On collaborative anonymous communications in lossy networks

Message encryption does not prevent eavesdroppers from unveiling who is communicating with whom, when, or how frequently, a privacy risk wireless networks are particularly vulnerable to. The Crowds protocol, a well-established anonymous communication system, capitalizes on user collaboration to enforce sender anonymity. This work formulates a mathematical model of a Crowd-like protocol for anonymous communication in a lossy network, establishes quantifiable metrics of anonymity and quality of service (QoS), and theoretically characterizes the trade-off between them. The anonymity metric chosen follows the principle of measuring privacy as an attacker's estimation error. By introducing losses, we extend the applicability of the protocol beyond its original proposal. We quantify the intuition that anonymity comes at the expense of both delay and end-to-end losses. Aside from introducing losses in our model, another main difference with respect to the traditional Crowds is the focus on networks with stringent QoS requirements, for best effort anonymity, and the consequent elimination of the initial forwarding step. Beyond the mathematical solution, we illustrate a systematic methodology in our analysis of the protocol. This methodology includes a series of formal steps, from the establishment of quantifiable metrics all the way to the theoretical study of the privacy QoS trade-off. Copyright © 2013 John Wiley & Sons, Ltd.

[1]  Charles R. Johnson,et al.  Matrix analysis , 1985, Statistical Inference for Engineers and Data Scientists.

[2]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[3]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[4]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[5]  Klara Nahrstedt,et al.  On finding multi-constrained paths , 1998, ICC '98. 1998 IEEE International Conference on Communications. Conference Record. Affiliated with SUPERCOMM'98 (Cat. No.98CH36220).

[6]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[7]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[8]  Dakshi Agrawal,et al.  Limits of Anonymity in Open Environments , 2002, Information Hiding.

[9]  Roger Dingledine,et al.  From a Trickle to a Flood: Active Attacks on Several Mix Types , 2002, Information Hiding.

[10]  Jianer Chen,et al.  An analysis of forwarding mechanism in crowds , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[11]  George Danezis,et al.  Statistical Disclosure Attacks , 2003, SEC.

[12]  G Danezis,et al.  Statistical disclosure attacks: Traffic confirmation in open environments , 2003 .

[13]  George Danezis Traffic Confirmation in Open Environments , 2003 .

[14]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[15]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[16]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[17]  Micah Adler,et al.  The predecessor attack: An analysis of a threat to anonymous communications systems , 2004, TSEC.

[18]  Matthew K. Wright,et al.  Timing Attacks in Low-Latency Mix Systems (Extended Abstract) , 2004, Financial Cryptography.

[19]  Riccardo Bettati,et al.  SAS: A Scalar Anonymous Communication System , 2005, ICCNMC.

[20]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[21]  Teemupekka Virtanen,et al.  BT-Crowds: Crowds-Style Anonymity with Bluetooth and Java , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[22]  Kaoru Sezaki,et al.  Silent Cascade: Enhancing Location Privacy Without Communication QoS Degradation , 2006, SPC.

[23]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[24]  Kevin S. Bauer,et al.  Low-Resource Routing Attacks Against Anonymous Systems , 2007 .

[25]  Roberto Di Pietro,et al.  VIPER: A vehicle-to-infrastructure communication privacy enforcement protocol , 2007, 2007 IEEE Internatonal Conference on Mobile Adhoc and Sensor Systems.

[26]  Dirk Grunwald,et al.  Low-resource routing attacks against tor , 2007, WPES '07.

[27]  Giuseppe Bianchi,et al.  The SPARTA pseudonym and authorization system , 2008, Sci. Comput. Program..

[28]  Mudhakar Srivatsa,et al.  Preserving Caller Anonymity in Voice-over-IP Networks , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[29]  Xinwen Fu,et al.  On performance bottleneck of anonymous communication networks , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing.

[30]  Yuhong Yang Elements of Information Theory (2nd ed.). Thomas M. Cover and Joy A. Thomas , 2008 .

[31]  O.K. Tonguz,et al.  What is the Best Achievable QoS for Unicast Routing in VANETs? , 2008, 2008 IEEE Globecom Workshops.

[32]  Andriy Panchenko,et al.  Crowds Revisited : Practically Effective Predecessor Attack , 2009 .

[33]  Jordi Forné,et al.  Private location-based information retrieval through user collaboration , 2010, Comput. Commun..

[34]  Ralf Steinmetz,et al.  Evaluating the QoS Impact of Web Service Anonymity , 2010, 2010 Eighth IEEE European Conference on Web Services.

[35]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[36]  Ba Di Ya,et al.  Matrix Analysis , 2011 .

[37]  Nan Jiang,et al.  Measuring Anonymity by Profiling Probability Distributions , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[38]  Jordi Forné,et al.  On the measurement of privacy as an attacker’s estimation error , 2012, International Journal of Information Security.