems can hinder an AS-level adversaries' ability to analyze encrypted traffic by injecting spurious cover traffic and timing delays. The findings and new anonymity system designs from this research will impact the privacy of a broad class of users in the context of forms of large-scale monitoring of online communications.
