- Mitigating Client Enumeration
- In general, users will fall victim to full path compromise the more they use the system. In other words, the adversary observes at least one message from every single user eventually.
- Mitigate this by adopting the Guard Design from Tor. But, placing guard in the middle layer, unlike Tor (that uses the first layer)
- Accommodating Network Churn
- Putting the most stable mix nodes into the guard layer is important
- Good performance & Low cost
- By modelling the placement of mix nodes into a Bin-packing problem, improve the network performance by constrainting that the total bandwidth of each layer is approximately equal. It’s important because the bottleneck comes from a layer with the minimum bandwidth.
-
Mixnet Initialization
- Notations
- $P_{bw}$: The sum of the bandwidth of all nodes in the candidate pool
- $hP_{bw}$: The total bandwidth of the active pool sampled by the sampling function $h$
- $\frac{h}{l}P_{bw}$: The total bandwidth of each layer in a $l$-layer Mixnet
- Epoch $i$: We discretize time into periodic epochs, where the network can be reconfigured and clients updated with the latest topology.
- Initialize the Guard Layer
- Sample a total of $\frac{h}{l}P_{bw}$ nodes weighted by bandwidth from the candidate pool
- Initialize the Guard Set $G$
- Have 3 sets to minimize client exposure by remembering which nodes were used as guard, even if they go offline for a period. That is, clients can revert to a previously used but offline guard whenever it appears online again.
- Active Guard $AG$: All nodes in the initialized guard layer
- Backup Guard $BG$: Sampled an additional tolerance fraction $\tau$ from the candidate pool
- Down Guard $DG$: Empty at this stage
- Have 3 sets to minimize client exposure by remembering which nodes were used as guard, even if they go offline for a period. That is, clients can revert to a previously used but offline guard whenever it appears online again.
- Initialize non-Guard Layers
- Sample a total of $\frac{(l-1)h}{l}P_{bw}$ nodes from the candidate pool, and place them using 1-D bin-packing approach with the constraint that each layer has a similar amount of bandwidth, which packs all items into a minimum number of bins while the total size of any bin is not larger than the given capacity $c$.
- Here, the capacity $c$ is set to be slightly larger than $\frac{h}{l}P_{bw}$ because it’s difficult to aggregate several indivisible entities to a precise cumulated bandwidth value.
- Sample a total of $\frac{(l-1)h}{l}P_{bw}$ nodes from the candidate pool, and place them using 1-D bin-packing approach with the constraint that each layer has a similar amount of bandwidth, which packs all items into a minimum number of bins while the total size of any bin is not larger than the given capacity $c$.
- Notations
-
Mixnet Maintenance (by CS)
- Guard Set Maintenance
- Offline nodes within $AG$ and $BG$ are moved to $DG$.
- If $bandwidth(AG \cup BG) > T_{high}$, nodes in $BG$ that have never been selected into the guard layer are dropped according to the ascending order of bandwidth $\times$ stability.
- If $bandwidth(AG \cup BG) < T_{low}$, add nodes to $BG$ by sampling nodes from the remaining candidate pool by bandwidth $\times$ stability.
- Guard Layer Maintenance
- New $AG$ is generated by inheriting online guards from the old $AG$ and guards back online from the previous epoch’s $DG$ set.
- To minimize the number of guards users are exposed to, the CS records the number of epochs of active operation as $t_{AG}$ for all mix nodes in $G$, and selects the most stable ones based on their WMTBF values.
- If $AG$ still doesn’t meet the minimum bandwidth threshold, the CS samples some nodes from $BG$ by bandwidth $\times$ stability.
- In the end, all nodes in $AG$ are placed into the guard layer.
- Non-guard Layers Maintenance
- Offline nodes are remove from the active pool. Some nodes are sampled from the candidate pool to make up for offline nodes removed.
- Non-guard layers are refreshed through the same procedure as initialization.
- Stability Tracking: Weighted Mean Time Between Failure (WMTBF) as used by Tor
- Guard Set Maintenance
-
Mixnet Routing
- Client-side guard logic
- Client samples guards proportional to their bandwidth and adds these to their guard list. To limit its growth and reduce the user’s exposure to malicious guards, the client only adds a new guard if all existing guards in the list are offline.
- The client tries to reuse guards from oldest to the most recent.
- Path selection
- Client selects nodes from non-guard layers weighted by bandwidth for better performance and security than the random selection.
- Client-side guard logic
- The simplest way to determine the bandwidths of the nodes would be for the nodes to advertise their bandwidth, but in such case, adversarial nodes could advertise false information.
- There exists previously proposed bandwidth measurement systems but it’s out of the scope for this paper.