Organizational networks are vulnerable to traffic-analysis attacks that enable adversaries to infer sensitive information from network traffic -- even if encryption is used. We present PriFi, an anonymous communication protocol for LANs provably secure against traffic-analysis attacks; it has low latency and is application agnostic. PriFi builds on Dining Cryptographers networks (DC-nets) and solves several of their limitations. For instance, the communication latency is reduced via a client/relay/server architecture tailored to LANs, where a set of servers assist the anonymization process without adding latency. Unlike mix networks and other DC-nets systems, a client's packets remain on their usual network path without additional hops. Moreover, PriFi protects clients against equivocation attacks without adding significant latency overhead and without requiring communication among clients. PriFi also detects disruption (jamming) attacks without costly consensus among servers. We evaluate the practicality of PriFi in the context of a large, real-world organization at risk of traffic-analysis attacks. Our results show that PriFi introduces a small latency overhead (ms for clients) and is compatible with delay-sensitive applications such as VoIP.
View on arXiv