krishna puttaswamy, ranjita bhagwan, and venkat padmanabhan
Data aggregation is a key aspect of many distributed appli- cations, such as distributed sensing, performance monitoring, and dis- tributed diagnostics. In such settings, user anonymity is a key concern of the participants. In the absence of an assurance of anonymity, users may be reluctant to contribute data such as their location or configuration settings on their computer.
In this paper, we present the design, analysis, implementation, and eval- uation of Anonygator, an anonymity-preserving data aggregation ser- vice for large-scale distributed applications. Anonygator uses anonymous routing to provide user anonymity by disassociating messages from the hosts that generated them. It prevents malicious users from uploading disproportionate amounts of spurious data by using a light-weight ac- counting scheme. Finally, Anonygator maintains overall system scalabil- ity by employing a novel distributed tree-based data aggregation pro- cedure that is robust to pollution attacks. All of these components are tuned by a customization tool, with a view to achieve specific anonymity, pollution resistance, and efficiency goals. We have implemented Anony- gator as a service and have used it to prototype three applications, one of which we have evaluated on PlanetLab. The other two have been evaluated on a local testbed.
|Published in||ACM/IFIP/USENIX 11th International Middleware Conference|