Introducing Accountability to Anonymity Networks

Many anonymous communication (AC) networks rely on routing traffic through proxy nodes to obfuscate the originator of the traffic. Without an accountability mechanism, exit proxy nodes risk sanctions by law enforcement if users commit illegal actions through the AC network. We present BackRef, a generic mechanism for AC networks that provides practical repudiation for the proxy nodes by tracing back the selected outbound traffic to the predecessor node (but not in the forward direction) through a cryptographically verifiable chain. It also provides an option for full (or partial) traceability back to the entry node or even to the corresponding user when all intermediate nodes are cooperating. Moreover, to maintain a good balance between anonymity and accountability, the protocol incorporates whitelist directories at exit proxy nodes. BackRef offers improved deployability over the related work, and introduces a novel concept of pseudonymous signatures that may be of independent interest. We exemplify the utility of BackRef by integrating it into the onion routing (OR) protocol, and examine its deployability by considering several system-level aspects. We also present the security definitions for the BackRef system (namely, anonymity, backward traceability, no forward traceability, and no false accusation) and conduct a formal security analysis of the OR protocol with BackRef using ProVerif, an automated cryptographic protocol verifier, establishing the aforementioned security properties against a strong adversarial model.

[1]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[2]  George Danezis,et al.  Sphinx: A Compact and Provably Secure Mix Format , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[3]  Andreas Haeberlen,et al.  Fighting Cybercrime with Packet Attestation , 2011 .

[4]  Sean W. Smith,et al.  Nymble: Anonymous IP-Address Blocking , 2007, Privacy Enhancing Technologies.

[5]  Ian Goldberg,et al.  Formalizing Anonymous Blacklisting Systems , 2011, 2011 IEEE Symposium on Security and Privacy.

[6]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[7]  Jan Camenisch,et al.  A Formal Treatment of Onion Routing , 2005, CRYPTO.

[8]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[9]  Aniket Kate,et al.  Ace: an efficient key-exchange protocol for onion routing , 2012, WPES '12.

[10]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[11]  David A. Wagner,et al.  Privacy-enhancing technologies for the Internet , 1997, Proceedings IEEE COMPCON 97. Digest of Papers.

[12]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[13]  David Wolinsky,et al.  Proactively Accountable Anonymous Messaging in Verdict , 2012, USENIX Security Symposium.

[14]  Nicholas Hopper,et al.  Breaking and Provably Fixing Minx , 2008, Privacy Enhancing Technologies.

[15]  Ian Goldberg,et al.  Using Sphinx to Improve Onion Routing Circuit Construction , 2010, Financial Cryptography.

[16]  Rosario Gennaro,et al.  Certificateless onion routing , 2009, CCS.

[17]  David Wolinsky,et al.  Dissent in Numbers: Making Strong Anonymity Scale , 2012, OSDI.

[18]  Nicholas Hopper,et al.  Selectively Traceable Anonymity , 2006, Privacy Enhancing Technologies.

[19]  Bart Preneel,et al.  Accountable Anonymous Communication , 2007, Security, Privacy, and Trust in Modern Data Management.

[20]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[21]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[22]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[23]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[24]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[25]  George Danezis,et al.  How to Bypass Two Anonymity Revocation Schemes , 2008, Privacy Enhancing Technologies.

[26]  Hannes Federrath,et al.  Revocable Anonymity , 2006, Emerging Trends in Information and Communication Security.

[27]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[28]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[29]  Peter Palfrader,et al.  Mixmaster protocol --- version 2 , 2000 .

[30]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[31]  Philippe Golle,et al.  Reputable Mix Networks , 2004, Privacy Enhancing Technologies.

[32]  Bryan Ford,et al.  Dissent: accountable anonymous group messaging , 2010, CCS '10.

[33]  Ian Goldberg,et al.  Pairing-Based Onion Routing with Improved Forward Secrecy , 2010, TSEC.

[34]  Ian Goldberg,et al.  Provably Secure and Practical Onion Routing , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[35]  Prateek Mittal,et al.  ShadowWalker: peer-to-peer anonymous communication using redundant structured topologies , 2009, CCS.

[36]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[37]  Paul F. Syverson,et al.  Improving Efficiency and Simplicity of Tor Circuit Establishment and Hidden Services , 2007, Privacy Enhancing Technologies.

[38]  Carmela Troncoso,et al.  Drac: An Architecture for Anonymous Low-Volume Communications , 2010, Privacy Enhancing Technologies.