AnoA: A Framework for Analyzing Anonymous Communication Protocols

Anonymous communication (AC) protocols such as the widely used Tor network have been designed to provide anonymity over the Internet to their participating users. While AC protocols have been the subject of several security and anonymity analyses in the last years, there still does not exist a framework for analyzing these complex systems and their different anonymity properties in a unified manner.   In this work we present AnoA: a generic framework for defining, analyzing, and quantifying anonymity properties for AC protocols. In addition to quantifying the (additive) advantage of an adversary in an indistinguishability-based definition, AnoA uses a multiplicative factor, inspired from differential privacy. AnoA enables a unified quantitative analysis of well-established anonymity properties, such as sender anonymity, sender unlinkability, and relationship anonymity. AnoA modularly specifies adversarial capabilities by a simple wrapper-construction, called adversary classes. We examine the structure of these adversary classes and identify conditions under which it suffices to establish anonymity guarantees for single messages in order to derive guarantees for arbitrarily many messages. This then leads us to the definition of Plug’n’Play adversary classes (PAC), which are easy-to-use, expressive, and satisfy this condition. We prove that our framework is compatible with the universal composability (UC) framework and show how to apply AnoA to a simplified version of Tor against passive adversaries, leveraging a recent realization proof in the UC framework.

[1]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[2]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[3]  Vitaly Shmatikov Probabilistic analysis of an anonymity system , 2004, J. Comput. Secur..

[4]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[5]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[6]  George Danezis,et al.  Sphinx: A Compact and Provably Secure Mix Format , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[7]  Paul F. Syverson,et al.  Group Principals and the Formalization of Anonymity , 1999, World Congress on Formal Methods.

[8]  Joan Feigenbaum,et al.  Probabilistic analysis of onion routing in a black-box model , 2012, TSEC.

[9]  Sachin Lodha,et al.  Probabilistic Anonymity , 2007, PinKDD.

[10]  Steve A. Schneider,et al.  CSP and Anonymity , 1996, ESORICS.

[11]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[12]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[13]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[14]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[15]  Michael Backes,et al.  Cryptographically Sound and Machine-Assisted Verification of Security Protocols , 2003, STACS.

[16]  Harsha V. Madhyastha,et al.  LASTor: A Low-Latency AS-Aware Tor Client , 2012, IEEE/ACM Transactions on Networking.

[17]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[18]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[19]  Michael Backes,et al.  TUC: Time-Sensitive and Modular Analysis of Anonymous Communication , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[20]  Thomas Ristenpart,et al.  Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail , 2012, 2012 IEEE Symposium on Security and Privacy.

[21]  Yehuda Lindell,et al.  Session-Key Generation Using Human Passwords Only , 2001, Journal of Cryptology.

[22]  Gavin O'Gorman,et al.  Improving stream correlation attacks on anonymous networks , 2009, SAC '09.

[23]  Ian Goldberg,et al.  Provably Secure and Practical Onion Routing , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[24]  Omer Reingold,et al.  Computational Differential Privacy , 2009, CRYPTO.

[25]  Ian Goldberg,et al.  Using Sphinx to Improve Onion Routing Circuit Construction , 2010, Financial Cryptography.

[26]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[27]  Douglas Wikström,et al.  A Universally Composable Mix-Net , 2004, TCC.

[28]  Douglas S. Reeves,et al.  Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones , 2002, ESORICS.

[29]  George Danezis,et al.  Denial of service or denial of security? , 2007, CCS '07.

[30]  Dennis Hofheinz,et al.  Possibility and Impossibility Results for Selective Decommitments , 2011, Journal of Cryptology.

[31]  Ian Goldberg,et al.  Changing of the guards: a framework for understanding and improving entry guard selection in tor , 2012, WPES '12.

[32]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[33]  Daniele Micciancio,et al.  An Indistinguishability-Based Characterization of Anonymous Channels , 2008, Privacy Enhancing Technologies.

[34]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[35]  Micah Sherr,et al.  Users get routed: traffic correlation on tor by realistic adversaries , 2013, CCS.

[36]  Joan Feigenbaum,et al.  A Model of Onion Routing with Provable Anonymity , 2007, Financial Cryptography.

[37]  Dennis Hofheinz,et al.  GNUC: A New Universal Composability Framework , 2015, Journal of Cryptology.

[38]  Amir Herzberg,et al.  On the limits of provable anonymity , 2013, IACR Cryptol. ePrint Arch..

[39]  Joseph Y. Halpern,et al.  Anonymity and information hiding in multiagent systems , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[40]  Johannes Gehrke,et al.  Towards Privacy for Social Networks: A Zero-Knowledge Based Definition of Privacy , 2011, TCC.

[41]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[42]  Micah Adler,et al.  Defending anonymous communications against passive logging attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[43]  Johannes Gehrke,et al.  Crowd-Blending Privacy , 2012, IACR Cryptol. ePrint Arch..

[44]  Birgit Pfitzmann,et al.  The reactive simulatability (RSIM) framework for asynchronous systems , 2007, Inf. Comput..

[45]  Michael Backes,et al.  Your choice MATor(s) : large-scale quantitative anonymity assessment of Tor path selection algorithms against structural attacks , 2015, PETS 2015.

[46]  Jan Camenisch,et al.  A Formal Treatment of Onion Routing , 2005, CRYPTO.

[47]  Aniket Kate,et al.  Secrecy Without Perfect Randomness: Cryptography with (Bounded) Weak Sources , 2015, ACNS.

[48]  Brijesh Joshi,et al.  Touching from a distance: website fingerprinting attacks and defenses , 2012, CCS.

[49]  Vitaly Shmatikov,et al.  Measuring relationship anonymity in mix networks , 2006, WPES '06.

[50]  Aniket Kate,et al.  (Nothing else) MATor(s): Monitoring the Anonymity of Tor's Path Selection , 2014, IACR Cryptol. ePrint Arch..

[51]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[52]  Moni Naor,et al.  Our Data, Ourselves: Privacy Via Distributed Noise Generation , 2006, EUROCRYPT.

[53]  Thomas Engel,et al.  Website fingerprinting in onion routing based anonymization networks , 2011, WPES.

[54]  Carmela Troncoso,et al.  Revisiting a combinatorial approach toward measuring anonymity , 2008, WPES '08.

[55]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[56]  Ana Sokolova,et al.  Information Hiding in Probabilistic Concurrent Systems , 2010, 2010 Seventh International Conference on the Quantitative Evaluation of Systems.

[57]  Claudia Díaz Anonymity Metrics Revisited , 2005, Anonymous Communication and its Applications.

[58]  Roger Dingledine,et al.  Performance Improvements on Tor or, Why Tor is slow and what we're going to do about it , 2009 .

[59]  Vitaly Shmatikov,et al.  Information Hiding, Anonymity and Privacy: a Modular Approach , 2004, J. Comput. Secur..

[60]  Bart Preneel,et al.  Reasoning About the Anonymity Provided by Pool Mixes That Generate Dummy Traffic , 2004, Information Hiding.

[61]  Bryan Ford,et al.  Dissent: accountable anonymous group messaging , 2010, CCS '10.

[62]  Erik P. de Vink,et al.  A Formalization of Anonymity and Onion Routing , 2004, ESORICS.

[63]  Aniket Kate,et al.  AnoA: A Framework for Analyzing Anonymous Communication Protocols , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.