Collaborative attack on Internet users' anonymity

Purpose – The purpose of this paper is to model and study the effectiveness of an attack on the anonymity of Internet users by a group of collaborating eavesdroppers.Design/methodology/approach – The paper is based on an analysis of the Internet topology. The study is based on two methods for choosing nodes that contribute the most to the detection of as many communicating Internet users as possible.Findings – The paper illustrates that it is possible to compromise the anonymity of many Internet users when eavesdropping on a relatively small number of nodes, even when the most central ones are protected from eavesdropping.Research limitations/implications – It is assumed that the Internet users under attack are not using any anonymity enhancing technologies, but nodes can be protected from eavesdropping. It proposes a measure of the success of an attack on Internet users' anonymity, for a given deployment of collaborating eavesdroppers in the Internet.Practical implications – The paper shows that several,...

[1]  Tsvi Kuflik,et al.  PRAW - A PRivAcy model for the Web , 2005, J. Assoc. Inf. Sci. Technol..

[2]  Joos Vandewalle,et al.  Solutions for anonymous communication on the Internet , 1999, Proceedings IEEE 33rd Annual 1999 International Carnahan Conference on Security Technology (Cat. No.99CH36303).

[3]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[4]  Andreas Pfitzmann,et al.  Networks Without User Observability: Design Options , 1985, EUROCRYPT.

[5]  Kai Hwang,et al.  Collaborative Internet worm containment , 2005, IEEE Security & Privacy Magazine.

[6]  Ulrik Brandes,et al.  On variants of shortest-path betweenness centrality and their generic computation , 2008, Soc. Networks.

[7]  Stefanos Gritzalis,et al.  Enhancing Web privacy and anonymity in the digital era , 2004, Inf. Manag. Comput. Secur..

[8]  Rami Puzis,et al.  Fast algorithm for successive computation of group betweenness centrality. , 2007, Physical review. E, Statistical, nonlinear, and soft matter physics.

[9]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[10]  Ronggong Song,et al.  Review of Network-Based Approaches for Privacy , 2002 .

[11]  Fikret Sivrikaya,et al.  A Combinatorial Approach to Measuring Anonymity , 2007, 2007 IEEE Intelligence and Security Informatics.

[12]  Yossi Matias,et al.  How to Make Personalized Web Browising Simple, Secure, and Anonymous , 1997, Financial Cryptography.

[13]  Hannes Federrath,et al.  Project “anonymity and unobservability in the Internet” , 2000, CFP '00.

[14]  Joos Vandewalle,et al.  Revocable anonymous access to the Internet? , 2003, Internet Res..

[15]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[16]  S. Strogatz Exploring complex networks , 2001, Nature.

[17]  Petter Holme,et al.  Congestion and Centrality in Traffic Flow on Complex Networks , 2003, Adv. Complex Syst..

[18]  J. Boyan DATA AND INFORMATION COLLECTION ON THE NET The Anonymizer Protecting User Privacy on the Web , 1997 .

[19]  Leonard M. Freeman,et al.  A set of measures of centrality based upon betweenness , 1977 .

[20]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[21]  Mary K. Vernon,et al.  Mapping Internet Sensors with Probe Response Attacks , 2005, USENIX Security Symposium.

[22]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[23]  A. Barabasi,et al.  Scale-free characteristics of random networks: the topology of the world-wide web , 2000 .

[24]  Michael K. Reiter,et al.  Anonymous Web transactions with Crowds , 1999, CACM.

[25]  A. Pfitzmann,et al.  Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management – A Consolidated Proposal for Terminology , 2002 .

[26]  M. Barthelemy Betweenness centrality in large complex networks , 2003, cond-mat/0309436.

[27]  Andreas Pfitzmann,et al.  Networks without user observability , 1987, Comput. Secur..

[28]  Stanley Wasserman,et al.  Social Network Analysis: Methods and Applications , 1994, Structural analysis in the social sciences.

[29]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[30]  U. Brandes A faster algorithm for betweenness centrality , 2001 .

[31]  Vitaly Shmatikov,et al.  Security against probe-response attacks in collaborative intrusion detection , 2007, LSAD '07.

[32]  S. Borgatti,et al.  The centrality of groups and classes , 1999 .

[33]  Somesh Jha,et al.  Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.

[34]  Rami Puzis,et al.  Finding the most prominent group in complex networks , 2007, AI Commun..

[35]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[36]  D. West Introduction to Graph Theory , 1995 .

[37]  Brian Neil Levine,et al.  A protocol for anonymous communication over the Internet , 2000, CCS.

[38]  Alessandro Vespignani,et al.  Large-scale topological and dynamical properties of the Internet. , 2001, Physical review. E, Statistical, nonlinear, and soft matter physics.

[39]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.

[40]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[41]  Bo Hu,et al.  Efficient routing on complex networks. , 2006, Physical review. E, Statistical, nonlinear, and soft matter physics.

[42]  Michalis Faloutsos,et al.  On power-law relationships of the Internet topology , 1999, SIGCOMM '99.