cMix: Anonymization byHigh-Performance Scalable Mixing

cMix is a suite of cryptographic protocols that can replace today’s dominant chat systems, offering superior confidentiality and anonymity, while providing comparable performance to users. cMix permutes batches of uniform-length messages through a fixed cascade of nodes and moves all expensive public-key operations into precomputations that can be carried out using separate dedicated hardware at each node. cMix provides payload secrecy, sender-recipient unlinkability, sender anonymity, and sender authentication for recipients, unless all cMix nodes are compromised. For each batch, the adversary may know all senders and all recipients of traffic in the underlying packet-switched network, yet the adversary cannot link any sender to recipient. cMix provides fast delivery of messages, in both the forward and reverse directions, by having each node perform only a small number of symmetric-key and simple group operations (no modular exponentiations) in real time. Performance benefits include moderately low latency (despite large batch sizes) and efficient utilization of node machines. Senders (e.g., smartphones) perform their part of the cMix real-time protocols with similarly modest amounts of computation, resulting in negligible additional delay, battery, or bandwidth usage. The performance of cMix scales linearly in terms of the number of nodes, users, and messages, Our presentation includes a detailed specification of cMix, simulation-based security proofs, and anonymity analysis. We have implemented cMix on clients on the Android platform, and we give performance analysis, both modelled and measured, of two working prototypes currently running in the cloud.

[1]  Moni Naor,et al.  Distributed Pseudo-random Functions and KDCs , 1999, EUROCRYPT.

[2]  Carmela Troncoso,et al.  A Least Squares approach to user profiling in pool mix-based anonymous communication systems , 2012, 2012 IEEE International Workshop on Information Forensics and Security (WIFS).

[3]  David Martin,et al.  Privacy Enhancing Technologies, 4th International Workshop, PET 2004, Toronto, Canada, May 26-28, 2004, Revised Selected Papers , 2005, Privacy Enhancing Technologies.

[4]  Masayuki Abe,et al.  A Length-Invariant Hybrid Mix , 2000, ASIACRYPT.

[5]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[6]  Jessica Fridrich,et al.  Information Hiding, 6th International Workshop, IH 2004, Toronto, Canada, May 23-25, 2004, Revised Selected Papers , 2004, Information Hiding.

[7]  Ian Goldberg,et al.  Anonymity and one-way authentication in key exchange protocols , 2012, Designs, Codes and Cryptography.

[8]  A. Juels,et al.  Universal Re-encryption for Mixnets , 2004, CT-RSA.

[9]  Ben Adida,et al.  Offline/Online Mixing , 2007, ICALP.

[10]  Roger Dingledine,et al.  Privacy enhancing technologies : Second International Workshop, PET 2002, San Francisco, CA, USA, April 14-15, 2002 : revised papers , 2003 .

[11]  Aniket Kate,et al.  Ace: an efficient key-exchange protocol for onion routing , 2012, WPES '12.

[12]  Markus Jakobsson,et al.  An optimally robust hybrid mix network , 2001, PODC '01.

[13]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[14]  Peter Palfrader,et al.  Mixmaster protocol --- version 2 , 2000 .

[15]  George Danezis,et al.  The Traffic Analysis of Continuous-Time Mixes , 2004, Privacy Enhancing Technologies.

[16]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[17]  Micah Sherr,et al.  Users get routed: traffic correlation on tor by realistic adversaries , 2013, CCS.

[18]  George Danezis,et al.  Sphinx: A Compact and Provably Secure Mix Format , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[19]  Prateek Mittal,et al.  RAPTOR: Routing Attacks on Privacy in Tor , 2015, USENIX Security Symposium.

[20]  Abhishek Banerjee,et al.  New and Improved Key-Homomorphic Pseudorandom Functions , 2014, CRYPTO.

[21]  Shahram Khazaei,et al.  Randomized Partial Checking Revisited , 2013, CT-RSA.

[22]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[23]  Birgit Pfitzmann,et al.  How to Break the Direct RSA-Implementation of Mixes , 1990, EUROCRYPT.

[24]  Gene Tsudik,et al.  Mixing E-mail with Babel , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[25]  Birgit Pfitzmann,et al.  Real-time mixes: a bandwidth-efficient anonymity protocol , 1998, IEEE J. Sel. Areas Commun..

[26]  Paul F. Syverson,et al.  Improving Efficiency and Simplicity of Tor Circuit Establishment and Hidden Services , 2007, Privacy Enhancing Technologies.

[27]  Fabien A. P. Petitcolas,et al.  Information hiding : 5th International Workshop, IH 2002, Noordwijkerhout, The Netherlands, October 7-9, 2002 : revised papers , 2003 .

[28]  Bodo Möller,et al.  Provably Secure Public-Key Encryptionfor Length-Preserving Chaumian Mixes , 2003, CT-RSA.

[29]  Ralf Küsters,et al.  Formal Analysis of Chaumian Mix Nets with Randomized Partial Checking , 2014, 2014 IEEE Symposium on Security and Privacy.

[30]  Markus Jakobsson,et al.  Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking , 2002, USENIX Security Symposium.

[31]  Hannes Federrath,et al.  International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability , 2001 .

[32]  Jan Camenisch,et al.  A Formal Treatment of Onion Routing , 2005, CRYPTO.

[33]  Björn Scheuermann,et al.  The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network , 2014, NDSS.

[34]  Nikita Borisov,et al.  Privacy Enhancing Technologies, 7th International Symposium, PET 2007 Ottawa, Canada, June 20-22, 2007, Revised Selected Papers , 2007, Privacy Enhancing Technologies.

[35]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[36]  Ian Goldberg,et al.  Provably Secure and Practical Onion Routing , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[37]  George Danezis,et al.  Minx: a simple and efficient anonymous packet format , 2004, WPES '04.

[38]  Carmela Troncoso,et al.  Two-Sided Statistical Disclosure Attack , 2007, Privacy Enhancing Technologies.

[39]  U Moeller,et al.  Mixmaster Protocol Version 2 , 2004 .

[40]  George Danezis,et al.  Statistical Disclosure or Intersection Attacks on Anonymity Systems , 2004, Information Hiding.

[41]  Pedro Moreno-Sanchez,et al.  P2P Mixing and Unlinkable Bitcoin Transactions , 2017, NDSS.

[42]  Andreas Pfitzmann,et al.  Networks Without User Observability: Design Options , 1985, EUROCRYPT.

[43]  Nicholas Hopper,et al.  Breaking and Provably Fixing Minx , 2008, Privacy Enhancing Technologies.

[44]  Hannes Federrath Designing Privacy Enhancing Technologies , 2001, Lecture Notes in Computer Science.

[45]  Carmela Troncoso,et al.  The bayesian traffic analysis of mix networks , 2009, CCS.

[46]  Aniket Kate,et al.  (Nothing else) MATor(s): Monitoring the Anonymity of Tor's Path Selection , 2014, IACR Cryptol. ePrint Arch..

[47]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[48]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[49]  Roger Dingledine,et al.  A Practical Congestion Attack on Tor Using Long Paths , 2009, USENIX Security Symposium.

[50]  Jordi Forné,et al.  Optimizing the design parameters of threshold pool mixes for anonymity and delay , 2014, Comput. Networks.

[51]  Aniket Kate,et al.  AnoA: A Framework for Analyzing Anonymous Communication Protocols , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[52]  Sam Toueg,et al.  Simulating authenticated broadcasts to derive simple fault-tolerant algorithms , 1987, Distributed Computing.

[53]  Dieter Gollmann,et al.  Computer Security – ESORICS 2003 , 2003, Lecture Notes in Computer Science.

[54]  Andreas Pfitzmann,et al.  The Disadvantages of Free MIX Routes and how to Overcome Them , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[55]  Ian Goldberg,et al.  Using Sphinx to Improve Onion Routing Circuit Construction , 2010, Financial Cryptography.

[56]  Peter Sewell,et al.  Passive Attack Analysis for Connection-Based Anonymity Systems , 2003, ESORICS.

[57]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[58]  Ian Goldberg,et al.  Pairing-Based Onion Routing with Improved Forward Secrecy , 2010, TSEC.

[59]  Markus Jakobsson,et al.  Flash mixing , 1999, PODC '99.

[60]  Hannes Federrath,et al.  Designing Privacy Enhancing Technologies, International Workshop on Design Issues in Anonymity and Unobservability, Berkeley, CA, USA, July 25-26, 2000, Proceedings , 2001, International Workshop on Design Issues in Anonymity and Unobservability.

[61]  George Danezis,et al.  HORNET: High-speed Onion Routing at the Network Layer , 2015, CCS.

[62]  Dan Boneh,et al.  Key Homomorphic PRFs and Their Applications , 2013, CRYPTO.

[63]  Josh Benaloh,et al.  Simple Verifiable Elections , 2006, EVT.

[64]  Douglas Wikström,et al.  A Universally Composable Mix-Net , 2004, TCC.

[65]  Fabien Laguillaumie,et al.  Linearly Homomorphic Encryption from $$\mathsf {DDH}$$ , 2015, CT-RSA.

[66]  Vitaly Shmatikov,et al.  Synchronous Batching: From Cascades to Free Routes , 2004, Privacy Enhancing Technologies.