Abstract
We present attacks on the anonymity and pseudonymity provided by a “lonely hearts” dating service and by the HushMail encrypted email system. We move on to discuss some generic attacks upon anonymous systems based on the engineering reality of these systems rather than the theoretical foundations on which they are based. However, for less sophisticated users it is social engineering attacks, owing nothing to computer science, that pose the biggest day-to-day danger. This practical experience then permits a start to be made on developing a security policy model for pseudonymous communications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Comm. ACM 24(2), 84–88 (1981)
Goldberg, I., Shostack, A: Freedom Network 1.0. Zero-Knowledge Systems, Inc. http://www.freedom.net/info/freedompapers/Freedom-Architecture.pdf (November 1999)
Goldschlag, D. M., Reed, M. G., Syverson, P. F.: Onion Routing for Anonymous and Private Internet Connections. Comm. ACM 42(2) (1999)
Privada Inc: How privacy is maintained http://www.privada.com/news/maintained.html (2000)
Reiter, M., Rubin, A.: Anonymous web transactions with crowds. Comm. ACM 42(2) 32–38 (1999)
Hush Communications: http://www.hushmail.com/
Syverson, P. F., Tsudik G., Reed M. G., Landwehr, C. E.: Towards an Analysis of Onion Routing. Security Workshop on Design Issues in Anonymity and Unobservability Berkeley, Ca. (July 2000)
Kesdogan, D., Egner, J., Büschkes, R.: Stop-And-Go-MIXes Providing Probabilistic Anonymity in an Open System. IHW’98-Proc. of the International Information Hiding Workshop. (April 1998)
Waidner, M., Pfitzmann, B.: Unconditional Sender and Recipient Untraceability in spite of Active Attacks-Some Remarks. Fakultät für Informatik, Universität Karlsruhe, Interner Bericht 5/89 (March 1989)
Miles, G., Bowden, E. J.: Scripting Backdoor Steals Secrets. ZDNet. http://www.zdnet.com/zdhelp/stories/main/0,5594,2585941,00.html (June 12, 2000)
Anupam, V., Mayer, A.: Security of Web Browser Scripting Languages: Vulnerabilities, Attacks, and Remedies. 9th USENIX Security Symposium (2000)
Hush Communications Anguilla, Inc.: http://www.hush.ai/
Almgren, F., Andersson, G., Granlund, T., Ivansson, L., Ulfberg, S.: How We Cracked the Code Book Ciphers http://codebook.org/codebook_solution.html
Yan, J., Blackwell, A., Anderson, R., Grant, A.: The Memorability and Security of Passwords Some Empirical Results. TR 500, University of Cambridge Computer Laboratory (September 2000)
Morris, R., Thompson, K.: Password Security: A Case History. Comm. ACM 22(11) 594–597 (1979)
Sporkin, S.: McVeigh v Cohen. United States District Court for the District of Columbia, Civil Action No 98–116 http://www.epic.org/privacy/internet/aol/navy_decision.html (1998)
Bell, B. A. (ed.): CyberSecurities Law Case Digest: Corporate Cybersmear Lawsuits, http://www.cybersecuritieslaw.com/lawsuits/casescorporatecybersmears.htm
Childnet: Chat Tips Banner. http://www.chatdanger.com/banner/banner.htm
Smith, R. M.: Problems with Web Anonymizing Services http://users.rcn.com/rms2000/anon/anonprob.htm
Fajman, R.: An Extensible Message Format for Message Disposition Notifications. Request for Comments 2298. http://www.ietf.org/rfc/rfc2298.txt (March 1998)
Denning, D. E.: Cryptography and Data Security. Addison Wesley (1982)
Anderson, R.: Security Engineering-A Guide to Building Dependable Distributed Systems. John Wiley & Sons (2001) 146–148
National Computer Security Center: A Guide to Understanding Covert Channel Analysis of Trusted Systems. NCSC-TG-030, Version 1 (November 1993)
Iachello, G.: Single MIX Protection Profile, Revision 1.11 http://www.iig.uni-freiburg.de/~giac (May 1999)
Rao, J. R., Rohatgi, P.: Can Pseudonymity Really Guarantee Privacy? 9th USENIX Security Symposium (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Clayton, R., Danezis, G., Kuhn, M.G. (2001). Real World Patterns of Failure in Anonymity Systems. In: Moskowitz, I.S. (eds) Information Hiding. IH 2001. Lecture Notes in Computer Science, vol 2137. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45496-9_17
Download citation
DOI: https://doi.org/10.1007/3-540-45496-9_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42733-9
Online ISBN: 978-3-540-45496-0
eBook Packages: Springer Book Archive