TARANET: Traffic-Analysis Resistant Anonymity at the NETwork layer

TL;DR

TARANET is a network-layer anonymity system designed to resist traffic analysis while maintaining low latency and high throughput, suitable for interactive applications.

Contribution

It introduces a novel combination of mixing and traffic shaping techniques to provide traffic analysis resistance at the network layer with practical performance.

Findings

Supports over 50 Gbps throughput on commodity hardware

Effectively thwarts traffic analysis during setup and data transmission phases

Maintains low latency suitable for interactive applications

Abstract

Modern low-latency anonymity systems, no matter whether constructed as an overlay or implemented at the network layer, offer limited security guarantees against traffic analysis. On the other hand, high-latency anonymity systems offer strong security guarantees at the cost of computational overhead and long delays, which are excessive for interactive applications. We propose TARANET, an anonymity system that implements protection against traffic analysis at the network layer, and limits the incurred latency and overhead. In TARANET's setup phase, traffic analysis is thwarted by mixing. In the data transmission phase, end hosts and ASes coordinate to shape traffic into constant-rate transmission using packet splitting. Our prototype implementation shows that TARANET can forward anonymous traffic at over 50~Gbps using commodity hardware.