Atom: Horizontally Scaling Strong Anonymity
Albert Kwon
MIT
|
Henry Corrigan-Gibbs
Stanford
|
Srinivas Devadas
MIT
|
Bryan Ford
EPFL
|
26th ACM Symposium on Operating Systems Principles (SOSP)
October 30, 2017
Abstract:
Atom is an anonymous messaging system that protects against
traffic-analysis attacks. Unlike many prior systems, each
Atom server touches only a small fraction of the total messages
routed through the network. As a result, the system’s
capacity scales near-linearly with the number of servers. At
the same time, each Atom user benefits from “best possible”
anonymity: a user is anonymous among all honest users of
the system, even against an active adversary who monitors
the entire network, a portion of the system’s servers, and any
number of malicious users. The architectural ideas behind
Atom have been known in theory, but putting them into practice
requires new techniques for (1) avoiding heavy general-purpose
multi-party computation protocols, (2) defeating
active attacks by malicious servers at minimal performance
cost, and (3) handling server failure and churn.
Atom is most suitable for sending a large number of short
messages, as in a microblogging application or a high-security
communication bootstrapping (“dialing”) for private messaging
systems. We show that, on a heterogeneous network
of 1,024 servers, Atom can transit a million Tweet-length
messages in 28 minutes. This is over 23× faster than prior
systems with similar privacy guarantees.
Paper:
PDF
Talk slides:
PDF