Towards Practical Attacker Classification for Risk Analysis in Anonymous Communication

There are a number of attacker models in the area of anonymous communication. Most of them are either very simplified or pretty abstract – therefore difficult to generalize or even identify in real networks. While some papers distinct different attacker types, the usual approach is to present an anonymization technique and then to develop an attacker model for it in order to identify properties of the technique. Often such a model is abstract, unsystematic and it is not trivial to identify the exact threats for the end-user of the implemented system. This work follows another approach: we propose a classification of attacker types for the risk analysis and attacker modelling in anonymous communication independently of the concrete technique. The classes are designed in the way, that their meaning can be easily communicated to the end-users and management level. We claim that the use of this classification can lead to a more solid understanding of security provided by anonymizing networks, and therewith improve their development. Finally, we will classify some well known techniques and security issues according to the proposal and thus show the practical relevance and applicability of the proposed classification.

[1]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[2]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[3]  Dogan Kesdogan,et al.  The Past , Present , and Future of Network Anonymity , 2001 .

[4]  John L. Florell,et al.  Sharing , 1979 .

[5]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[6]  Micah Adler,et al.  An Analysis of the Degradation of Anonymous Protocols , 2002, NDSS.

[7]  George Danezis,et al.  Statistical Disclosure Attacks , 2003, SEC.

[8]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[9]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[10]  Hannes Federrath Designing Privacy Enhancing Technologies , 2001, Lecture Notes in Computer Science.

[11]  Dogan Kesdogan,et al.  The Lower Bound of Attacks on Anonymity Systems - A Unicity Distance Approach , 2006, Quality of Protection.

[12]  Andrew Hintz,et al.  Fingerprinting Websites Using Traffic Analysis , 2002, Privacy Enhancing Technologies.

[13]  G Danezis,et al.  Statistical disclosure attacks: Traffic confirmation in open environments , 2003 .

[14]  Peter Palfrader,et al.  Mixmaster protocol --- version 2 , 2000 .

[15]  Dogan Kesdogan,et al.  Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System , 1998, Information Hiding.

[16]  Emin Gün Sirer,et al.  Herbivore: A Scalable and Efficient Protocol for Anonymous Communication , 2003 .

[17]  Otto Spaniol,et al.  Ant-Routing-Algorithm for Mobile Multi-Hop Ad-Hoc Networks , 2003, Net-Con.

[18]  Peter Sewell,et al.  Passive-attack analysis for connection-based anonymity systems , 2004, International Journal of Information Security.

[19]  Dogan Kesdogan,et al.  Analysis of Security and Privacy in Mobile-IP , 1996 .

[20]  Dogan Kesdogan,et al.  The Hitting Set Attack on Anonymity Protocols , 2004, Information Hiding.

[21]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[22]  Roger Dingledine,et al.  From a Trickle to a Flood: Active Attacks on Several Mix Types , 2002, Information Hiding.

[23]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[24]  Markus G. Kuhn,et al.  Real World Patterns of Failure in Anonymity Systems , 2001, Information Hiding.

[25]  U Moeller,et al.  Mixmaster Protocol Version 2 , 2004 .

[26]  Aravind Srinivasan,et al.  P/sup 5/ : a protocol for scalable anonymous communication , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[27]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[28]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[29]  B. Bhattacharjee,et al.  A Protocol for Scalable Anonymous Communication , 1999 .