Provable anonymity

This paper provides a formal framework for the analysis of information hiding properties of anonymous communication protocols in terms of epistemic logic.The key ingredient is our notion of observational equivalence, which is based on the cryptographic structure of messages and relations between otherwise random looking messages. Two runs are considered observationally equivalent if a spy cannot discover any meaningful distinction between them.We illustrate our approach by proving sender anonymity and unlinkability for two anonymizing protocols, Onion Routing and Crowds. Moreover, we consider a version of Onion Routing in which we inject a subtle error and show how our framework is capable of capturing this flaw.

[1]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[2]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[3]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[4]  Ronald Fagin,et al.  Reasoning about knowledge , 1995 .

[5]  M. de Rijke,et al.  Modal Logic , 2001, Cambridge Tracts in Theoretical Computer Science.

[6]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[7]  Joshua D. Guttman Key Compromise, Strand Spaces, and the Authentication Tests , 2001, MFPS.

[8]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[9]  Joseph Y. Halpern,et al.  Anonymity and information hiding in multiagent systems , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[10]  Erik P. de Vink,et al.  A Formalization of Anonymity and Onion Routing , 2004, ESORICS.

[11]  Vitaly Shmatikov,et al.  Probabilistic Model Checking of an Anonymity System , 2004 .

[12]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption) , 2007, Journal of Cryptology.

[13]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[14]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[15]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[16]  Vitaly Shmatikov Probabilistic analysis of an anonymity system , 2004, J. Comput. Secur..

[17]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[18]  Andrei Serjantov,et al.  On the anonymity of anonymity systems , 2004 .