Probable Innocence Revisited
In this paper we study probable innocence, a notion of probabilistic anonymity provided by protocols such as Crowds. The authors of Crowds, Reiter and Rubin, gave a definition of probable innocence which later has been interpreted by other authors in terms of the probability of the users from the point of view of the observer. This formalization however does not seem to correspond exactly to the property that Reiter and Rubin have shown for Crowds, the latter, in fact, is independent from the probability of the users.
We take the point of view that anonymity should be a concept depending only on the protocol, and should abstract from the probabilities of the users. For strong anonymity, this abstraction leads to a concept known as conditional anonymity. The main goal of this paper is to establish a notion which is to probable innocence as conditional anonymity is to strong anonymity. We show that our definition, while being more general, corresponds exactly to the property that Reiter and Rubin have shown for Crowds, under specific conditions. We also show that in the particular case that the users have uniform probabilities we obtain a property similar to the definition of probable innocence given by Halpern and O’Neill.
Unable to display preview. Download preview PDF.
- 2.Syverson, P., Goldschlag, D., Reed, M.: Anonymous connections and onion routing. In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 44–54 (1997)Google Scholar
- 5.Clarke, I., Sandberg, O., Wiley, B., Hong, T.W.: Freenet: A distributed anonymous information storage and retrieval system. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 44–66. Springer, Heidelberg (2000)Google Scholar
- 7.Halpern, J.Y., O’Neill, K.R.: Anonymity and information hiding in multiagent systems. In: Proc. of the 16th IEEE Computer Security Foundations Workshop, pp. 75–88 (2003)Google Scholar
- 8.Halpern, J.Y., O’Neill, K.R.: Anonymity and information hiding in multiagent systems. Journal of Computer Security (To appear, 2005)Google Scholar
- 9.Bhargava, M., Palamidessi, C.: Probabilistic anonymity. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 171–185. Springer, Heidelberg (2005),Report version available at http://www.lix.polytechnique.fr/catuscia/papers/Anonymity/report.ps CrossRefGoogle Scholar
- 10.Chatzikokolakis, K., Palamidessi, C.: Probable innocence revisited. Technical report, INRIA Futurs and LIX (2005), Available at http://www.lix.polytechnique.fr/catuscia/papers/Anonymity/reportPI.pdf
- 11.Segala, R., Lynch, N.: Probabilistic simulations for probabilistic processes. Nordic Journal of Computing 2, 250–273 (1995); Jonsson, B., Parrow, J. (eds.) CONCUR 1994. LNCS, vol. 836, pp. 481–496. Springer, Heidelberg (1994)Google Scholar
- 13.Ryan, P.Y., Schneider, S.: Modelling and Analysis of Security Protocols. Addison-Wesley, Reading (2001)Google Scholar
- 14.Shmatikov, V.: Probabilistic analysis of anonymity. In: IEEE Computer Security Foundations Workshop (CSFW), pp. 119–128 (2002)Google Scholar
- 15.Wright, M., Adler, M., Levine, B., Shields, C.: An analysis of the degradation of anonymous protocols. In: ISOC Network and Distributed System Security Symposium, NDSS (2002)Google Scholar