A Detailed Mathematical Analysis of a Class of Covert Channels Arising in Certain Anonymizing Networks

Abstract : There have long been threads of investigation into covert channels, and threads of investigation into anonymity, but these two closely related areas of information hiding have not been directly associated. This report represents an initial inquiry into the relationship between covert channel capacity and anonymity, and poses more questions than it answers. Even this preliminary work has proven difficult, but in this investigation lies the hope of a deeper understanding of the nature of both areas. Mixes have been used for anonymity, where the concern is shielding the identity of the sender or the receiver of a message, or both. Traffic analysis prevention (TAP) methods are used to conceal larger traffic patterns. Here, we are concerned with how much information a sender to a Mix can leak to an eavesdropping outsider, despite the concealment efforts of Mixes acting as firewalls.

[1]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[2]  Richard E. Newman,et al.  Capacity estimation and auditability of network covert channels , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[3]  I. S. Moskowitz,et al.  Metrics for Traffic Analysis Prevention , 2003 .

[4]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[5]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[6]  Richard E. Newman,et al.  Performance analysis of a method for high level prevention of traffic analysis , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[7]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[8]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[9]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[10]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[11]  H. Rumsey,et al.  Two Results On Binary-input Discrete Memoryless Channels , 1991, Proceedings. 1991 IEEE International Symposium on Information Theory.

[12]  Claude E. Shannon,et al.  The zero error capacity of a noisy channel , 1956, IRE Trans. Inf. Theory.

[13]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[14]  E. M. Wright,et al.  An introduction to the operations with series , 1964 .

[15]  Richard E. Newman,et al.  Performance analysis of a method for high level prevention of traffic analysis using measurements from a campus network , 1994, Tenth Annual Computer Security Applications Conference.

[16]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[17]  Richard E. Newman,et al.  Transmission schedules to prevent traffic analysis , 1993, Proceedings of 9th Annual Computer Security Applications Conference.

[18]  Yoichiro Takada ON THE MATHEMATICAL THEORY OF COMMUNICATION , 1954 .

[19]  Richard E. Newman,et al.  High level prevention of traffic analysis , 1991, Proceedings Seventh Annual Computer Security Applications Conference.

[20]  R. Gallager Information Theory and Reliable Communication , 1968 .

[21]  I. S. Moskowitz,et al.  Covert channels-here to stay? , 1994, Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance.