PriFi: Low-Latency Anonymity for Organizational Networks

TL;DR

PriFi is a low-latency anonymous communication protocol designed for organizational LANs, providing strong traffic analysis resistance with minimal latency overhead and compatibility with delay-sensitive applications.

Contribution

PriFi introduces a novel architecture that reduces latency in LAN anonymity networks and addresses equivocation attacks, improving upon prior Dining Cryptographers-based solutions.

Findings

Achieves approximately 100ms latency overhead for 100 clients

Compatible with delay-sensitive applications like VoIP

Provides strong traffic analysis resistance in organizational networks

Abstract

Organizational networks are vulnerable to traffic-analysis attacks that enable adversaries to infer sensitive information from the network traffic - even if encryption is used. Typical anonymous communication networks are tailored to the Internet and are poorly suited for organizational networks. We present PriFi, an anonymous communication protocol for LANs, which protects users against eavesdroppers and provides high-performance traffic-analysis resistance. PriFi builds on Dining Cryptographers networks but reduces the high communication latency of prior work via a new client/relay/server architecture, in which a client's packets remain on their usual network path without additional hops, and in which a set of remote servers assist the anonymization process without adding latency. PriFi also solves the challenge of equivocation attacks, which are not addressed by related works, by encrypting the traffic based on the communication history. Our evaluation shows that PriFi introduces a small latency overhead (~100ms for 100 clients) and is compatible with delay-sensitive applications such as VoIP.