Accountable Anonymous E-Mail
Current anonymous e-mail systems offer unconditional anonymity to their users which can provoke abusive behaviour. Dissatisfied users will drop out and liability issues may even force the system to suspend or cease its services. Therefore, controlling abuse is as important as protecting the anonymity of legitimate users when designing anonymous applications.
This paper describes the design and implementation AAEM, an accountable anonymous e-mail system. An existing anonymous e-mail system is enhanced with a control mechanism that allows for accountability. The system creates a trusted environment for senders, recipients and system operators. It provides a reasonable trade-off between anonymity, accountability, usability and flexibility.
Key wordsprivacy anonymity accountability control
- David Mazieres and M. Frans Kaashoek. The design, Implementation and Operation of an Email Pseudonym Server. In Proceedings of the 5th ACM conference on Computer and communications security, p.27–36, November 02–05, 1998, San Francisco, California, United States.Google Scholar
- P. Syverson, G. Tsudik, M. Reed and C. Landwehr. Towards an Analysis of Onion Routing Security. In H. Federrath, editor, Designing Privacy Enhancing Technologies: Workshop on Design Issue in Anonymity and Unobservability, p.96–114. Springer-Verlag, LNCS 2009, July 2000.Google Scholar
- U. Moller, L. Cottrel, P. Palfrader and L. Sassaman. Mixmaster Protocol-Version 2. Draft, July 2003, http://www.abditum.com/mixmaster-spec.txt.Google Scholar
- B. Levine, M. Reiter, C. Wang and M. Wright. Timing analysis in low-latency mix-based systems. In A. Juels, editor, Financial Cryptography. Springer-Verlag, LNCS, 2004.Google Scholar
- C. Gulcu and G. Tsudik. Mixing E-mail with Babel. In Network and Distributed Security Symposium (NDSS 96), P.2–16. IEEE, February 1996.Google Scholar
- G. Danezis, R. Dingledine and N. Mathewson. Mixminion: Design of a type-3 anonymous remailer protocol. In 2003 IEEE Symposium on Security and Privacy, p.2–15. IEEE CS, May 2003.Google Scholar
- J. Helsingius. anon.penet.fi press release. http://www.penet.fi/press-english.htm.l Google Scholar
- Cottrel. Mixmaster and remailer attacks. http://www.obscura.com/~loki/remailer/remailer-essay.html.Google Scholar
- Jan Camenisch, Els Van Herreweghen: Design and Implementation of the Idemix Anonymous Credential System. Research Report RZ 3419, IBM Research Division, June 2002. Also appeared in ACM Computer and Communication Security 2002Google Scholar
- Els van Herreweghen, Unidentifiability and Accountability in Electronic Transactions. PhD Thesis, KULeuven, 2004.Google Scholar