Anonymity and certification: e-mail, a case study

Awareness of legal constraints regarding the use and provision of electronic systems, leads us to question the feasibility and applicability of technical solutions that take into account security and privacy regulations. We discuss the issue with reference to directives of the European Community and Italian legislation. In particular we study the case of e-mail, proposing a protocol that retains as many characteristics of the e-mail as possible, yet allowing for complete anonymity and proofs of correct deploy. We discuss the implications of taking anonymity to the extremes and evaluate the limits of the protocol.

[1]  Marc Langheinrich,et al.  A Privacy Awareness System for Ubiquitous Computing Environments , 2002, UbiComp.

[2]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[3]  Alois Ferscha,et al.  Securing Passive Objects in Mobile Ad-Hoc Peer-to-Peer Networks , 2003, SecCo.

[4]  Andreas Pfitzmann,et al.  Value exchange systems enabling security and unobservability , 1990, Comput. Secur..

[5]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[6]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[7]  Marit Hansen,et al.  Privacy-enhancing identity management , 2004, Inf. Secur. Tech. Rep..

[8]  Michael Waidner,et al.  Unconditional Sender and Recipient Untraceability in Spite of Active Attacks , 1990, EUROCRYPT.

[9]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[10]  Andreas Pfitzmann,et al.  Networks Without User Observability: Design Options , 1985, EUROCRYPT.

[11]  Birgit Pfitzmann,et al.  ISDN-MIXes: Untraceable Communication with Small Bandwidth Overhead , 1991, Kommunikation in Verteilten Systemen.

[12]  Robert Liebendorfer Mind, self and society , 1960 .

[13]  Paul F. Syverson,et al.  Authentic Attributes with Fine-Grained Anonymity Protection , 2000, Financial Cryptography.

[14]  Giusella Dolores Finocchiaro Diritto dell'informatica , 2001 .

[15]  Roland Riz Das italienische Strafgesetzbuch : vom 19. Oktober 1930 = Il Codice penale Italiano : regio decreto 19 ottobre 1930 n. 1398 , 1969 .

[16]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[17]  Hannes Federrath,et al.  Modeling the Security of Steganographic Systems , 1998, Information Hiding.

[18]  Birgit Pfitzmann,et al.  Information Hiding Terminology - Results of an Informal Plenary Meeting and Additional Proposals , 1996, Information Hiding.

[19]  David A. Cooper,et al.  Preserving privacy in a network of mobile computers , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[20]  Lavinia Egidi,et al.  Minimal Information Disclosure in a Centralized Authorization System , 2003, Electron. Notes Theor. Comput. Sci..

[21]  Markus Jakobsson,et al.  Curbing Junk E-Mail via Secure Classification , 1998, Financial Cryptography.