Denial of Service or Denial of Security?: How Attacks on Reliability Can Compromise Anonymity

This paper considers the effect attackers who disrupt anonymous communications have on the security of traditional high- and low-latency anonymous communication systems, as well as on the Hydra-Onion and Cashmere systems that aim to offer reliable mixing, and Salsa, a peer-to-peer anonymous communication network. The paper shows that Denial of Service (DoS) lowers anonymity as messages need to get retransmitted to be delivered, presenting more opportunities for attack. The paper uncovers a fundamental limit on the security of mix networks, showing that they cannot tolerate a majority of nodes being malicious. Cashmere, Hydra-Onion, and Salsa security is also badly affected by DoS attackers. The results are backed by probabilistic modeling and extensive simulations and are of direct applicability to deployed anonymity systems.