We consider a process during which encoded messages are processed through a network; at one step a message can be delivered only to a neighbor of the current node; at each node a message is recoded cryptographically so that an external observer cannot link the messages before and after re-coding. The goal of re-coding is to hide origins of the messages from an adversary who monitors the traffic. Recoding becomes useful, if at least two messages simultaneously enter a node – then the node works like a mix server.
We investigate how long the route of messages must be so that traffic analysis does not provide any substantial information for the adversary. Anonymity model we consider is very strong and concerns distance between a priori probability distribution describing origins of each message, and the same probability distribution but conditioned upon the traffic information. We provide a rigid mathematical proof that for a certain route length, expressed in terms of mixing time of the network graph, variation distance between the probability distributions mentioned above is small with high probability (over possible traffic patterns).
While the process concerned is expressed in quite general terms, it provides tools for proving privacy and anonymity features of many protocols. For instance, our analysis extends results concerning security of an anonymous communication protocol based on onion encoding – we do not assume, as it is done in previous papers, that a message can be sent directly between arbitrary nodes. However, the most significant application now might be proving immunity against traffic analysis of RFID tags with universal re-encryption performed for privacy protection.
Keywordsanonymous communication traffic analysis Markov chain variation distance rapid mixing onion protocol RFID tag
Unable to display preview. Download preview PDF.
- 1.Aldous, D., Fill, J.: Reversible Markov chains and random walks on graphs in preparation, some chapters, available at http://stat-www.berkeley.edu/pub/users/aldous/RWG/book.html
- 2.Beimel, A., Dolev, S.: Buses for Anonymous Message Delivery. In: Second International Conference on FUN with Algorithms, pp. 1–13. Carleton Scientific (2001)Google Scholar
- 4.Bubley, B., Dyer, M.: Path Coupling: A Technique for Proving Rapid Mixing in Markov Chains. In: IEEE Symposium on Foundations of Computer Science (FOCS) 1997, pp. 223-231 (1997)Google Scholar
- 7.Czumaj, A., Kanarek, P., Kutyłowski, M., Loryś, K.: Distributed Stochastic Processes for Generating Random Permutations. In: ACM-SIAM Symposium on Discrete Algorithms (SODA) 1999, pp. 271–280 (1999)Google Scholar
- 11.Gogolewski, M., Kutyłowski, M.: Łuczak, T.: Distributed Time-Stamping with Boomerang Onions. Manuscript (2004)Google Scholar
- 12.Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal Re-encryption for Mixnets. In: RSACT 2004 (2004)Google Scholar
- 14.Gülcü, C., Tsudik, G.: Mixing E-mail with BABEL. In: ISOC Symposium on Network and Distributed System Security, pp. 2-16. IEEE, Los Alamitos(1996)Google Scholar
- 15.Rackoff, C., Simon, D.R.: Cryptographic Defense Against Traffic Analysis. In: ACM Symposium on Theory of Computing (STOC) 1993, 672–681 (1993)Google Scholar
- 16.Szemerédi, E.: Regular Partitions of Graphs. In: Bermond, J.-C., Fournier, J.-C., Las Vergnas, M., Sotteau, D. (eds.) Problèmes Combinatoires et Théorie des Graphes, Proc. Colloque Inter. CNRS, Paris, pp. 399–401 (1978)Google Scholar
- 17.Syverson, P.F., Goldschlag, D., Reed, M.: Hiding Routing Information. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996)Google Scholar