Advertisement

Towards an Information Theoretic Metric for Anonymity

  • Andrei Serjantov
  • George Danezis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2482)

Abstract

In this paper we look closely at the popular metric of anonymity, the anonymity set, and point out a number of problems associated with it. We then propose an alternative information theoretic measure of anonymity which takes into account the probabilities of users sending and receiving the messages and show how to calculate it for a message in a standard mix-based anonymity system. We also use our metric to compare a pool mix to a traditional threshold mix, which was impossible using anonymity sets. We also show how the maximum route length restriction which exists in some fielded anonymity systems can lead to the attacker performing more powerful traffic analysis. Finally, we discuss open problems and future work on anonymity measurements.

Keywords

Route Length Information Theoretic Anonymous Communication Outgoing Message Anonymity System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. BPS00.
    O. Berthold, A. Pfitzmann, and R. Standtke. The disadvantages of free MIX routes and how to overcome them. In Designing Privacy Enhancing Technologies: Proceedings of the International Workshop on the Design Issues in Anonymity and Observability, LNCS 2009. 2000.Google Scholar
  2. Cha81.
    D. Chaum. Untraceable electronic mail, return addresses and digital pseudonyms. Communications of the A.C.M., 24(2):84–88, 1981.Google Scholar
  3. Cha88.
    D. Chaum. The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology: the journal of the International Association for Cryptologic Research, 1(1):65–75, 1988.MATHMathSciNetGoogle Scholar
  4. Cot94.
    L. Cottrell. Mixmaster and remailer attacks, 1994. http://www.obscura.com/~loki/remailer/remailer-essay.html.
  5. DSCP02.
    C. Diaz, S. Seys, J. Claessens, and B. Preneel. Towards measuring anonymity. In Workshop on Privacy Enhancing Technologies, LNCS 2482. 2002.Google Scholar
  6. GT96.
    C. Gulcu and G. Tsudik. Mixing email with Babel. In 1996 Internet Society Symposium on Network and Distributed Sytem Security, pages 2–16. San Diego, CA, 1996.Google Scholar
  7. KEB98.
    D. Kesdogan, J. Egner, and R. Buschkes. Stop-and-go-MIXes providing probabilistic anonymity in an open system. In Proceedings of the International Information Hiding Workshop, LNCS 1525. 1998.CrossRefGoogle Scholar
  8. MC00.
    U. Moeller and L. Cottrell. Mixmaster Protocol Version 3, 2000. http://www.eskimo.com/~rowdenw/crypt/Mix/draft-moeller-v3-01.txt.
  9. OA00.
    M. Ohkubo and M. Abe. A length-invariant hybrid mix. In T. Okamoto, editor, Advances in Cryptology-ASIACRYPT, LNCS 1976, page 178 ff. 2000.CrossRefGoogle Scholar
  10. PK00.
    A. Pfitzmann and M. Kohntopp. Anonymity, unobservability and pseudonymity — a proposal for terminology. In Designing Privacy Enhancing Technologies: Proceedings of the International Workshop on the Design Issues in Anonymity and Observability, LNCS 2009. 2000.Google Scholar
  11. Sha48.
    C. Shannon. The mathematical theory of communication. Bell Systems Technical Journal, 30:50–64, 1948.MathSciNetGoogle Scholar
  12. STRL00.
    P. F. Syverson, G. Tsudik, M. G. Reed, and C. E. Landwehr. Towards an analysis of onion routing security. In Designing Privacy Enhancing Technologies: Proceedings of the International Workshop on the Design Issues in Anonymity and Observability, LNCS 2009. 2000.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Andrei Serjantov
    • 1
  • George Danezis
    • 1
  1. 1.University of Cambridge Computer LaboratoryCambridgeUK

Personalised recommendations