Anonymity Metrics Revisited

In 2001, two information theoretic anonymity metrics were proposed: the "effective anonymity set size" and the "degree of anonymity". In this talk, we propose an abstract model for a general anonymity system which is consistent with the definition of anonymity on which the metrics are based. We revisit entropy-based anonymity metrics, and we apply them to Crowds, a practical anonymity system. We discuss the differences between the two metrics and the results obtained in the example.

[1]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[2]  Andreas Pfitzmann,et al.  The Disadvantages of Free MIX Routes and how to Overcome Them , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[3]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[4]  Hannes Federrath Designing Privacy Enhancing Technologies , 2001, Lecture Notes in Computer Science.

[5]  Bart Preneel,et al.  Reasoning About the Anonymity Provided by Pool Mixes That Generate Dummy Traffic , 2004, Information Hiding.

[6]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[7]  Claudia Díaz,et al.  Comparison Between Two Practical Mix Designs , 2004, ESORICS.

[8]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.