Advertisement

From a Trickle to a Flood: Active Attacks on Several Mix Types

  • Andrei Serjantov
  • Roger Dingledine
  • Paul Syverson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2578)

Abstract

The literature contains a variety of different mixes, some of which have been used in deployed anonymity systems. We explore their anonymity and message delay properties, and show how to mount active attacks against them by altering the traffic between the mixes. We show that if certain mixes are used, such attacks cannot destroy the anonymity of a particular message completely. We work out the cost of these attacks in terms of the number of messages the attacker must insert into the network and the time he must spend. We discuss advantages and disadvantages of these mixes and the settings in which their use is appropriate. Finally, we look at dummy traffic and SG mixes as other promising ways of protecting against the attacks, point out potential weaknesses in existing designs, and suggest improvements.

Keywords

Active Attack Commitment Scheme Message Delay Attack Message Target Message 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    Oliver Berthold, Andreas Pfitzmann, and Ronny Standtke. The disadvantages of free MIX routes and how to overcome them. In Designing Privacy Enhancing Technologies: Proceedings of the International Workshop on the Design Issues in Anonymity and Observability, pages 10–29, July 2000. 37Google Scholar
  2. [2]
    David Chaum. Untraceable electronic mail, return addresses and digital pseudonyms. Communications of the ACM, 24(2):84–88, 1981. 36, 47CrossRefGoogle Scholar
  3. [3]
    L. Cottrell. Mixmaster and remailer attacks, 1994. http://www.obscura.com/~loki/remailer/remailer-essay.html. 36, 49
  4. [4]
    George Danezis, Roger Dingledine, David Hopwood, and Nick Mathewson. Mixminion: Design of a Type III Anonymous Remailer Protocol. Manuscript, 2002. http://mixminion.net/. 39
  5. [5]
    Roger Dingledine, Michael J. Freedman, David Hopwood, and David Molnar. A Reputation System to Increase MIX-net Reliability. In Ira Moskowitz, editor, Information Hiding, 4th International Workshop (IH 2001), pages 126–141. Springer-Verlag, LNCS 2137, 2001. http://www.freehaven.net/papers.html. 47, 50Google Scholar
  6. [6]
    Roger Dingledine and Paul Syverson. Reliable MIX Cascade Networks through Reputation. In Matt Blaze, editor, Financial Cryptography (FC’ 02). SpringerVerlag, LNCS (forthcoming), 2002. http://www.freehaven.net/papers.html. 48, 50Google Scholar
  7. [7]
    Elke Franz, Andreas Graubner, Anja Jerichow, and Andreas Pfitzmann. Comparisonof Commitment Schemes Used in Mix-Mediated Anonymous Communicationfor Preventing Pool-Mode Attacks. In C. Boyd and E. Dawson, editors, 3rd AustralasianConference on Information Security and Privacy (ACISP’98, number1438 in LNCS. Springer-Verlag, 1998. 47CrossRefGoogle Scholar
  8. [8]
    C. Gülcü and G. Tsudik. Mixing Email with Babel. In Internet Society Symposiumon Network and Distributed Sytem Security (NDSS’96), pages 2–16, San Diego,CA, Feb 1996. 36, 49Google Scholar
  9. [9]
    Markus Jakobsson. Flash Mixing. In Principles of Distributed Computing-PODC’99. ACM, 1999. http://citeseer.nj.nec.com/jakobsson99flash.html. 36, 47
  10. [10]
    Anja Jerichow. Generalisation and Security Improvement of Mix-mediated AnonymousCommunication. PhD thesis, Technischen Universitat Dresden, 2000. 47,49Google Scholar
  11. [11]
    D. Kesdogan, J. Egner, and R. Buschkes. Stop-and-go-MIXes providing probabilistic anonymity in an open system. In Proceedings of the International Information Hiding Workshop, April 1998. 36, 49Google Scholar
  12. [12]
    Ulf Möller and Lance Cottrell. Mixmaster Protocol-Version 2. Unfinished draft, January 2000. http://www.eskimo.com/~rowdenw/crypt/Mix/draft-moeller-mixmaster2-protocol-00.txt. 36, 39
  13. [13]
    Andrei Serjantov and George Danezis. Towards an information theoretic metric for anonymity. In Paul Syverson and Roger Dingledine, editors, Privacy Enhancing Technologies, LNCS, San Francisco, CA, April 2002. http://petworkshop.org/2002/program.html. 38, 42, 44Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Andrei Serjantov
    • 1
  • Roger Dingledine
    • 2
  • Paul Syverson
    • 3
  1. 1.University of Cambridge Computer LaboratoryUK
  2. 2.The Free Haven ProjectUSA
  3. 3.Naval Research LaboratoryUSA

Personalised recommendations