A quantitative analysis of anonymous communications

This paper quantitatively analyzes anonymous communication systems (ACS) with regard to anonymity properties. Various ACS have been designed & implemented. However, there are few formal & quantitative analyzes on how these systems perform. System developers argue the security goals which their systems can achieve. Such results are vague & not persuasive. This paper uses a probabilistic method to investigate the anonymity behavior of ACS. In particular, this paper studies the probability that the true identity of a sender can be discovered in an ACS, given that some nodes have been compromised. It is through this analysis that design guidelines can be identified for systems aimed at providing communication anonymity. For example, contrary to what one would intuitively expect, these analytic results show that the probability that the true identity of a sender can be discovered might not always decrease as the length of communication path increases.

[1]  Rob Kling,et al.  Anonymous Communication Policies for the Internet: Results and Recommendations of the AAAS Conference , 1999, Inf. Soc..

[2]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[3]  Richard E. Newman,et al.  Performance analysis of a method for high level prevention of traffic analysis using measurements from a campus network , 1994, Tenth Annual Computer Security Applications Conference.

[4]  Brian Neil Levine,et al.  A protocol for anonymous communication over the Internet , 2000, CCS.

[5]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[6]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[7]  Richard E. Newman,et al.  Performance analysis of a method for high level prevention of traffic analysis , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[8]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[9]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[10]  Steve A. Schneider,et al.  CSP and Anonymity , 1996, ESORICS.

[11]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[12]  Joos Vandewalle,et al.  Solutions for anonymous communication on the Internet , 1999, Proceedings IEEE 33rd Annual 1999 International Carnahan Conference on Security Technology (Cat. No.99CH36303).

[13]  Richard E. Newman,et al.  High level prevention of traffic analysis , 1991, Proceedings Seventh Annual Computer Security Applications Conference.

[14]  Paul Syverson,et al.  Onion routing access configurations , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[15]  V. Rich Personal communication , 1989, Nature.

[16]  J. Faires,et al.  Numerical Methods , 2002 .

[17]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[18]  Yossi Matias,et al.  How to Make Personalized Web Browising Simple, Secure, and Anonymous , 1997, Financial Cryptography.

[19]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[20]  Hannes Federrath,et al.  Project “anonymity and unobservability in the Internet” , 2000, CFP '00.

[21]  Riccardo Bettati,et al.  IEEE TRANSACTIONS ON SYSTEMS , MAN , AND CYBERNETICS — PART A : SYSTEMS AND HUMANS , 2001 .

[22]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[23]  Russell C. H. Cheng Generating beta variates with nonintegral shape parameters , 1978, CACM.

[24]  Paul F. Syverson,et al.  Group Principals and the Formalization of Anonymity , 1999, World Congress on Formal Methods.

[25]  Brian Neil Levine,et al.  Responder anonymity and anonymous peer-to-peer file sharing , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[26]  Micah Adler,et al.  An Analysis of the Degradation of Anonymous Protocols , 2002, NDSS.

[27]  Gene Tsudik,et al.  Mixing E-mail with Babel , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[28]  Birgit Pfitzmann,et al.  Real-time mixes: a bandwidth-efficient anonymity protocol , 1998, IEEE J. Sel. Areas Commun..

[29]  Michael Waidner,et al.  Unconditional Sender and Recipient Untraceability in Spite of Active Attacks , 1990, EUROCRYPT.

[30]  Riccardo Bettati,et al.  Preventing traffic analysis for real-time communication networks , 1999, MILCOM 1999. IEEE Military Communications. Conference Proceedings (Cat. No.99CH36341).

[31]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.