Binary Coding Based Forwarding

In this scheme, each forwarding OR in the network will generate a random binary vector. The forwarding OR will combine received packets using the binary vector and forward combined packets. Since the coding vectors are generated ran-domly, there may be duplicate packets with the same encoding vectors. Because of these duplicate packets, the exit nodes may not have enough innovative packets for decoding. Decoding probability for binary coding based forwarding in discussed in Section 6.2.2

THEORETICAL ANALYSIS

6.1 Detection Rate

Many of the existing anonymous communication systems suffer from timing analysis attack. In timing attacks, an adversery collects timings information from one part of the network and correlates with the information gathered at another part. To emulate such attacks packet timing information of a flow of interest is matched with the timing information collected at the exit layer ORs. To match the timing information collected mutual information concept is used. mutual information calculated between the input flow and the actual output flow is higher than mutual information calculated between the input flow and all other output flows then we can link the traffic thus detect the communication. Entropy calculated using mutual information is used as an indicator of communication detection. As mentioned, the detection rate should be equal to a random guess which is 1/n and entropy should be equal to log₂n In network coding, any encoded packet cannot linked to a particular original packet. An encoded packet contains a trace from all the original packets.

33

34 Since the root of the multicast tree encodes packets from different OPs, the resultant coded traffic cannot be linked to a particular OP and this combined with random packet forwarding beacuse of which all the ORs receive similar traffic makes it difficult to launch timings attacks.

6.2 Decoding Probability

6.2.1 Packet Based Forwarding

In a link based packet forwarding, the probability that a particular exit node will decode is 1 if gs <= n. Every OR will receive n packets from previous layer, one packet from each OR in the previous layer. The exit layer OR will decode once it receives gs packets belonging to a particular generation. But in the packet based forwarding, the decoding probability might be a value less than 1. On receiving a packet, an intermmediate OR forwards it to a randomly selected next layer OR. The random selection is independent of previous selections for packets belonging to the same or a different generation. Due to random forwarding there is a possibility that an exit OR might not receive gs packets that belong to the same generation.

Theorem 1 The probability that an exit OR will decode a particular generation is given by

N −gs

P

i=0

C_gs+i^N (n − 1)^{N −gs−i}

n^N (6.1)

Proof N is the total number of encoded packets of a generation produced by root OR. Total number of ways N different packets distributed among n exit nodes is given by n^N, which is represented by T . The chances that a particular exit layer OR

will receive at least gs packets of a generation from N is given by F . So

F =

N −gs

X

i=0

C_gs+i^N × (n − 1)^{N −gs−i} ,

and

T = n^N .

The probability that a exit layer OR will decode a generation is given by P = F/T . Therefore

P =

N −gs

P

i=0

C_gs+i^N (n − 1)^{N −gs−i}

n^N .

6.2.2 Binary Coding Based Forwarding

An exit OR has to receive gs linearly independent packets of a generation to start decoding. Since the linear cofficients are choosen from GF(2) field the total number of linear combinations of gs original packets is given by 2^gs. An encoded packet is termed dependent if the encoding vector in that packet is a linear com-bination of already received linearly independent encoding vectors. In other words when an encoding vector in a packet can be formed by linear combination of encoding vectors previous received then the packet does not bring any new information or is not innovative thus does not contribute to decoding the generation.

Every exit OR receives n packets for a generation. For successfull decoding an exit OR should recive gs independent encoding vectors or should not receive more than n − gs dependent packets. So the threshold on number of dependent packets an exit OR can receive is n − gs. If an exit OR receives more dependent packets than this value then it will not be able to decode that generation. The probability of an exit OR receiving gs independent encoding vectors is the sum of all probabilities where the number of received dependent packets is less than or to equal n − gs.

36 Theorem 1 The probability that an exit OR will be able to decode a generation is given by

Proof The probability that an encoding vector in an incoming packet is linearly in-dependent depends on number of previously received linearly inin-dependent encoding vectors of the same generation. If m is the number of already received linearly in-dependent encoding vectors then the number of linearly in-dependent vectors that can be formed from these m vectors is 2^m. So probability that an incoming packet has a linearly dependent encoding vector or an encoding vector from these 2^m depen-dent vectors is ²₂gs^m. As an example, the probability that the first packet received by an exit OR is linearly independent is 

1 − ₂²gs⁰

. By continuing, the probabil-ity that even the second packet received by an exit is also linearly independent is

1 −₂²gs⁰

 1 − ₂²gs¹

and probability that the second packet is dependent on the first packet is 

1 − ₂²gs⁰

 2¹ 2^gs

. Probability that gs out of gs packet received are linearly independent is 

The above probability is the perfect case. But we can receive upto n − gs dependent packets. As an example, the probability for the first packet to be linearly dependent is ₂²gs⁰ . By continuing further, probability that even the second packet re-ceived is dependent is 

2⁰ 2^gs

 2⁰ 2^gs

 and probability that the second packet received by an exit is linearly independent is 

2⁰ 2^gs

 1 − ₂²gs⁰

. Probability that first packet received is linearly dependent and the next gs packets received are linearly indepen-dent is 

. Probability that first and second

packet received are linearly dependent and the rest of gs packets received are linearly

. Extending the exam-ple even further, the probability that first packet received is linearly independent but the second and third packets received are linearly dependent and the rest of gs − 1 packets received are linearly independent is

1 −₂²gs⁰

. Thus when we generalise the above example for n ORs per layer, then the probability of decoding a generation at an exit OR is given by summation of all the probabilities where number of received linearly dependent packets is less than n − gs, which is

1 − ₂²gs⁰

In [20] the authors have developed an analytical formula for the steady state throughput calculation of a TCP communication. It is widely accepted and used.

The TCP throughput is determined by the probability of a packet being lost, the round trip time and time out value. The value of the throughput is limited by the maximum possible congestion window size. The formula is given in Equation 6.3.

B (p) ≈ min

RT T is the round trip time, W max is the maximum size of the congestion window, T o is the timeout value, b is the number packets that are acknowledged by an ACK and p is the probability that a packet will be lost during the

commu-38 nication. We compare the theatrically calculated values of through-put B(p) using Equation 6.3 against the practically obtained value. The throughput model developed in [20] for a TCP communication takes into account congestion avoidance behavior, retransmissions, timeouts and is valid for entire range of p.

PERFORMANCE EVALUATION

We implement the proposed scheme using Network Simulator-2, which is an event based simulator built using C++ blocks. Extensive experiments are performed for various values of generation size (gs), number of ORs per layer (n) and number of layers (nl) in the multicast tree. By varying these parameters, we calculated delay, throughput and detection rate of a TCP communication. We studied the influence of varying the generation size and size of multicast tree on the performance metrics discussed in Chapter 6. The delay, throughput and detection rate of the communication calculated from the experiments are compared to the theoretically calculated values as explained in Chapter 6. The experiments are conducted over TCP connections. A Galois field of size 2⁸ is used by the root for the random linear transformation of the incoming packets from the OPs. All the links in the topology are of 10 Mb capacity and delay on each link is 10 ms unless otherwise specified.

Each simulation is carried out for 60 minutes. All the links between the intermediate OR’s have on/off cross traffic with burst rate 5 Mbit/s, average burst time 500 ms and average idle time 500 ms. The size and other parameters of the multicast tree

39

40 for reverse traffic is same as multicast tree in the forward direction.

7.1 Packet Based Forwarding

7.1.1 Loss Probability

Decoding a generation of encoded packets takes place only after an exit OR has collected gs packets of that generation. Since the packets are randomly forwarded from one OR to another in the next layer, there is a possibility that an exit OR might not receive gs packets of a generation. If the generation cannot be decoded, the exit OR is not be able to retrieve the original packet and it is lost.

Figure 13(a) shows the variations of loss probability by varying the generation size from 5 to 10. The decoding probability decreases with increase in gs with other parameters kept constant because more number of encoded packets are needed by an exit OR to start decoding. When decoding probability is high, the loss probability is less. Figure 13(a) indicates that as gs increases, the loss probability increases.

Experimently obtained values are compared to the values calculated from equation 5.1. The loss probability in the experiments is obtained by the ratio of number of generations that could be decoded to number of different generations that were received by an exit OR.

The decoding probability increases with increase in number of ORs per layer n because there are more number of encoded packets of a generation in the tree, there is a greater chance that an exit OR will receive atleast gs encoded packets of a generation, thus decreasing the loss probability. This explains the decrease in loss probability with increase in n, as shown in Figure 13(b). Number of layers in the multicast tree do not effect the decoding probability because the packets are forwarded from one layer to another and decoding probability depends on distribution

of encoded packets among the exit layer ORs. So even if number of layers are varied the decoding probability remains the same.

5 6 7 8 9 10

0 0.1 0.2 0.3 0.4 0.5

Generation Size (gs)

Loss Probability

n=10, Theoritical n=10, nl=4, Practical n=15, Theoritical n=15, nl=4, Practical

10 15 20 25

0 0.005 0.01 0.015 0.02 0.025

ORs per Layer (n)

Loss Probability

gs=5, nl=4, Practical gs=5, Theoritical

(a) layers =4 (b) gs =5

Figure 13: Comparison of Theoretical and Practical Values of Loss Probability

7.1.2 Throughput Variations

By Varying Generation Size

The experimently calculated throughput values are compared to theoritical values calculated from Equation 6.3. Figure 14(a) shows throughput variations when gs is increased from 5 to 10. The throughput decreases with increase in generation size because as gs increases, more number of encoded packets are required by an exit ORs to decode. As gs increases with other parameters kept constant, the decoding probability decreases as suggested by Equation 5.1. This will lead to increase in loss probability, which decreases the throughput as suggested in Equation 6.3. It can be seen that rate of throughput decrease is less for n = 20 than n = 15 because more number of encoded packets of a generation are present in tree when n is greater.

The effectiveness of an anonymous communication system is determined by the rate at which the communication is detected. The detection scheme used here is

42 based on timing analysis and is discussed in Section 6.1. The detection rate of a com-munication using the proposed system is obtained using entropy which is calculated by applying the concept of mutual information and correlation on the packet timings gathered at the sender and the exit ORs. Figure 14(b) and Figure 14(c) show that the entropy values calculated from correlation and entropy values calculated from mutual information technique. The timing information of a flow of interest is compared with the timing information of aggregate flow at each exit OR. It can be seen that entropy calculated from experiments are almost equal to the entropy of equal distribution indicating that all the exit ORs received similar amount of traffic. So the probability of detecting the traffic is equal to probability of a random guess. As the number of exit ORs increases, the entropy increases which decreases the probability of detection.

The probability of detection is less for n = 20 compared to n = 15.

By Varying Number of Layers

The round trip time increases with number of layers because the hop count increases with layers in the multicast tree. When the number of hops (delay) increases, the throughput of a TCP communication decreases as suggested by the Equation 6.3 and this explains the dip in the value of throughput in the Figure 15(a) for increase in number of layers (nl) from 4 to 20. In Figure 15(b) and Figure 15(c) it can be seen that varying nl in the multicast tree does not change the detection rate because the detection rate depends on the number of ORs in the layer rather than the number of layers itself. So n =15 has a different detection rate from n =20.

By Varying Number of ORs Per Layer (n)

In Figure 16(a), n is varied from 10 to 25 for 4, 8 and 12 layers in multicast tree and gs =5. The throughput value increases with increase in the number of ORs

5 6 7 8 9 10 n=20, nl=20, Theoritical n=20, nl=20, Practical

(a) Throughput Variations for n =15, 20 and layers = 4, 12, 20

5 6 7 8 9 10

(b) Mutual Information Detection Rate (c) Correlation Detection Rate

Figure 14: Comparison of Theoretical and Practical Values of Throughput and De-tection Rate for n =15, 20 and layers = 4, 12, 20

44

Number of Layers (nl)

Throughput (Pkt\Sec)

(a) Throughput Variations for n =15, 20 and gs = 5, 10

4 6 8 10 12 14 16 18 20

Number of Layers (nl)

Entropy

Number of Layers (nl)

Entropy

(b) Mutual Information Detection Rate (c) Correlation Detection Rate

Figure 15: Comparison of Theoretical and Practical Values of Throughput and De-tection Rate for n =15, 20 and gs = 5, 10

per layer. This is because as n increases there will be more encoded packets in the tree and so the loss probability decreases. Increase in decoding probability will lead to decrease in loss probability, thus increasing the throughput. So n =25 has greater throughput than n =10 as indicated in the Figure 16(a). In Figure 16(b) and Figure 16(c), the entropy for n =25 is greater than n =10 because the traffic is equally distributed among larger group of exit ORs.

10 15 20 25

0 50 100 150

ORs per Layer (n)

Throughput (Pkt\Sec)

(a) Throughput Variations for gs =5 and layers = 4, 12, 20

10 15 20 25

ORs per Layer (n)

Entropy

ORs per Layer (n)

Entropy

nl=4, gs=5 nl=12, gs=5 nl=20, gs=5 Random Guess

(b) Mutual Information Detection Rate (c) Correlation Detection Rate

Figure 16: Comparison of Theoretical and Practical Values of Throughput and De-tection Rate for gs =5 and layers = 4, 12, 20

46

7.2 Link Based Forwarding

The link based forwarding is discussed in the section 5 and as mention the decoding probability of a link based forwarding technique is almost equal to 1.

7.2.1 By Varying Generation Size

Figure 17 shows throughput variations for link based forwarding scheme. It can be observed that throughput values are uneffected by variation in gs because when the decoding probability is 1 and loss probability is zero, then the throughput value is the maximum possible value determined by RT T as suggested by Equation 6.3. Throughput for layers =4 is more than layer =12 because as number of layers increase, the RT T value increase resulting in decrease of throughput. Figure 17(b) and Figure 17(c) show entropy values for varying gs in the tree. Since all the ORs in the exit layer receive similar traffic, the entropy values are almost equal to entropy of a random guess, indicating that traffic cannot be detected.

7.2.2 By Varying Number of Layers

In Figure 18(a) it can be seen that as number of layers are increasing, the throughput is decreasing because of increase in RT T with increase in number of hops to final destination. The entropy values is same for nl = 4 and nl = 8 as shown in Figure 18(b) and Figure 18(c) because the number of layers do not effect the traffic distribution among the exit layer ORs and it is effected only by n.

7.2.3 By Varying Number of ORs per Layer(n)

In Figure 19(a) it can been seen that number of ORs per layer does not effect the throughput. It is because increasing n does not effect the loss probability as it

5 6 7 8 9 10

(a) Throughput Variations for n =15, 20 and layers = 4, 12, 20

5 6 7 8 9 10

(b) Mutual Information Detection Rate (c) Correlation Detection Rate

Figure 17: Comparison of Theoretical and Practical Values of Throughput and De-tection Rate for n =15, 20 and layers = 4, 12, 20

48

Number of Layers (nl)

Throughput (Pkts\Sec)

(a) Throughput Variations for n =15, 20 and gs = 5, 10

4 8 12 16 20

Number of Layers (nl)

Entropy

Number of Layers (nl)

Entropy

(b) Mutual Information Detection Rate (c) Correlation Detection Rate

Figure 18: Comparison of Theoretical and Practical Values of Throughput and De-tection Rate for n =15, 20 and gs = 5, 10

will in case of packet forwarding technique and when the loss probability is zero then throughput will reach the maximum possible value determined by RT T . In Figure 19(b) and Figure 19(c) the entropy value increases with n, indicating that probability of detection decreases with increase in the number of ORs per layer because the traffic is distributed among more ORs.

10 15 20 25

ORs per Layer (n)

Throughtput (Pkt/Sec)

(a) Throughput Variations for gs =5 and layers = 4, 12, 20

10 15 20 25

ORs per Layer (n)

Entropy nl=4, gs=5

ORs per Layer (n)

Entropy

nl=4, gs=5 nl=12, gs=5 nl=20, gs=5 Random Guess

(b) Mutual Information Detection Rate (c) Correlation Detection Rate

Figure 19: Comparison of Theoretical and Practical Values of Throughput and De-tection Rate for gs =5 and layers = 4, 12, 20

50

7.3 Binary Coding Based Forwarding

7.3.1 Loss Probability

Decoding a generation of encoded packets takes place only after an exit OR has collected gs linearly independent encoding vectors of that generation. As suggested by Equation 6.2, the probability that a generation is decoded by an exit OR depends on the generation size gs and number of ORs per layer n in the multicast tree.

Figure 20(a) shows the variations of loss probability when generation size in-creases. The decoding probability decreases with increase in gs because more number of linearly independent packets are needed by an exit OR to start decoding. When decoding probability is high, the loss probability is less. Figure 20(a) indicates that as gs increase the loss probability increases. Experimently obtained values are compared to the values calculated from equation 6.2.

Since each exit OR receives n packets for a generation, the loss probability decreases with increase in number of ORs per layer n, as there is a greater chance that an exit OR will receive gs linearly independent packets. This explains the decrease in loss probability with increase in n, as shown in Figure 20(b). Number of layers in the multicast tree do not effect the decoding probability because the packets are forwarded from one layer to another and decoding probability depends on number of encoded packets received by the exit layer ORs and generation size. So even if number of layers are varied the decoding probability remains the same.

7.3.2 Throughput Variations

By Varying Generation Size

The experimently calculated throughput values are compared to theoritical values calculated from Equation 6.3. Figure 21(a) shows throughput variations when

5 6 7 8 9 10

ORs per Layer (n)

Loss Probability

gs=5, Theoritical gs=5, nl=4, Practical

(a) layers =4 (b) gs =5

Figure 20: Comparison of Theoretical and Practical Values of Loss Probability gs is increased from 5 to 10. When other parameters are kept constant, the

Figure 20: Comparison of Theoretical and Practical Values of Loss Probability gs is increased from 5 to 10. When other parameters are kept constant, the

In document A Coding Enabled Anonymity Network (Page 44-75)