Anonymous networking amidst active adversaries

The problem of anonymous wireless networking is considered when adversaries who monitor the transmissions in the network are also capable of compromising a fraction of nodes to extract network information. For a given level of network performance, as measured by network throughput, the problem of maximizing anonymity is studied from a game-theoretic perspective. The metric of anonymity considered is the conditional entropy of network routes given the monitored packet transmission times. In order to provide anonymity, a random subset of nodes (referred to as covert relays) are chosen to generate independent transmission schedules. These covert relays, unless compromised, can effectively hide the flow of traffic through them. Depending on the routes and the throughput requirement, the network designer needs to optimize the choice of covert relays such that anonymity is maximized. Whereas, the eavesdropper needs to optimize the choice of nodes to compromise subject to a constraint on maximum number of monitored nodes, such that the anonymity of the network routes is minimized. This problem is posed as a two player zero-sum game, and it is shown that a unique Nash equilibrium exists for a general category of finite networks. Using numerical examples, the tradeoff between the achievable anonymity and the power of the adversary is demonstrated as a function of the throughput for passive and active adversaries.

[1]  Eitan Altman,et al.  Information concealing games , 2010, IEEE Trans. Inf. Theory.

[2]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[3]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[4]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[5]  J. Nash Equilibrium Points in N-Person Games. , 1950, Proceedings of the National Academy of Sciences of the United States of America.

[6]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[7]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[8]  F. Topsøe Entropy and equilibrium via games of complexity , 2004 .

[9]  Yu Liu,et al.  Modelling misbehaviour in ad hoc networks: a game theoretic approach for intrusion detection , 2006, Int. J. Secur. Networks.

[10]  H. Kuhn Classics in Game Theory , 1997 .

[11]  Gene Tsudik,et al.  Mixing E-mail with Babel , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[12]  J. Goodman Note on Existence and Uniqueness of Equilibrium Points for Concave N-Person Games , 1965 .

[13]  Lang Tong,et al.  Anonymous Networking Amidst Eavesdroppers , 2008, IEEE Transactions on Information Theory.

[14]  Nick Mathewson,et al.  Practical Traffic Analysis: Extending and Resisting Statistical Disclosure , 2004, Privacy Enhancing Technologies.

[15]  Eitan Altman,et al.  Information Concealing Games , 2008, IEEE Transactions on Information Theory.

[16]  Riccardo Bettati,et al.  On Flow Correlation Attacks and Countermeasures in Mix Networks , 2004, Privacy Enhancing Technologies.

[17]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[18]  Bruce Hajek,et al.  Hiding traffic flow in communication networks , 1992, MILCOM 92 Conference Record.

[19]  Xiaoyan Hong,et al.  Effective probabilistic approach protecting sensor traffic , 2005, MILCOM 2005 - 2005 IEEE Military Communications Conference.