Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation


The peer-assisted CDN is a new content distribution paradigm supported by CDNs (e.g., Akamai), which enables clients to cache and distribute web content on behalf of a website. Peer-assisted CDNs bring significant bandwidth savings to website operators and reduce network latency for users. In this work, we show that the current designs of peerassisted CDNs expose clients to privacy-invasive attacks, enabling one client to infer the set of browsed resources of another client. To alleviate this, we propose an anonymous peerassisted CDN (APAC), which employs content delivery while providing initiator anonymity (i.e., hiding who sends the resource request) and responder anonymity (i.e., hiding who responds to the request) for peers. APAC can be a web service, compatible with current browsers and requiring no client-side changes. Our anonymity analysis shows that our APAC design can preserve a higher level of anonymity than state-of-the-art peer-assisted CDNs. In addition, our evaluation demonstrates that APAC can achieve desired performance gains

In the 16th Privacy Enhancing Technologies Symposium (PETS 2016) .