Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems
We discuss problems and trade-offs with systems providing anonymity for web browsing (or more generally any communication system that requires low latency interaction). We focus on two main systems: the Freedom network  and PipeNet . Although Freedom is efficient and reasonably secure against denial of service attacks, it is vulnerable to some generic traffic analysis attacks, which we describe. On the other hand, we look at PipeNet, a simple theoretical model which protects against the traffic analysis attacks we point out, but is vulnerable to denial of services attacks and has efficiency problems. In light of these observations, we discuss the trade-offs that one faces when trying to construct an efficient low latency communication system that protects users anonymity.
KeywordsThreat Model Analysis Attack Exit Node Bandwidth Cost Synchronous Network
Unable to display preview. Download preview PDF.
- Anonymizer.com. The anonymizer.Google Scholar
- Berthold, O., Pfitzmann, A., AND Standtke, R. The disadvantages of free mix routes and how to overcome them. In Proc. Workshop on Design Issues in Anonymity and Unobservability (25–26 July 2000), ICSI TR-00-011, pp. 27–42.Google Scholar
- Bos, J., AND Boer, B. D. Detection of disrupters in the DC protocol. In Advances in Cryptology-EURO CRYPT’ 89 (1989), pp. 320–327.Google Scholar
- Canetti, R.Studies in Secure Multiparty Computation and Applications. PhD thesis, Department of Computer Science and Applied Mathematics, The Weizmann Institute of Science, June 1995. revised version.Google Scholar
- Cuphaum, D. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the Association for Computing Machinery 24,2 (Feb. 1981), 84–88.Google Scholar
- Cramer, R., Damgård, I., Dziembowski, S., Hirt, M., AND Rabin, T. Efficient multiparty computations with dishonest minority. In Advances in Cryptology— EUROCRYPT99 (March 1999), vol. 1561 of Lecture Notes in Computer Science, Springer-Verlag, pp. 311–326.Google Scholar
- Dai, W. Pipenet 1.1. http://www.eskimo.com/weidai/pipenet.txt, 1998.
- Dai, W. Two attacks against freedom. http://www.eskimo.coni/~weidai/freedom-attacks.txt, 2000.
- Gennaro, R., Rabin, M. O., AND Rabin, T. Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In PODC: 17th ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing (1998).Google Scholar
- Goldberg, I., AND Shostack, A. Freedom network 1.0 architecture and protocols. http://www.freedom.net/info/freedompapers/index.html, 1999.
- Goldreich, O., Micali, S., AND Wigderson, A. How to play any mental game — A completeness theorem for protocols with honest majority. In Proceedings of the nineteenth annual ACM Symposium on Theory of Computing, New York City, May 25–27, 1987 (New York, NY 10036, USA, 1987), ACM, Ed., ACM Press, pp. 218–229.Google Scholar
- Goldschlag, D., Reed, M., AND Syverson, P. Onion routing for anonymous and private internet connections. Communications of the ACM (USA) 42,2 (Feb. 1999), 39–41.Google Scholar
- Green, L. Traffic shaping argument. Article on cypherpunks list, 1993.Google Scholar
- Jakobsson. Flash mixing. In PODC: 18th ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing (1999).Google Scholar
- Jakobsson, M. A practical mix. Lecture Notes in Computer Science 1403 (1998), 448Google Scholar
- Jakobsson, M., AND Juels, A. Millimix: Mixing in small batches. Tech. Rep. 99-33, DIMACS, June 10 1999. Thu, 22 Jul 1999 23:50:00 GMT.Google Scholar
- Kocher, P. C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology-CRYPTO’ 96 (1996), N. Koblitz, Ed., Lecture Notes in Computer Science, International Association for Cryptologic Research, Springer-Verlag, Berlin Germany, pp. 104–113.Google Scholar
- Park, C., Itoh, K., AND Kurosawa, K. Efficient anonymous channel and all/nothing election scheme. Lecture Notes in Computer Science 765 (1994)Google Scholar
- Pfitzmann, A., Pfitzmann, B., AND Waidner, M. ISDN-MIXes: untraceable communication with very small bandwidth overhead. In Information Security, Proc. IFIP/Sec’ 91 (1991), pp. 245–258.Google Scholar
- Rackoff, C., AND Simon, D. R. Cryptographic defense against traffic analysis. In Proceedings of the Twenty-Fifth Annual ACM Symposium on the Theory of Computing (San Diego, California, 16–18 May 1993), pp. 672–681.Google Scholar
- Raymond, J.-F. Traffic analysis: Protocols, attacks, design issues and open problems. In Proc. Workshop on Design Issues in Anonymity and Unobservability (25–26 July 2000), ICSITR-00-011,pp. 7–26.Google Scholar
- Reiter, M. K., AND Rubin, A. D. Anonymous Web transactions with crowds. Communications of the ACM 42,2 (Feb. 1999), 32–48.Google Scholar
- Smith, A., AND Stiglic, A. Multiparty computation unconditionally secure against II2 adversary structures. Cryptology SOCS-98.2, School of Computer Science, McGill University, Montreal, Canada, 1998.Google Scholar
- Syverson, P. F., Tsudik, G., Reed, M. G., AND Landwehr, C. E. Towards an analysis of onion routing security. In Proc. Workshop on Design Issues in Anonymity and Unobservability (25–26 July 2000), ICSI RR-00-011, pp. 83–100.Google Scholar
- Waidner, M. Unconditional sender and recipient untraceability in spite of active attacks. In Advances in Cryptology-EUROCRYPT’ 89 (1990), J.-J. Quisquater and J. Vandewalle, Eds., Lecture Notes in Computer Science, International Association for Cryptologic Research, Springer-Verlag, Berlin Germany, pp. 302–319.Google Scholar
- Waidner, M., AND Pfitzmann, B. The dining cryptographers in the disco: Unconditional sender and recipient untraceability with computationally secure serviceability. In Advances in Cryptology—EUROCRYPT89 (10–13 Apr. 1989), J.-J. Quisquater and J. Vandewalle, Eds., vol. 434 of Lecture Notes in Computer Science, Springer-Verlag, 1990, p. 690.Google Scholar