Rendezvous Tunnel for Anonymous Publishing: Clean Slate and Tor Based Designs

  • Ofer Hermoni
  • Niv Gilboa
  • Eyal Felstaine
  • Yuval Elovici
  • Shlomi Dolev
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6976)


Anonymous communication, and in particular anonymous Peer-to-Peer (P2P) file sharing systems, have received considerable attention in recent years. In a P2P file sharing system, there are three types of participants: publishers that insert content into the system, servers that store content, and readers that retrieve content from the servers. Existing anonymous P2P file sharing systems confer partial anonymity. They provide anonymity to participant pairs, such as servers and readers or publishers and readers, but they do not consider the anonymity of all three types of participants.

In this work we propose two solutions for anonymous P2P file sharing systems. Both of our solutions provide anonymity to all three types of participants. The proposed solutions are based on indexing by global hash functions (rather than an index server), dispersal of information, and three anonymity tunnels. Each anonymity tunnel is designed to protect the anonymity of a different user (publisher, server, or reader). In both solutions the reader and publisher tunnels are sender anonymity tunnels. In the first solution the third tunnel is a rendezvous tunnel, constructed by means of a random walk and terminating at the server. In the second solution, which is based on Tor, the third tunnel is built using Tor’s hidden services.

The first solution preserves anonymity in the presence of a semi-honest adversary that controls a limited number of nodes in the system. The second solution is based on Tor primitives, coping with the same adversary as that assumed in Tor. The second solution enhances Tor, ensuring publisher, server, and reader anonymity.


Distribute Hash Table Query Message Sharing Network Index Server Entrance Node 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Beimel, A., Dolev, S.: Buses for anonymous message delivery. Journal of Cryptology 16(1), 25–39 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Berthold, O., Federrath, H., Köpsell, S.: Web-MIXes: A System for Anonymous and Unobservable Internet Access. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 115–129. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Boneh, D.: The decision diffie-hellman problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. 4.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4(2) (February 1981)Google Scholar
  5. 5.
    Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untranceability. Communication of the ACM 24(2) (1988)Google Scholar
  6. 6.
    Clarke, I., Sandberg, O., Wiley, B., Hong, T.: Freenet: A distributed anonymous information storage and retrieval system. In: Federrath, H. (ed.) Anonymity. LNCS, vol. 2009, pp. 46–66. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Dingledine, R., Freedman, M.J., Molnar, D.: The free haven project: Distributed anonymous storage service. In: Federrath, H. (ed.) Anonymity. LNCS, vol. 2009, pp. 67–95. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)Google Scholar
  9. 9.
    Dolev, S., Ostrovsky, R.: Xor-trees for efficient anonymous multicast and reception. ACM Transactions on Information and System Security 3(2), 63–84 (2000)CrossRefGoogle Scholar
  10. 10.
    Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, New York (2000)zbMATHGoogle Scholar
  11. 11.
    Goldreich, O.: Foundations of Cryptography: Volume 2, Basic Applications. Cambridge University Press, New York (2004) [9]; O. GoldreichGoogle Scholar
  12. 12.
    Hermoni, O., Gilboa, N., Felstaine, E., Elovici, Y., Dolev, S.: Rendezvous Tunnel for Anonymous Publishing: Clean Slate and TOR Based Designs. TR 11-09 Department of Computer Science, Ben Gurion University of the Negev, Israel (2011)Google Scholar
  13. 13.
    Hermoni, O., Gilboa, N., Felstaine, E., Elovici, Y., Dolev, S.: Rendezvous Tunnel for Anonymous Publishing. In: CCS 2010, pp. 690–692 (2010)Google Scholar
  14. 14.
    Hermoni, O., Gilboa, N., Felstaine, E., Shitrit, S.: Deniability - an alibi for users in p2p networks. In: COMSWARE, pp. 310–317 (2008)Google Scholar
  15. 15.
    Ling, Z., Luo, J., Yu, W., Fu, X., Xuan, D., Jia, W.: A new cell counter based attack against tor. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), pp. 578–589 (2009)Google Scholar
  16. 16.
    Marc Waldman, A.R., Cranor, L.: Publius: A robust, tamper-evident, censorship-resistant and source-anonymous web publishing system. In: Proceedings of the 9th USENIX Security Symposium, pp. 59-72 (August 2000)Google Scholar
  17. 17.
    Mittal, P., Borisov, N.: ShadowWalker: peer-to-peer anonymous communication using redundant structured topologies. In: Al-Shaer, E., Jha, S., Keromytis, A.D. (eds.) ACM Conference on Computer and Communications Security, pp. 161–172. ACM, New York (2009)Google Scholar
  18. 18.
    Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of Tor. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pp. 183–195. IEEE, Los Alamitos (2005)CrossRefGoogle Scholar
  19. 19.
    Overlier, L., Syverson, P.: Locating Hidden Servers. In: IEEE Symposium on Security and Privacy, pp. 100–114 (2006)Google Scholar
  20. 20.
    Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management, v0.34 (August 2010)Google Scholar
  21. 21.
    Rabin, M.O.: Efficient dispersal of information for security, load balancing, and fault tolerance. J. ACM 36(2), 335–348 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Reiter, M.K., Rubin, A.D.: Crowds: anonymity for Web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)CrossRefGoogle Scholar
  23. 23.
    Serjantov, A.: Anonymizing censorship resistant systems. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, p. 111. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  24. 24.
    Shitrit, S., Felstaine, E., Gilboa, N., Hermoni, O.: Anonymity scheme for interactive p2p services. Journal of Internet Technology 10, 299–312 (2009)Google Scholar
  25. 25.
    Stoica, I., Morris, R., Liben-Nowell, D., Karger, D., Kaashoek, M., Dabek, F., Balakrishnan, H.: Chord: A Acalable Peer-to-Peer Lookup Protocol for Internet Applications. IEEE/ACM Transactions on Networking 11(1), 17–32 (2003)CrossRefGoogle Scholar
  26. 26.
    Syverson, P., Goldsclag, D., Reed, M.: Anonymous connections and onion routing. In: Proceedings of the IEEE 18th Annual Symposium on Security and Privacy, Oakland, California, pp. 44–54 (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Ofer Hermoni
    • 1
  • Niv Gilboa
    • 2
    • 3
  • Eyal Felstaine
    • 1
  • Yuval Elovici
    • 1
    • 3
  • Shlomi Dolev
    • 2
  1. 1.Department of Information Systems EngineeringBen-Gurion University of the NegevIsrael
  2. 2.Department of Computer ScienceBen-Gurion University of the NegevIsrael
  3. 3.Deutsche Telekom LabsBen-Gurion University of the NegevIsrael

Personalised recommendations