An HMM Approach to Anonymity Analysis of Continuous Mixes

With the increasing requirement of privacy protection, various anonymity communication systems are designed and implemented. However, in the current communication infrastructure, traffic data can be gathered at moderate cost by adversary. Based on the traffic data, they can easily correlate the input links with output links by applying powerful traffic analysis techniques. In this paper, a Hidden Markov Model (HMM) approach is proposed to analyze one of the important anonymity systems, continuous mixes, which individually delays messages instead of processing batch messages. This approach consists of two parts, arrival traffic model and departure traffic model based on HMM, which capture the mean rates of the arrival and departure messages respectively. By using this approach to analyze anonymity of continuous mixes, a successful anonymity analysis can not be guaranteed, especially while the arrival traffic rate is greater than the departure traffic rate. In order to achieve better anonymity results, a new countermeasure is proposed, which inserts a minimum number of dummy traffic flows to ensure better anonymity of continuous mixes and protects users against various traffic analyses.

[1]  Francesco Palmieri,et al.  Joint end-to-end loss-delay hidden Markov model for periodic UDP traffic over the Internet , 2006, IEEE Transactions on Signal Processing.

[2]  Jeff A. Bilmes,et al.  A gentle tutorial of the em algorithm and its application to parameter estimation for Gaussian mixture and hidden Markov models , 1998 .

[3]  Dieter Gollmann,et al.  Computer Security – ESORICS 2004 , 2004, Lecture Notes in Computer Science.

[4]  Matthew K. Wright,et al.  Timing Attacks in Low-Latency Mix Systems (Extended Abstract) , 2004, Financial Cryptography.

[5]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[6]  Dieter Gollmann,et al.  Computer Security - ESORICS 2006, 11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20, 2006, Proceedings , 2006, ESORICS.

[7]  Dakshi Agrawal,et al.  Probabilistic treatment of MIXes to hamper traffic analysis , 2003, 2003 Symposium on Security and Privacy, 2003..

[8]  Louis A. Liporace,et al.  Maximum likelihood estimation for multivariate observations of Markov sources , 1982, IEEE Trans. Inf. Theory.

[9]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[10]  George Danezis,et al.  The Traffic Analysis of Continuous-Time Mixes , 2004, Privacy Enhancing Technologies.

[11]  Claudia Díaz,et al.  Comparison Between Two Practical Mix Designs , 2004, ESORICS.

[12]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[13]  Carmela Troncoso,et al.  Two-Sided Statistical Disclosure Attack , 2007, Privacy Enhancing Technologies.

[14]  Andrei Serjantov A Fresh Look at the Generalised Mix Framework , 2007, Privacy Enhancing Technologies.

[15]  Roger Dingledine,et al.  From a Trickle to a Flood: Active Attacks on Several Mix Types , 2002, Information Hiding.

[16]  M. Puterman,et al.  Maximum-penalized-likelihood estimation for independent and Markov-dependent mixture models. , 1992, Biometrics.

[17]  Marco Ajmone Marsan,et al.  Markov models of internet traffic and a new hierarchical MMPP model , 2005, Comput. Commun..

[18]  Dogan Kesdogan,et al.  Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System , 1998, Information Hiding.

[19]  Xinwen Fu,et al.  DSSS-Based Flow Marking Technique for Invisible Traceback , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[20]  Vitaly Shmatikov,et al.  Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses , 2006, ESORICS.