A Systematic Survey on Security in Anonymity Networks: Vulnerabilities, Attacks, Defenses, and Formalization

The importance of safeguarding individuals' privacy rights in online activities is unmistakable in today's anonymity networks. Since the introduction of Mixnet by Chaum, numerous anonymity networks with different objectives and design principles have emerged, providing a diverse range of applications for privacy-conscious users. However, security issues in anonymity networks have persistently existed and continue to impact their survival and development. Each anonymity network presents distinct security challenges, making it more challenging for researchers to achieve a comprehensive and systematic understanding of their security. The current literature exhibits some unavoidable gaps, including the lack of vulnerability perspectives, a unified understanding of diverse attack types, defense perspectives, and theoretical perspectives. To address these gaps, we investigate prevailing attacks targeting anonymity networks from the viewpoint of network designers and operators. We use Tor, I2P, and Freenet (arguably the three most popular anonymity networks) as case studies. Starting with these attacks, we conduct an in-depth analysis of the vulnerabilities underlying them and explore related defense mechanisms and formal security. Specifically, we classify vulnerabilities into external and internal categories, utilizing the protocol stack of an anonymity network to guide the categorization of internal vulnerabilities. Furthermore, we examine their root causes. In addition to these aspects, we emphasize the importance of formal security in researching the security of anonymity networks by integrating the investigated vulnerabilities, attacks, and defenses. Through this comprehensive, thorough, and unified approach, this paper aims to provide insights into the security of anonymity networks and offer general research findings. Finally, we discuss ongoing challenges and future directions in this specific area.