APGS: An Efficient Source-Accountable and Metadata-Private Protocol in the Network Layer
Fig.5 Packet structure in APGS
Abstract
Due to the revelations of global-scale pervasive surveillance programs, Internet users have an increasing demand for privacy. However, this is usually undesirable for network service providers because attackers would be able to anonymize themselves and avoid regulation while conducting network attacks. Therefore, network service providers want to hold users accountable and it has been widely considered as a tussle to find a good balance point between the accountability and privacy for the Internet. In this work, we first show that existing representative approaches mainly suffer from narrow-range accountability, low efficiency or risky key management. Motivated by these observations, we propose an efficient network layer protocol called APGS to balance the accountability and privacy. At the core of our APGS is the group signature which, however, is not trivial to apply for the network layer mainly due to the efficiency, revocation, and privacy issues. We manage to overcome these challenges via proposing some novel approaches, including challenge-based cache strategy, scalable verifier-local revocation strategy, and Onion-then-Case strategy. We then evaluate the efficiency of APGS and conclude that in our environment, APGS can generate packets up to 20k pkts/s on a desktop and achieve approximately 80% of IP's goodput at most on a software router.
Yusheng Xia
PhD Student (2017–)
