Metrics for Trafic Analysis Prevention

This paper considers systems for Traffic Analysis Prevention (TAP) in a theoretical model. It considers TAP based on padding and rerouting of messages and describes the effects each has on the difference between the actual and the observed traffic matrix (TM). The paper introduces an entropy-based approach to the amount of uncertainty a global passive adversary has in determining the actual TM, or alternatively, the probability that the actual TM has a property of interest. Unlike previous work, the focus is on determining the overall amount of anonymity a TAP system can provide, or the amount it can provide for a given cost in padding and rerouting, rather than on the amount of protection afforded particular communications.

[1]  Ira S. Moskowitz,et al.  A Network Pump , 1996, IEEE Trans. Software Eng..

[2]  Richard E. Newman,et al.  Capacity estimation and auditability of network covert channels , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[3]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[4]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[5]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[6]  Richard E. Newman,et al.  Performance analysis of a method for high level prevention of traffic analysis using measurements from a campus network , 1994, Tenth Annual Computer Security Applications Conference.

[7]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[8]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[9]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[10]  William Stallings,et al.  Data and Computer Communications , 1985 .

[11]  Hannes Federrath Designing Privacy Enhancing Technologies , 2001, Lecture Notes in Computer Science.

[12]  Fred Halsall,et al.  Data communications, computer networks and open systems (3. ed.) , 1995, Electronic-systems engineering series.

[13]  Anton Stiglic,et al.  Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems , 2001, Information Hiding.

[14]  Paul F. Syverson,et al.  Group Principals and the Formalization of Anonymity , 1999, World Congress on Formal Methods.

[15]  Richard E. Newman,et al.  Performance analysis of a method for high level prevention of traffic analysis , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[16]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[17]  S. Anderson,et al.  Secure Synthesis of Code: A Process Improvement Experiment , 1999, World Congress on Formal Methods.

[18]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[19]  Richard E. Newman,et al.  High level prevention of traffic analysis , 1991, Proceedings Seventh Annual Computer Security Applications Conference.

[20]  Roch Guérin,et al.  Efficient network QoS provisioning based on per node traffic shaping , 1996, TNET.

[21]  Daniel R. Simon,et al.  Cryptographic defense against traffic analysis , 1993, STOC.

[22]  Oliver Berthold,et al.  Dummy Traffic against Long Term Intersection Attacks , 2002, Privacy Enhancing Technologies.