Skip to main content
SpringerLink
Log in

Limits of Anonymity in Open Environments

  • Conference paper
  • First Online:
Information Hiding (IH 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2578))

Included in the following conference series:

Abstract

A user is only anonymous within a set of other users. Hence, the core functionality of an anonymity providing technique is to establish an anonymity set. In open environments, such as the Internet, the established anonymity sets in the whole are observable and change with every anonymous communication. We use this fact of changing anonymity sets and present a model where we can determine the protection limit of an anonymity technique, i.e. the number of observations required for an attacker to “break” uniquely a given anonymity technique. In this paper, we use the popular MIX method to demonstrate our attack. The MIX method forms the basis of most of the today’s deployments of anonymity services (e.g. Freedom, Onion Routing, Webmix). We note that our approach is general and can be applied equally well to other anonymity providing techniques.

In more recent times, a new technique providing perfect protection was discovered independently by two different groups[6],[7]. This technique, known as Private Information Retrieval (PIR), has similarities to the DC-Networks.

MIX technique uses public key encryption, thus the technique provides perfect anonymity, i. encryption is not considered as a limiting factor [2],[8].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. D. Chaum: The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology, 1:65–75, 1988. 53

    Article  MATH  MathSciNet  Google Scholar 

  2. D. Chaum: Untraceable electronic mail, return addresses and digital pseudonyms. Communications of the A. C. M., 24(2):84–88, February 1981. 53, 55

    Google Scholar 

  3. D. J. Farber, K.C. Larson: Network Security Via Dynamic Process Renaming. Fourth Data Communication Symposium, 7-9 October 1975, Quebec City, Canada. 53

    Google Scholar 

  4. P.A. Karger: Non-Discretionary Access Control for Decentralized Computing Systems. Master Thesis, Massachusetts Institute of Technology. Laboratory for Computer Science, 545 Technology Square, Camebridge, Massachusetts 02139, Mai 1977, Report MIT/LCS/TR-179. 53

    Google Scholar 

  5. A. Pfitzmann, M. Waidner, Networks without user observability, design options. In: Advances in Cryptology. Eurocrypt’ 85, volume 219 of Lecture Notes in Computer Science. Spinger-Verlag, 1985. 53

    Google Scholar 

  6. B. Chor, O. Goldreich, E. Kushilevitz, M. Sudan: Private information retrieval. In: 36th IEEE Conference on the Foundations of Computer Science, pages 41–50. IEEE Computer Society Press, 1995. 53

    Google Scholar 

  7. D.A. Cooper, K.P. Birman: Preserving privacy in a network of mobile computers. In: 1995 IEEE Symposium on Research in Security and Privacy, pages 26–38. IEEE Computer Society Press, 1995. 53

    Google Scholar 

  8. A. Pfitzmann: Dienstintegrierende Kommunikationsnetze mit teilnehmerüberpr üfbarem Datenschutz. IFB 234, Springer-Verlag, Heidelberg 1990(in German). 53, 56

    Google Scholar 

  9. H. Federrath, A. Jerichow, A. Pfitzmann: MIXes in Mobile Communication Systems: Location Management with Privacy. Information Hiding, LNCS 1174. Springer-Verlag, Berlin 1996, 121–135. 54

    Google Scholar 

  10. C. Gülcü, G. Tsudik: Mixing E-mail with BABEL. In: Symposium on Network and Distributed Systems Security (NDSS’ 96), San Diego, California, February 1996. 54, 56

    Google Scholar 

  11. A. Jerichow, J. Müller, A. Pfitzmann, B. Pfitzmann, M. Waidner: Real-Time Mixes: A Bandwidth-Efficient Anonymity Protocol. IEEE Journal on Selected Areas in Communications, 1998. 54

    Google Scholar 

  12. A. Pfitzmann, B. Pfitzmann, M. Waidner: ISDN-mixes: Untraceable communication with very small bandwidth overhead. In: GI/ITG Conference: Communication in Distributed Systems, pages 451–463. Springer-Verlag, Heidelberg, February 1991. 54

    Google Scholar 

  13. M. G. Reed, P. F. Syverson, D. M. Goldschlag: Anonymous connections and onion routing. IEEE Journal on Special Areas in Communications, 16(4):482–494, May 1998. 54

    Article  Google Scholar 

  14. M. G. Reed, P. F. Syverson, D. M. Goldschlag: Protocols using Anonymous Connections: Mobile Applications, Security Protocols. 5th International Workshop Proceedings. B. Christianson, B. Crispo, M. Lomas, and M. Roe (eds.). Springer-Verlag LNCS 1361, 1998, pp. 13–23. 54

    Google Scholar 

  15. D. Kesdogan, J. Egner, R. Büschkes: Stop-and-go mixes providing probabilistic security in an open system. In: David Aucsmith (ed.): Information Hiding: Second InternationalWorkshop, volume 1525 of Lecture Notes in Computer Science, pages 83–98. Springer-Verlag, Berlin, Germany, 1998. 54, 56

    Chapter  Google Scholar 

  16. B. Pfitzmann, A. Pfitzmann: How to Break the Direct RSA-Implementation of MIXes. Eurocrypt’ 89, LNCS 434. Springer-Verlag, Berlin 1990, pp. 373–381. 55

    Google Scholar 

  17. J. F. Raymond: Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems. International Workshop on Design Issues in Anonymity and Unobservability, Berkley, LNCS 2009. Springer-Verlag, 2001. 56, 57

    Google Scholar 

  18. O. Berthold, H. Langos: Dummy Traffic Against Long Term Intersection Attacks. Workshop on Privacy Enhancing Technologies, San Francisco, CA, USA, April 14-15, 2002. 56

    Google Scholar 

  19. M. Wright, M. Adler, B.N. Levine, C. Shields: An Analysis of the Degradation of Anonymous Protocols. Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 2002), February 2002. 56

    Google Scholar 

  20. L. Cottrell: Mixmaster, http://www.obscura.com/loki/. 56

  21. D. Kesdogan: Evaluation of Anonymity Providing Techniques using Queueing Theory. The 26th Annual IEE Conference on Local Computer Networks (LCN 2001), November 15-16, 2001, Tampa, Florida. 56

    Google Scholar 

  22. A. Serjantov, G. Danezis: Towards an Information Theoretic Metric for Anonymity. Workshop on Privacy Enhancing Technologies, San Francisco, CA, USA, April 14-15, 2002. 56

    Google Scholar 

  23. C. Diaz, S. Seys, J. Claessens, B. Preneel: Towards Measuring Anonymity,Workshop on Privacy Enhancing Technologies, San Francisco, CA, USA, April 14-15, 2002. 56

    Google Scholar 

  24. R. Dechter, D. Frost: Backtracking algorithms for constraint satisfaction problems. An ICS technical report, September 1999. 61, 63

    Google Scholar 

  25. P. v. Beek: A C-library of routines for solving binary constraint satisfaction problems. http://ai.uwaterloo.ca/vanbeek/software/software.html. 63

  26. V. Kumar: Algorithms for Constraint Satisfaction Problems, A Survey. AI magazine, 13(1):32–44, 1992. 63

    Google Scholar 

  27. O. Berthold, H. Federrath, S. Köpsell: Web MIXes: A System for Anonymous and Unobservable Internet Access. International Workshop on Design Issues in Anonymity and Unobservability, Berkley, 2009 LNCS. Springer-Verlag, 2001.

    Google Scholar 

  28. I. Goldberg, A. Shostack: Freedom network whitepapers.

    Google Scholar 

  29. C. Racko., D.R. Simon: Cryptographic defence against traffic analysis. In: Proceedings of the Twenty-Fifth Annual ACM Symposium on the Theory of Computing, pages 672–681, San Diego, California, 16-18 May 1993.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department Informatik IV, Aachen University of Technology, Ahornstr. 55, D-52074, Aachen, Germany

    Dogan Kedogan & Stefan Penz

  2. IBM T. J. Watson Research Center, 19 Skyline Drive, 10532, Hawthorne, NY, USA

    Dakshi Agrawal

Authors
  1. Dogan Kedogan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dakshi Agrawal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefan Penz
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microsoft Research Ltd., 7 J. J. Thomson Avenue, CB3 0FB, Cambridge, UK

    Fabien A. P. Petitcolas

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kedogan, D., Agrawal, D., Penz, S. (2003). Limits of Anonymity in Open Environments. In: Petitcolas, F.A.P. (eds) Information Hiding. IH 2002. Lecture Notes in Computer Science, vol 2578. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36415-3_4

Download citation

  • DOI: https://doi.org/10.1007/3-540-36415-3_4

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00421-9

  • Online ISBN: 978-3-540-36415-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation