Anonymity and closely related terms in the cyberspace: An analysis by example

Anonymity is generally conceived to be an integral part of user's right to privacy. Without anonymity, many online activities would become prone to eavesdropping, making them potentially risky to use. This work highlights on the different aspects closely related to anonymity and argues that it is rather a multifaceted and contextual concept. To support this argumentation, the paper examines as a dual case study the ways anonymity is conceptualised in the case of two well-established but dissimilar protocols employed in the cyberspace on a wide-scale; that is, SIP and Kerberos ones. By surveying the research done for preserving anonymity (and privacy in general) in the context of the aforementioned protocols several useful observations emerge. Our aim is to contribute towards acquiring a comprehensive view of this particular research area, mainly by examining how anonymity is put to work in practice. As a result, the work at hand can also be used as a reference for anyone interested in grasping the diverse facets of this constantly developing research field.

[1]  Bülent Yener,et al.  On anonymity in an electronic society: A survey of anonymous communication systems , 2009, CSUR.

[2]  Roberto Gorrieri,et al.  Foundations of Security Analysis and Design VII , 2014, Lecture Notes in Computer Science.

[3]  Antonio F. Gómez-Skarmeta,et al.  Privacy-enhanced fast re-authentication for EAP-based next generation network , 2010, Comput. Commun..

[4]  Jon Peterson,et al.  A Privacy Mechanism for the Session Initiation Protocol (SIP) , 2002, RFC.

[5]  Jie Wu,et al.  Survey on anonymous communications in computer networks , 2010, Comput. Commun..

[6]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[7]  Henning Schulzrinne,et al.  A VoIP Privacy Mechanism and its Application in VoIP Peering for Voice Service Provider Topology and Identity Hiding , 2008, ArXiv.

[8]  Hovav Shacham,et al.  Randomizable Proofs and Delegatable Anonymous Credentials , 2009, CRYPTO.

[9]  Hannes Tschofenig Federated Authentication Beyond The Web: Problem Statement and Requirements , 2010 .

[10]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[11]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[12]  Paul Ohm Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization , 2009 .

[13]  Félix Gómez Mármol,et al.  To Federate or Not To Federate: A Reputation-Based Mechanism to Dynamize Cooperation in Identity Management , 2014, Wirel. Pers. Commun..

[14]  K. Cameron,et al.  The Laws of Identity , 2005 .

[15]  Antonio F. Gómez-Skarmeta,et al.  PrivaKERB: A user privacy framework for Kerberos , 2011, Comput. Secur..

[16]  Jan Camenisch,et al.  Concepts and languages for privacy-preserving attribute-based authentication , 2013, J. Inf. Secur. Appl..

[17]  George Danezis,et al.  Statistical Disclosure Attacks , 2003, SEC.

[18]  Ge Zhang,et al.  A survey on anonymous voice over IP communication: attacks and defenses , 2014 .

[19]  Masaki Shimaoka,et al.  Memorandum for Multi-Domain Public Key Infrastructure Interoperability , 2008, RFC.

[20]  Lin Yang,et al.  A survey of Identity Management technology , 2010, 2010 IEEE International Conference on Information Theory and Information Security.

[21]  Vicent J. Botti,et al.  Partial identities as a foundation for trust and reputation , 2011, Eng. Appl. Artif. Intell..

[22]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[23]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[24]  Blake Ramsdell,et al.  Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification , 2004, RFC.

[25]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[26]  Jacquelyn Burkell Anonymity in Behavioural Research: Not Being Unnamed, but Being Unknown , 2007 .

[27]  Antonio Ruiz-Martínez,et al.  A survey on solutions and main free tools for privacy enhancing Web communications , 2012, J. Netw. Comput. Appl..

[28]  Dan Simon,et al.  PPP EAP TLS Authentication Protocol , 1999, RFC.

[29]  Sam Hartman,et al.  A Generalized Framework for Kerberos Pre-Authentication , 2011, RFC.

[30]  David Davenport,et al.  Anonymity on the Internet: why the price may be too high , 2002, CACM.

[31]  Mark Handley,et al.  SDP: Session Description Protocol , 1998, RFC.

[32]  Jon Peterson,et al.  Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks , 2002, RFC.

[33]  Sam Hartman,et al.  Application Bridging for Federation Beyond the Web (ABFAB) Trust Router Protocol , 2013 .

[34]  Mark Ryan,et al.  On Anonymity with Identity Escrow , 2005, Formal Aspects in Security and Trust.

[35]  Marit Hansen,et al.  Privacy Terminology and Concepts , 2012 .

[36]  Antonio F. Gómez-Skarmeta,et al.  KAMU: providing advanced user privacy in Kerberos multi-domain scenarios , 2013, International Journal of Information Security.

[37]  Jonathan D. Rosenberg,et al.  Obtaining and Using Globally Routable User Agent URIs (GRUUs) in the Session Initiation Protocol (SIP) , 2009, RFC.

[38]  Georgios Kambourakis,et al.  A framework for identity privacy in SIP , 2010, J. Netw. Comput. Appl..

[39]  Henning Olesen,et al.  Keeping Identity Private , 2011, IEEE Vehicular Technology Magazine.

[40]  Bernard Aboba,et al.  Extensible Authentication Protocol (EAP) , 2004, RFC.

[41]  Félix Gómez Mármol,et al.  Towards the integration of reputation management in OpenID , 2014, Comput. Stand. Interfaces.

[42]  Dan Simon,et al.  The EAP-TLS Authentication Protocol , 2008, RFC.

[43]  Omer Tene,et al.  Privacy: The New Generations , 2011 .

[44]  Josephine Wolff Application-layer design patterns for accountable-anonymous online identities , 2013 .

[45]  Minjeong Kim The Right to Anonymous Association in Cyberspace: US Legal Protection for Anonymity in Name, in Face, and in Action , 2010 .

[46]  Simon Josefsson,et al.  Internet Engineering Task Force (ietf) Using Kerberos Version 5 over the Transport Layer Security (tls) Protocol , 2011 .

[47]  David W. Chadwick,et al.  Federated Identity Management , 2009, FOSAD.

[48]  Jean-Marc Seigneur,et al.  Chapter 4 – Online Identity and User Management Services , 2013 .

[49]  Georgios Kambourakis,et al.  PrivaSIP: Ad-hoc identity privacy in SIP , 2011, Comput. Stand. Interfaces.

[50]  Takumi Ohba,et al.  User-Agent-Driven Privacy Mechanism for SIP , 2010, RFC.

[51]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[52]  Gabriel López Millán,et al.  Out-of-band federated authentication for Kerberos based on PANA , 2013, Comput. Commun..

[53]  Jacques Stern,et al.  Sharing Decryption in the Context of Voting or Lotteries , 2000, Financial Cryptography.

[54]  Pernille Wegener Jessen,et al.  Profiling the mobile customer - Privacy concerns when behavioural advertisers target mobile phones - Part I , 2010, Comput. Law Secur. Rev..

[55]  Joseph Salowey,et al.  Update to the EAP Applicability Statement for ABFAB , 2012 .

[56]  Ari Medvinsky,et al.  Anonymous Credentials in Kerberos , 1997 .

[57]  Holger Vogt,et al.  Offline Payments with Auditable Tracing , 2002, Financial Cryptography.

[58]  Larry Zhu,et al.  Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) , 2006, RFC.

[59]  Stephen T. Kent,et al.  Traceable Anonymous Certificate , 2009, RFC.

[60]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[61]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.