Understanding When Location-Hiding Using Overlay Networks is Feasible

Ju Wang and Andrew Chien
CS2004-0788
May 9, 2004

Overlay networks (proxy networks) have been used as a communication infrastructure to allow applications to communicate with users without revealing their IP addresses. Such proxy networks are used to enhance application security; including protecting applications from direct attacks and infrastructure Denial-of-Service attacks. However, the conditions under which such approaches can hide application location are not well understood. To shed light on this question, we develop a formal framework for proxy network approach to location-hiding which encompasses most of the proposed approaches. This framework is used to analyze the effectiveness of location-hiding: characterizing how attacks, defenses, and correlated host vulnerabilities affect feasibility. We find that existing approaches employing static structure (e.g. SOS and I3) cannot hide application location because attackers gain information monotonically and in a short period of time penetrate the proxy network. However, we find that adding defenses such as network reconfiguration or migration, which invalidate the information attackers have, makes location-hiding feasible for resisting penetration attacks. We also characterize when proxy networks are effective and stable in location-hiding. In these systems, proxy network depth and reconfiguration rates are critical factors for effectiveness. These results provide both deeper understanding of the location-hiding problem and guidelines for proxy network design.


How to view this document


The authors of these documents have submitted their reports to this technical report series for the purpose of non-commercial dissemination of scientific work. The reports are copyrighted by the authors, and their existence in electronic format does not imply that the authors have relinquished any rights. You may copy a report for scholarly, non-commercial purposes, such as research or instruction, provided that you agree to respect the author's copyright. For information concerning the use of this document for other than research or instructional purposes, contact the authors. Other information concerning this technical report series can be obtained from the Computer Science and Engineering Department at the University of California at San Diego, techreports@cs.ucsd.edu.


[ Search ]


NCSTRL
This server operates at UCSD Computer Science and Engineering.
Send email to webmaster@cs.ucsd.edu