# Preventing Attacks on Anonymous Data Collection

**Authors:** Alex Catarineu, Philipp Cla{\ss}en, Konark Modi, and Josep M. Pujol

arXiv: 1812.07927 · 2018-12-20

## TL;DR

This paper introduces a privacy-preserving rate-limiting mechanism for anonymous data collection systems to prevent malicious data injection, leveraging cryptographic primitives and achieving high throughput with low latency.

## Contribution

It proposes a novel rate-limiting approach based on Direct Anonymous Attestation that maintains user anonymity while detecting and dropping malicious messages.

## Key findings

- Achieves up to 125 messages/sec for senders
- Achieves up to 140 messages/sec for collectors
- Latency is bounded at 4 seconds in 95th percentile with Tor

## Abstract

Anonymous data collection systems allow users to contribute the data necessary to build services and applications while preserving their privacy. Anonymity, however, can be abused by malicious agents aiming to subvert or to sabotage the data collection, for instance by injecting fabricated data. In this paper we propose an efficient mechanism to rate-limit an attacker without compromising the privacy and anonymity of the users contributing data. The proposed system builds on top of Direct Anonymous Attestation, a proven cryptographic primitive. We describe how a set of rate-limiting rules can be formalized to define a normative space in which messages sent by an attacker can be linked, and consequently, dropped. We present all components needed to build and deploy such protection on existing data collection systems with little overhead. Empirical evaluation yields performance up to 125 and 140 messages per second for senders and the collector respectively on nominal hardware. Latency of communication is bound to 4 seconds in the 95th percentile when using Tor as network layer.

---
Source: https://tomesphere.com/paper/1812.07927