An attacker model is a pre-requisite to make statements on the properties of security mechanisms. However, in order to be adequate, an attacker model should fit to the class of the considered security mechanisms and to the (computing) environment. This paper introduces a new attacker model, called the Freiburg Privacy Diamond (FPD), to evaluate anonymity mechanisms with regard to mobility, especially device mobility. This model takes into account the conditions of mobile computing. The FPD enables the analyser to adjust the strength of the attacker in a fine grained way and dependent on the (computing) environment. 1 Motivation and Overview In a mobile computing environment information is processed on devices in constantly changing networks, where new devices join, others leave, thus changing the environment and the available services. A device may join a network automatically if the network is reachable through its radio interface. The operators and users of the other devices in this network may not be interested in protecting the security, especially protecting the privacy, of the user of this additional device. Many mechanisms to achieve anonymity have been proposed, most of them requiring access to a sophisticated anonymizing infrastructure. In the case of mobile computing implementation of these mechanisms may lead to high computional overhead and network load. Evaluation of these mechanisms is mostly concerned with showing that “perfect” anonymity can be achieved, and analyzing resistance against attacks. Using a analysis method that includes mobility, it is possible to derive anonymizing techniques that are better adapted to the needs of a mobile environment. In this paper such an analysis method is proposed. This paper is structured as follows: The next section defines anonymity and refers how Part of this work was supported by the Kolleg “Living in a Smart Environment” of the Gottlieb Daimlerand Carl Benz-Stiftung other authors measure anonymity. Section three describes two approaches to model an attacker.The privacy diamond is introduced and formalized in section four, as well as applied to some examples. The paper concludes with remarks on the adequacy of the privacy diamond as a model.
[1]
Michael K. Reiter,et al.
Crowds: anonymity for Web transactions
,
1998,
TSEC.
[2]
Andreas Pfitzmann,et al.
Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology
,
2000,
Workshop on Design Issues in Anonymity and Unobservability.
[3]
Ueli Maurer,et al.
Modelling a Public-Key Infrastructure
,
1996,
ESORICS.
[4]
Danny Dolev,et al.
On the security of public key protocols
,
1981,
22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).
[5]
Nils J. Nilsson,et al.
Probabilistic Logic *
,
2022
.
[6]
Hannes Federrath,et al.
Web MIXes: A System for Anonymous and Unobservable Internet Access
,
2000,
Workshop on Design Issues in Anonymity and Unobservability.