GuardedGossip: Secure and Anonymous Node Discovery in Untrustworthy Networks

Node discovery is a fundamental service for any overlay network. It is a particular challenge to provide unbiased discovery in untrustworthy environments, e.g., anonymization networks. Although a major line of research focused on solving this problem, proposed methods have been shown to be vulnerable either to active attacks or to leak routing information, both threatening the anonymity of users. In response, we propose GuardedGossip-a novel gossip based node discovery protocol-that achieves an unbiased random node discovery in a fully-decentralized and highly-scalable fashion. It is built on top of a Chord distributed hash table (DHT) and relies on witness nodes and bound checks to resist active attacks. To limit routing information leakages, GuardedGossip uses gossiping to create uncertainty in the process of node discovery. By incorporating the principles of DHTs with the unstructured nature of gossiping in a subtle way, we profit from the strengths of both techniques while carefully mitigating their shortcomings. We show that GuardedGossip provides a sufficient level of security for users even if 20% of the participating nodes are malicious. Concurrently, our system scales gracefully and provides an adequate overhead for its security and privacy benefits.