You cannot hide for long: de-anonymization of real-world dynamic behaviour

Disclosure attacks against anonymization systems have traditionally assumed that users exhibit stable patterns of communications in the long term. We use datasets of real traffic to show that this assumption does not hold: usage patterns email, mailing lists, and location-based services are dynamic in nature. We introduce the sequential statistical disclosure technique, which explicitly takes into account the evolution of user behavior over time and outperforms traditional profiling techniques, both at detection and quantification of rates of actions. Our results demonstrate that despite the changing patterns of use: low sending rates to specific receivers are still detectable, surprisingly short periods of observation are sufficient to make inferences about users' behaviour, and the characteristics of real behaviour allows for inferences even in secure system configurations.

[1]  Christopher Krügel,et al.  A Practical Attack to De-anonymize Social Network Users , 2010, 2010 IEEE Symposium on Security and Privacy.

[2]  George Danezis,et al.  Statistical Disclosure Attacks , 2003, SEC.

[3]  Dogan Kesdogan,et al.  The Hitting Set Attack on Anonymity Protocols , 2004, Information Hiding.

[4]  Dieter Rautenbach,et al.  Fundamental limits on the anonymity provided by the MIX technique , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[5]  Neil J. Gordon,et al.  A tutorial on particle filters for online nonlinear/non-Gaussian Bayesian tracking , 2002, IEEE Trans. Signal Process..

[6]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[7]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[8]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[9]  Thomas Gross,et al.  Cryptographic Protocols of the Identity Mixer Library, v. 1.0 , 2009 .

[10]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[11]  Dogan Kesdogan,et al.  Measuring Anonymity: The Disclosure Attack , 2003, IEEE Secur. Priv..

[12]  Jean-Jacques Quisquater,et al.  Advances in cryptology, EUROCRYPT '95 : International Conference on the Theory and Application of Cryptographic Techniques, Saint-Malo, France, May 21-25, 1995 : proceedings , 1995 .

[13]  Philippe Golle,et al.  Revisiting the uniqueness of simple demographics in the US population , 2006, WPES '06.

[14]  Branko Ristic,et al.  Beyond the Kalman Filter: Particle Filters for Tracking Applications , 2004 .

[15]  Nikita Borisov,et al.  Privacy Enhancing Technologies, 8th International Symposium, PETS 2008, Leuven, Belgium, July 23-25, 2008, Proceedings , 2008, Privacy Enhancing Technologies.

[16]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[17]  Dogan Kesdogan,et al.  A Practical Complexity-Theoretic Analysis of Mix Systems , 2011, ESORICS.

[18]  Carmela Troncoso,et al.  Understanding Statistical Disclosure: A Least Squares Approach , 2012, Privacy Enhancing Technologies.

[19]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[20]  Jean-Jacques Quisquater,et al.  Advances in Cryptology — EUROCRYPT ’95 , 2001, Lecture Notes in Computer Science.

[21]  Carmela Troncoso,et al.  On the Impact of Social Network Profiling on Anonymity , 2008, Privacy Enhancing Technologies.

[22]  Andreas Pfitzmann,et al.  The Disadvantages of Free MIX Routes and how to Overcome Them , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[23]  Carmela Troncoso,et al.  Vida: How to Use Bayesian Inference to De-anonymize Persistent Communications , 2009, Privacy Enhancing Technologies.

[24]  Nick Mathewson,et al.  Practical Traffic Analysis: Extending and Resisting Statistical Disclosure , 2004, Privacy Enhancing Technologies.

[25]  Thomas S. Heydt-Benjamin,et al.  Cryptographic Protocols of the Identity Mixer Library , 2009 .

[26]  Carmela Troncoso,et al.  Perfect Matching Disclosure Attacks , 2008, Privacy Enhancing Technologies.

[27]  L. Sweeney Simple Demographics Often Identify People Uniquely , 2000 .

[28]  J. van Leeuwen,et al.  Information Hiding , 1999, Lecture Notes in Computer Science.