Advertisement

Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems

  • Adam Back
  • Ulf Möller
  • Anton Stiglic
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2137)

Abstract

We discuss problems and trade-offs with systems providing anonymity for web browsing (or more generally any communication system that requires low latency interaction). We focus on two main systems: the Freedom network [12] and PipeNet [8]. Although Freedom is efficient and reasonably secure against denial of service attacks, it is vulnerable to some generic traffic analysis attacks, which we describe. On the other hand, we look at PipeNet, a simple theoretical model which protects against the traffic analysis attacks we point out, but is vulnerable to denial of services attacks and has efficiency problems. In light of these observations, we discuss the trade-offs that one faces when trying to construct an efficient low latency communication system that protects users anonymity.

Keywords

Threat Model Analysis Attack Exit Node Bandwidth Cost Synchronous Network 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    Anonymizer.com. The anonymizer.Google Scholar
  2. [2]
    Berthold, O., Pfitzmann, A., AND Standtke, R. The disadvantages of free mix routes and how to overcome them. In Proc. Workshop on Design Issues in Anonymity and Unobservability (25–26 July 2000), ICSI TR-00-011, pp. 27–42.Google Scholar
  3. [3]
    Bos, J., AND Boer, B. D. Detection of disrupters in the DC protocol. In Advances in Cryptology-EURO CRYPT’ 89 (1989), pp. 320–327.Google Scholar
  4. [4]
    Canetti, R.Studies in Secure Multiparty Computation and Applications. PhD thesis, Department of Computer Science and Applied Mathematics, The Weizmann Institute of Science, June 1995. revised version.Google Scholar
  5. [5]
    Cuphaum, D. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the Association for Computing Machinery 24,2 (Feb. 1981), 84–88.Google Scholar
  6. [6]
    Chaum, D. The Dining Cryptographers Problem: Unconditional sender and recipient untraceability. Journal of Cryptology 7,1 (1988), 65–75.MathSciNetGoogle Scholar
  7. [7]
    Cramer, R., Damgård, I., Dziembowski, S., Hirt, M., AND Rabin, T. Efficient multiparty computations with dishonest minority. In Advances in Cryptology— EUROCRYPT99 (March 1999), vol. 1561 of Lecture Notes in Computer Science, Springer-Verlag, pp. 311–326.Google Scholar
  8. [8]
    Dai, W. Pipenet 1.1. http://www.eskimo.com/weidai/pipenet.txt, 1998.
  9. [9]
    Dai, W. Two attacks against freedom. http://www.eskimo.coni/~weidai/freedom-attacks.txt, 2000.
  10. [10]
    Desmedt, Y., AND Kurosawa, K. How to break a practical mix and design a new one. In Advances in Cryptology-EUROCRYPT’ 2000 (2000), Lecture Notes in Computer Science, International Association for Cryptologic Research, Springer-Verlag, Berlin Heidelberg, pp. 557–572.CrossRefGoogle Scholar
  11. [11]
    Gennaro, R., Rabin, M. O., AND Rabin, T. Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In PODC: 17th ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing (1998).Google Scholar
  12. [12]
    Goldberg, I., AND Shostack, A. Freedom network 1.0 architecture and protocols. http://www.freedom.net/info/freedompapers/index.html, 1999.
  13. [13]
    Goldreich, O., Micali, S., AND Wigderson, A. How to play any mental game — A completeness theorem for protocols with honest majority. In Proceedings of the nineteenth annual ACM Symposium on Theory of Computing, New York City, May 25–27, 1987 (New York, NY 10036, USA, 1987), ACM, Ed., ACM Press, pp. 218–229.Google Scholar
  14. [14]
    Goldschlag, D., Reed, M., AND Syverson, P. Onion routing for anonymous and private internet connections. Communications of the ACM (USA) 42,2 (Feb. 1999), 39–41.Google Scholar
  15. [15]
    Green, L. Traffic shaping argument. Article on cypherpunks list, 1993.Google Scholar
  16. [16]
    Jakobsson. Flash mixing. In PODC: 18th ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing (1999).Google Scholar
  17. [17]
    Jakobsson, M. A practical mix. Lecture Notes in Computer Science 1403 (1998), 448Google Scholar
  18. [18]
    Jakobsson, M., AND Juels, A. Millimix: Mixing in small batches. Tech. Rep. 99-33, DIMACS, June 10 1999. Thu, 22 Jul 1999 23:50:00 GMT.Google Scholar
  19. [19]
    Kocher, P. C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology-CRYPTO’ 96 (1996), N. Koblitz, Ed., Lecture Notes in Computer Science, International Association for Cryptologic Research, Springer-Verlag, Berlin Germany, pp. 104–113.Google Scholar
  20. [20]
    Menezes, A. J., Van Oorschot, P. C., AND Vanstone, S. A.Handbook of applied cryptography. The CRC Press series on discrete mathematics and its applications. CRC Press, 2000 N.W. Corporate Blvd., Boca Raton, FL 33431-9868, USA, 1997.zbMATHGoogle Scholar
  21. [21]
    Ohkubo, M., AND Abe, M. A length-invariant hybrid mix. In Advances in Cryptology-ASIACRYPT’ 2000 (2000), Lecture Notes in Computer Science, International Association for Cryptologic Research, Springer-Verlag, Berlin Heidelberg, pp. 178–191.CrossRefGoogle Scholar
  22. [22]
    Park, C., Itoh, K., AND Kurosawa, K. Efficient anonymous channel and all/nothing election scheme. Lecture Notes in Computer Science 765 (1994)Google Scholar
  23. [23]
    Pfitzmann, A., Pfitzmann, B., AND Waidner, M. ISDN-MIXes: untraceable communication with very small bandwidth overhead. In Information Security, Proc. IFIP/Sec’ 91 (1991), pp. 245–258.Google Scholar
  24. [24]
    Rackoff, C., AND Simon, D. R. Cryptographic defense against traffic analysis. In Proceedings of the Twenty-Fifth Annual ACM Symposium on the Theory of Computing (San Diego, California, 16–18 May 1993), pp. 672–681.Google Scholar
  25. [25]
    Raymond, J.-F. Traffic analysis: Protocols, attacks, design issues and open problems. In Proc. Workshop on Design Issues in Anonymity and Unobservability (25–26 July 2000), ICSITR-00-011,pp. 7–26.Google Scholar
  26. [26]
    Reiter, M. K., AND Rubin, A. D. Anonymous Web transactions with crowds. Communications of the ACM 42,2 (Feb. 1999), 32–48.Google Scholar
  27. [27]
    Smith, A., AND Stiglic, A. Multiparty computation unconditionally secure against II2 adversary structures. Cryptology SOCS-98.2, School of Computer Science, McGill University, Montreal, Canada, 1998.Google Scholar
  28. [28]
    Syverson, P. F., Tsudik, G., Reed, M. G., AND Landwehr, C. E. Towards an analysis of onion routing security. In Proc. Workshop on Design Issues in Anonymity and Unobservability (25–26 July 2000), ICSI RR-00-011, pp. 83–100.Google Scholar
  29. [29]
    Waidner, M. Unconditional sender and recipient untraceability in spite of active attacks. In Advances in Cryptology-EUROCRYPT’ 89 (1990), J.-J. Quisquater and J. Vandewalle, Eds., Lecture Notes in Computer Science, International Association for Cryptologic Research, Springer-Verlag, Berlin Germany, pp. 302–319.Google Scholar
  30. [30]
    Waidner, M., AND Pfitzmann, B. The dining cryptographers in the disco: Unconditional sender and recipient untraceability with computationally secure serviceability. In Advances in Cryptology—EUROCRYPT89 (10–13 Apr. 1989), J.-J. Quisquater and J. Vandewalle, Eds., vol. 434 of Lecture Notes in Computer Science, Springer-Verlag, 1990, p. 690.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Adam Back
    • 1
  • Ulf Möller
    • 1
  • Anton Stiglic
    • 1
  1. 1.Zero-Knowledge Systems Inc.USA

Personalised recommendations