Publications/Experiment Repository
[2015] Workload Modelling for Mix-based Anonymity Services
Karl-Peter Fuchs, Dominik Herrmann, Hannes Federrath
Elsevier Computers & Security Journal
Evaluating and improving the performance of mix-based anonymity systems in a realworld setting is critical to foster their adoption. However, current research in this field mostly employs unrealistic models for evaluation purposes. Moreover, previously documented results are often difficult to reproduce. We propose two complementary models tailored to the evaluation of mix-based anonymity services. The models enable realistic experiments and are easy to use as they allow to automatically extract workloads from trace files recorded in real networks and replay them in simulations. We also describe our ready-to-use open source evaluation suite that implements the models. Given the suite, researchers can easily create and re-use well-defined workload sets for evaluation purposes. The workloads can be replayed both in discrete-event simulations and distributed experiments. With this initiative we want to foster open research in our discipline.
Extended version of "[2013] Generating Realistic Application Workloads for Mix-Based Systems for Controllable, Repeatable and Usable Experimentation" (see below)
[PDF] [BibTex, EndNote, etc.] [config files, executables and source code]
[2014] EncDNS: A Lightweight Privacy-Preserving Name Resolution Service
Dominik Herrmann, Karl-Peter Fuchs, Jens Lindemann, Hannes Federrath
M. Kutylowski, J. Vaidya (Eds.): ESORICS 2014, LNCS 8712, Part I, pp. 37–55, Springer, 2014.
Users are increasingly switching to third party DNS resolvers (e.g., Google Public DNS and OpenDNS). The resulting monitoring capabilities constitute an emerging threat to online privacy. In this paper we present EncDNS, a novel lightweight privacy-preserving name resolution service as a replacement for conventional third-party resolvers. The EncDNS protocol, which is based on DNSCurve, encapsulates encrypted messages in standards-compliant DNS messages. User privacy is protected by exploiting the fact that a conventional DNS resolver provides sender anonymity against the EncDNS server. Unlike traditional privacy-perserving techniques like mixes or onion routing, which introduce considerable delays due to routing messages over multiple hops, the EncDNS architecture introduces only one additional server in order to achieve a sufficient level of protection against realistic adversaries. EncDNS is open source software. An initial test deployment is available for public use.
[PDF] [BibTex] [config files and source code] [client software Windows] [client software Linux]
[2013] Generating Realistic Application Workloads for Mix-Based Systems for Controllable, Repeatable and Usable Experimentation
Karl-Peter Fuchs, Dominik Herrmann, Hannes Federrath
L.J. Janczewski, H. Wolf, and S. Shenoi (Eds.): SEC 2013, IFIP AICT 405, IFIP International Federation for Information Processing, pp. 162-175, Springer, 2013.
Introduction of two complementary models that allow to extract characteristics from trace files recorded in real networks and replay them in a simulation. The models are implemented for the gMix framework and allow researchers to easily create and re-use realistic workload sets for evaluation purposes. The general goal of the paper was to adapt the state of the art solutions for web traffic generation from the network research community to the field of PETs.
[PDF] [BibTex, EndNote, etc.] [config files, executables and source code]
[2012] Introducing the gMix Open Source Framework for Mix Implementations
Karl-Peter Fuchs, Dominik Herrmann, Hannes Federrath
S. Foresti, M. Yung, and F. Martinelli (Eds.): ESORICS 2012, LNCS 7459, pp. 487-504, Springer, 2012.
Introduction to the open source software framework gMix. If you want to refer to gMix, please cite this publication.
[PDF] [BibTex, EndNote, etc.] [config files, executables and source code]
[2012] gMix: Eine generische Architektur für Mix-Implementierungen und ihre Umsetzung als Open-Source-Framework
Karl-Peter Fuchs, Dominik Herrmann, Hannes Federrath
Sicherheit 2012. Sicherheit, Schutz und Zuverlässigkeit. Beiträge der 6. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), Lecture Notes in Informatics (P-195), Michael Waidner, Suri Neeraj (Hrsg.), Köllen-Verlag, Bonn 2012, 123-135.
Description of the gmix open source project and its goals. Available in german only.
[PDF] [Code] [Documentation]
[2011] Privacy-Preserving DNS: Analysis of Broadcast, Range Queries and Mix-based Protection Methods
Hannes Federrath, Karl-Peter Fuchs, Dominik Herrmann, Christopher Piosecny
Vijay Atluri and Claudia Diaz (Eds.): Proceedings of the 16th European Symposium on Research in Computer Security - ESORICS 2011, Leuven, Belgium, Lecture Notes in Computer Science 6879, Springer, 2011, 665-683.
Proposal for a combination of mixes and broadcast to efficiently anonymize DNS traffic. The system is implemented in an early version of the gMix architecture. Parts of the source code are included with the current framework.
-