The predecessor attack: An analysis of a threat to anonymous communications systems

There have been a number of protocols proposed for anonymous network communication. In this paper, we investigate attacks by corrupt group members that degrade the anonymity of each protocol over time. We prove that when a particular initiator continues communication with a particular responder across path reformations, existing protocols are subject to the attack. We use this result to place an upper bound on how long existing protocols, including Crowds, Onion Routing, Hordes, Web Mixes, and DC-Net, can maintain anonymity in the face of the attacks described. This provides a basis for comparing these protocols against each other. Our results show that fully connected DC-Net is the most resilient to these attacks, but it suffers from scalability issues that keep anonymity group sizes small. We also show through simulation that the underlying topography of the DC-Net affects the resilience of the protocol: as the number of neighbors a node has increases the strength of the protocol increases, at the cost of higher communication overhead.

[1]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[2]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[3]  Michael Waidner,et al.  Unconditional Sender and Recipient Untraceability in Spite of Active Attacks , 1990, EUROCRYPT.

[4]  David A. Wagner,et al.  TAZ Servers and the Rewebber Network: Enabling Anonymous Publishing on the World Wide Web , 1998, First Monday.

[5]  Birgit Pfitzmann,et al.  The Dining Cryptographers in the Disco - Underconditional Sender and Recipient Untraceability with Computationally Secure Serviceability (Abstract) , 1990, EUROCRYPT.

[6]  Stuart Staniford-Chen,et al.  Holding intruders accountable on the Internet , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[7]  Steven Homer,et al.  Local anonymity in the internet , 1999 .

[8]  B. Bhattacharjee,et al.  A Protocol for Scalable Anonymous Communication , 1999 .

[9]  Ravi Sandhu,et al.  ACM Transactions on Information and System Security: Editorial , 2005 .

[10]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[11]  Micah Adler,et al.  An Analysis of the Degradation of Anonymous Protocols , 2002, NDSS.

[12]  Rajeev Motwani,et al.  Randomized algorithms , 1996, CSUR.

[13]  Brian Neil Levine,et al.  A protocol for anonymous communication over the Internet , 2000, CCS.

[14]  Aravind Srinivasan,et al.  P/sup 5/ : a protocol for scalable anonymous communication , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[15]  Dogan Kesdogan,et al.  Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System , 1998, Information Hiding.

[16]  Micah Adler,et al.  Defending anonymous communications against passive logging attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[17]  Hiroaki Etoh,et al.  Finding a Connection Chain for Tracing Intruders , 2000, ESORICS.

[18]  H. T. Kung,et al.  An IP-layer anonymizing infrastructure , 2002, MILCOM 2002. Proceedings.

[19]  Birgit Pfitzmann,et al.  ISDN-MIXes: Untraceable Communication with Small Bandwidth Overhead , 1991, Kommunikation in Verteilten Systemen.

[20]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[21]  Aravind Srinivasan,et al.  P/sup 5/ : a protocol for scalable anonymous communication , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[22]  Li Xiao,et al.  Low-Cost and Reliable Mutual Anonymity Protocols in Peer-to-Peer Networks , 2003, IEEE Trans. Parallel Distributed Syst..

[23]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[24]  Dimitri P. Bertsekas,et al.  Data Networks , 1986 .

[25]  Bernhard Plattner,et al.  Introducing MorphMix: peer-to-peer based anonymous Internet usage with collusion detection , 2002, WPES '02.

[26]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[27]  Vitaly Shmatikov,et al.  Probabilistic analysis of anonymity , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[28]  Hannes Federrath,et al.  Project “anonymity and unobservability in the Internet” , 2000, CFP '00.

[29]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[30]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[31]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[32]  Paul F. Syverson,et al.  Group Principals and the Formalization of Anonymity , 1999, World Congress on Formal Methods.

[33]  Brian Neil Levine,et al.  Responder anonymity and anonymous peer-to-peer file sharing , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[34]  Russ Bubley,et al.  Randomized algorithms , 1995, CSUR.