Formal analysis of anonymity based on strand space model

Anonymous communication protocols can be used in ubiquitous environments to preserve the identity of users. To verify the correctness of the protocol, a formal framework for the analysis of anonymity property of anonymous communication protocols in terms of strand space model was proposed. The key ingredient is the notions of equivalent bundles and extremum pair, which are used to define anonymity. Then we illustrate our approach by proving sender anonymity and unlinkability for two well-known anonymous communication protocols, Crowds and Onion Routing and show how the framework is capable of verifying the correctness of protocols or capturing the flaws. The result shows that sender anonymity will fail in Crowds if there exist a global attacker and relation anonymity will fail in Onion Routing if the attacker knows the onion router's private key. Furthermore, to analyze the particular version of onion routing proposed in [1], it can also find the flaw in the protocol.

[1]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[2]  Sheikh Iqbal Ahamed,et al.  Privacy in Pervasive Computing and Open Issues , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[3]  Joseph Y. Halpern,et al.  Anonymity and information hiding in multiagent systems , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[4]  Joshua D. Guttman,et al.  Strand Spaces: Proving Security Protocols Correct , 1999, J. Comput. Secur..

[5]  Vitaly Shmatikov,et al.  Information Hiding, Anonymity and Privacy: a Modular Approach , 2004, J. Comput. Secur..

[6]  Nancy A. Lynch,et al.  Cryptographic protocols , 1982, STOC '82.

[7]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[8]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[9]  Paul F. Syverson,et al.  Group Principals and the Formalization of Anonymity , 1999, World Congress on Formal Methods.

[10]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[11]  Jan van Eijck,et al.  Epistemic Verification of Anonymity , 2007, VODCA@FOSAD.

[12]  Steve A. Schneider,et al.  CSP and Anonymity , 1996, ESORICS.

[13]  Wolter Pieters,et al.  Provable anonymity , 2005, FMSE '05.

[14]  Mark Ryan,et al.  Analysis of an Electronic Voting Protocol in the Applied Pi Calculus , 2005, ESOP.