Understanding when location-hiding using overlay networks is feasible

Overlay networks (proxy networks) have been used as a communication infrastructure to allow applications to communicate with users without revealing their IP addresses. Such proxy networks are used to enhance application security; including protecting applications from direct attacks and infrastructure Denial-of-Service attacks. However, the conditions under which such approaches can hide application location are not well understood. To shed light on this question, we develop a formal framework for the proxy network approach to location-hiding which encompasses most of the proposed approaches. It is used to characterize how attacks, defenses, and correlated host vulnerabilities affect the feasibility of location-hiding.We find that existing approaches employing static structures (e.g., SOS and I3) cannot hide application location because attackers gain information monotonically and quickly penetrate the proxy network. However, adding defenses, such as proxy network reconfiguration or migration, which invalidate the information attackers have, makes location-hiding feasible against penetration attacks. Proxy-network depth and reconfiguration rates are critical factors for effectiveness. Furthermore, correlated vulnerabilities in many cases jeopardize location-hiding; however, by exploiting host diversity and intelligent proxy-network construction, the negative impact of correlation can be mitigated and location-hiding can be achieved. These results provide deeper understanding of the location-hiding problem and guidelines for proxy-network design.