End-to-end Communication

We assume that network addresses are assigned by an Internet Service Provider (ISP) which can correlate the address to a real-world identity. Thus, participants in a CCN restrict knowledge by other participants of their network address. We use pseudonyms as logical addresses within the network to provide an anonymous means for members to identify each other without revealing their network addresses.

Pseudonyms could be a unique username selected by the participant; a random string or set of digits; the participant’s public key; or a numerical value associated with their location within the CCN overlay topology.

Pseudonyms are used by intermediate nodes to identify a message’s destination. When a node receives data, it replaces the network address associated with the data, with its own network address and forwards the data to the next neighbor along the route. Thus, for each message, we have a source node, a destination node, and zero or more intermediate nodes that forward the message in a way as to delink the sender and the receiver.

3.1.1 Communication between Neighbors

Communication between neighbors in the CCN overlay is carried over what we call channels. Channels can be of different channel types, which in turn specify the implementation of each channel. Each channel type will have different performance characteristics in support of the communication requirements of the group. Different channel types can be easily developed based on the particular requirements of the group. For example, channels can be instantiated using: the user datagram proto- col (UDP), the transmission control protocol (TCP), simple mail transfer protocol (SMTP) (i.e., email), covert channels, steganographic messages passed between nodes using either file-transfer protocol (FTP) or a shared repository (such as Facebook, Flickr, Twitter, etc.), or any other network communication protocol.

Channels are either low-latency or high-latency, each of which offers its own trade- offs between performance and anonymity. Low latency communication provides near- real-time communication for group members at the risk of providing an adversary with timing signatures for tracing packets across the overlay network, thus under- mining anonymity. If near-real-time communication is not required, then nodes can

provide the full functionality of a mix by both batching messages and introducing variations in timing to obscure communication signatures and increase anonymity.

A node may have multiple channels from which to choose in order to transmit data to a particular neighbor. The channel type used to communicate between neighbors is negotiated as part of the join protocol of a new node, and the channels used by the network are instantiated at each node immediately after joining the network and selected for use based on the requirements of each specific message.

In Figure 3.1 Alice had two neighbors: Bob and Ed. In one case, Alice com- municates through Bob using a TCP channel, and communicates through Ed using either a TCP channel or Facebook. Facebook, Flickr and other social network and file sharing sites can be used to pass messages embedded in photos or music files using standard steganographic techniques. Alice needs only to provide Ed with the account and filename to successfully pass the message. Thus, Alice can send data to Ed in more than one way. For latency-sensitive communication, they can select to use the TCP channel, while the Facebook channel can be used for the remaining communication.

During establishment of the overlay network (typically as part of the join protocol discussed in Section 8) neighboring nodes discover and negotiate the set of channels to be provided. During the connection establishment, each node selects from among the available channels the particular channel to be used on the outgoing link to the next node in the overlay network.

3.1.1.1 Pushing vs. Pulling Data

As in most peer-to-peer networks, each node in the CCN operates as both a server and a client. We make the distinction between the two by denoting the client as the process that initiates the communication. Data can be pulled or pushed by

a channel, as necessary. In the first case, when the channel receives a message, the message is buffered until it is requested by the appropriate neighbor. The process is repeated at each node, propagating across the network until the data packet reaches its destination. In the second case, when a node receives data that needs to be forwarded, the node automatically connects to the appropriate neighbor and forwards the message.

The polling of adjacent nodes provides a basis for message batching and timing disruption. These are two key characteristics of early Mix networks [13]. However, the timing of the polling could potentially provide a signature that would under- mine membership concealment. Randomizing the time periods between polls would disrupt the timing and provide protection against these types of attacks.

Message pushing, on the other hand, minimizes propagation delay between adja- cent nodes if the message is sent immediately. If messages are also routed along the fastest route, then the source-to-destination propagation delay is minimized. This is essential when near-real-time communication is necessary, such as voice-over-IP (VoIP) or video teleconferencing.

3.1.2 Pseudonyms

Pseudonyms are identifiers that should not be linkable to the real identities of the participants. In other words, a pseudonym is an identifier of a subject other than one of the subject’s real names [53]. Thus, pseudonyms provide a means for non-adjacent nodes within a covert communication network to communicate with each other without needing to share their network addresses.

Pseudonyms could be a unique username selected by the participant, a random string or set of digits, the participant’s public key, or a numerical value associated with their location within the CCN overlay topology. Participants distribute their

pseudonym as a means for other nodes to communicate with them. In our imple- mentation, pseudonyms correspond to a logical location within the network topology in order to facilitate routing.

3.1.3 CCN Message Confidentiality

Cryptography provides message confidentiality. Though orthogonal to anonymity and membership concealment, confidentiality is an inherent requirement in a CCN. Given the threat model, we use cryptography to guard message confidentiality.

Thus, all traffic within the CCN is encrypted. Encryption occurs at two levels. First, we have end-to-end cryptography where the source encrypts the payload so that it is only readable by the destination. Second, we have hop-level cryptography, where a node along the route encrypts the data packet so that it is only readable by the next node along the route. Since messages are also re-encrypted every time they are forwarded by a node, this also provides protection against the adversary tracing messages across the network.

CCNs can use either symmetric or asymmetric cryptography. Similar to other Internet protocols such as transport layer security (TLS), symmetric cryptography is used for low-latency communication. For exchanging symmetric keys, asymmetric cryptography is used. It can also be used for encrypting and decrypting delay-tolerant traffic.

Public keys are shared in a distributed manner among the CCN nodes via a web of trust. In the web of trust, keys propagate across the network as they are shared from neighbor to neighbor. As long as two or more paths exist between any two nodes, attempts to corrupt public keys or execute a man-in-the-middle attack are detectable. Thus, there is no need for a central certificate authority.