A Systematic Review of Anonymous Communication Systems Ramzi A. Haraty1, Maram Assi1 and Imad Rahal2 1Department of Computer Science and Mathematics, Lebanese American University, Beirut, Lebanon 2Department of Computer Science, College of Saint Benedict & Saint John’s University, Collegeville, MN, U.S.A. Keywords: Anonymous Systems, Crowds, FreeNet, NetCamo, Mixmaster, Tarzan, TOR. Abstract: Privacy and anonymity are important concepts in the field of communication. Internet users seek to adopt protective measures to ensure the privacy and security of the data transmitted over the network. Encryption is one technique to secure critical information and protect its confidentiality. Although there exist many encryption algorithms, hiding the identity of the sender can only be achieved through an anonymous network. Different classifications of anonymous networks exist. Latency level and system model architecture are two essential criteria. In this paper, we present a description of a set of anonymous systems including NetCamo, TOR, I2P and many others. We will show how these systems work and contrast the advantages and disadvantages of each one of them. 1 INTRODUCTION (Mittal 2012). Hiding the user-server relationship is another crucial goal behind any communication. For Due to the increasing use of the Internet and the example, let us consider a client that wishes to emergence of wireless technologies, the value of communicate with a web server. This client might security and privacy is becoming more significant. prefer to stay anonymous. One of the protective New online activities have arisen during the last measures that help hiding the identity of users decade with the advancement of the electronic communicating through the internet is anonymous communication. People can now shop online, send network. These networks allow users to surf the and receive emails, pay their mobile bills, and make Web without leaving any tracking information. diverse banking operations. These types of In (Chaum 1981), Chaum presented almost the electronic activities produced new challenges. Two first architecture allowing the transmission of main goals the sender of information over the untraceable email. The main idea behind the network seeks to ensure: the privacy and the security proposed architecture is to allow communicating of the communicated information. Confidentiality peers to transmit data through cascade proxies and protection of the data can be achieved through known as Onion Routers. Anonymity is achieved by encryption mechanisms. Encryption in general is the use of public key cryptography. Most other capable of hiding the content of the information in proposed anonymous systems nowadays are based the network. Moreover, in some cases, the sender on Chaum’s scheme. While the main goal behind might wish to hide his/her identity. This objective anonymous system is to protect the identity of the can be achieved through the use of anonymous sender or the receiver, several other motivations systems. exist. Some common ones include freedom of Traffic analysis is the art of examining and speech, censorships and personal privacy in order to intercepting messages transmitted over the network prevent data mining and tracking. Anonymous to infer information, thus it violates user privacy. systems can be classified into two main types: high Several technologies exist to ensure data integrity latency and low latency. In the former category of and the security of the transmitted information that networks, the transmitted message takes several might be very critical in certain cases. Anonymous hours or even several days to reach the desired communication protects the identities of the sender destination. Quick response is not required for such and the receiver from third parties and keeps the application including email systems for example identity of the user hidden from remote parties (Wiangsripanawan, 2007). For interactive and real- time applications like instant messaging, a low 211 Haraty, R., Assi, M. and Rahal, I. A Systematic Review of Anonymous Communication Systems. DOI: 10.5220/0006216802110220 In Proceedings of the 19th International Conference on Enterprise Information Systems (ICEIS 2017) - Volume 2, pages 211-220 ISBN: 978-989-758-248-6 Copyright © 2017 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved ICEIS 2017 - 19th International Conference on Enterprise Information Systems latency communication network is required because occur at any of these locations or even public of the timing constraint. TOR and I2P are two networks whereby a malicious attacker can sniff examples of low latency anonymous systems that packets being transmitted and received by a will be discussed in the next section (Zantout, particular user or a number of users, and then apply 2011)(Haraty, 2014). From an architecture point of traffic analysis techniques. One has to note here that view, anonymous systems can be divided into two preventing traffic analysis at the end-to-end level is categories client-server communication system and realistically impossible if infrastructure network peer-to-peer based anonymous network. In fact, in security measurements are not implemented on the the client-server model, only few nodes are selected infrastructure level. to provide anonymity to the rest of the users. One 2. Trust is in “Cathy” disadvantage of this architecture is that the number In any security model example or illustration, of server nodes is small, and an attacker can easily authors tend to use Bob and Alice as two entities track the traffic. The P2P architecture overcomes wishing to receive and send information from/to this challenge. The main idea behind this model is each other with a trusted entity called Cathy, and a that there is no distinction between a server and a malicious attacker called Eve. The aim of any traffic user (Zhang, 2011). In these systems, it is hard to analysis avoidance algorithm considers Eve as an distinguish the sender and the receiver nodes. As a eavesdropper that will only sniff information. matter of fact, all nodes in the network are Hence, the algorithm designed by security personnel considered universal receivers and universal senders tries as much as possible to circumvent traffic being making it difficult to detect whether a specific node passed to Alice and Bob through many and different is transmitting or receiving data. routes while camouflaging and encrypting data in This paper investigates the network anonymous order not to allow Eve to sniff this information. systems that seek to protect the identity of the sender What is somewhat confusing is that sometimes one of information transmitted over the Internet and that only considers Eve to be on one of the routes that provide secrecy. Each upcoming section describes information is being sent to and from Alice and Bob, how a specific system works to achieve anonymity. and that Eve is only capable of sniffing abilities and A contrast of the advantages and disadvantages of not injecting information or even tampering with the each technology is illustrated later. Finally, the last data being sent through a route or different routes. section summarizes the major ideas discussed in this Moreover, in any security model, the adoption of paper. a trusted entity, Cathy, is a must to verify the identity of senders and receivers and later to validate the data being transmitted and received from parties 2 BACKROUND involved. Cathy happens to be a fixed host that is susceptible to attacks by Eve also, and any Throughout the research that was conducted during compromise done to Cathy renders the whole the preparation of this paper, a number of security model useless sometimes. As a simple observations where noted for the design and example, if Eve is capable of injecting information implementation of the new methodology. They are onto a stream whereby Cathy has been compromised as follows: by Eve, the receiving entity will try to validate this 1. No Real End-to-End Traffic Analysis information against Eve and not the trusted entity Prevention Assurance: Cathy. Data integrity is a vital part of any security Although many of the previously mentioned system and having a single point of failure is ultimately a drawback in any security model. In an implementations claimed avoiding traffic analysis, ever growing world of communication and the possibility for this to occur is extremely high and unavoidable in unmanaged Local Area Networks networks, one has to consider alternatives to basic security models and concepts. Decentralization of (LAN). Securing LAN environments could be a costly, trusted entities needs to be seriously considered in and sometimes an overkill (cost wise), for anonymous systems hence the reason why I2P was invented. organizations of different sizes. Using any of the implementations in unsecured LAN environments 3. Questionable Host Reliability and Security such as computer labs, work environments, or Almost every traffic analysis avoidance design and wireless networks is somehow a hassle and rarely implementation relies on hosts that belong to users found. Therefore man-in-the-middle attacks can for creating different routes and therefore passing 212 A Systematic Review of Anonymous Communication Systems data through different hops on the network or the more anonymity to the transmission of traffic and Internet. also hiding the identity of the sender. However this What some of the implementations lack, is also adds more latency and