Do Dummies Pay Off? Limits of Dummy Traffic Protection in Anonymous Communications
Anonymous communication systems ensure that correspondence between senders and receivers cannot be inferred with certainty. However, when patterns are persistent, observations from anonymous communication systems enable the reconstruction of user behavioral profiles. Protection against profiling can be enhanced by adding dummy messages, generated by users or by the anonymity provider, to the communication. In this paper we study the limits of the protection provided by this countermeasure. We propose an analysis methodology based on solving a least squares problem that permits to characterize the adversary’s profiling error with respect to the user behavior, the anonymity provider behavior, and the dummy strategy. Focusing on the particular case of a timed pool mix we show how, given a privacy target, the performance analysis can be used to design optimal dummy strategies to protect this objective.
Keywordsanonymous communications disclosure attacks dummies
Unable to display preview. Download preview PDF.
- 1.Danezis, G., Diaz, C., Syverson, P.: Systems for anonymous communication. In: Rosenberg, B. (ed.) Handbook of Financial Cryptography and Security. Cryptography and Network Security Series, pp. 341–389. Chapman & Hall/CRC (2009)Google Scholar
- 8.Diaz, C., Preneel, B.: Taxonomy of mixes and dummy traffic. In: Working Conference on Privacy and Anonymity in Networked and Distributed Systems, pp. 215–230. Kluwer Academic Publishers (2004)Google Scholar
- 11.Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a type iii anonymous remailer protocol. In: IEEE Symposium on Security and Privacy, pp. 2–15. IEEE Computer Society (2003)Google Scholar
- 12.Möller, U., Cottrell, L., Palfrader, P., Sassaman, L.: Mixmaster Protocol — Version 2. IETF Internet Draft (July 2003)Google Scholar
- 13.Pérez-González, F., Troncoso, C., Oya, S.: A least squares approach to the traffic analysis of high-latency anonymous communication systems, http://webs.uvigo.es/gpscuvigo/sites/default/files/publications/lsda2013.pdf
- 14.Oya, S., Troncoso, C., Pérez-González, F.: Meet the family of statistical disclosure attacks. In: IEEE Global Conference on Signal and Information Processing, 4p. (2013)Google Scholar
- 16.Oya, S., Troncoso, C., Pérez-González, F.: Technical report tsc/so/02052014: Derivation of the mean squared error of the least squares estimator in a timed pool mix with dummy traffic, http://webs.uvigo.es/gpscuvigo/sites/default/files/publications/trpets14.pdf
- 17.Haykin, S.: Adaptive Filter Theory, 4th edn. Prentice Hall (2002)Google Scholar