Countering Statistical Disclosure with Receiver-Bound Cover Traffic

  • Nayantara Mallesh
  • Matthew Wright
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4734)


Anonymous communications provides an important privacy service by keeping passive eavesdroppers from linking communicating parties. However, using long-term statistical analysis of traffic sent to and from such a system, it is possible to link senders with their receivers. Cover traffic is an effective, but somewhat limited, counter strategy against this attack. Earlier work in this area proposes that privacy-sensitive users generate and send cover traffic to the system. However, users are not online all the time and cannot be expected to send consistent levels of cover traffic, drastically reducing the impact of cover traffic. We propose that the mix generate cover traffic that mimics the sending patterns of users in the system. This receiver-bound cover helps to make up for users that aren’t there, confusing the attacker. We show through simulation how this makes it difficult for an attacker to discern cover from real traffic and perform attacks based on statistical analysis. Our results show that receiver-bound cover substantially increases the time required for these attacks to succeed. When our approach is used in combination with user-generated cover traffic, the attack takes a very long time to succeed.


privacy-enhancing technologies cover traffic anonymity 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Acquisti, A., Dingledine, R., Syverson, P.: On the economics of anonymity. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, Springer, Heidelberg (2003)Google Scholar
  2. 2.
    Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  3. 3.
    Kesdogan, D., Agarwal, D., Penz, S.: Limits of anonymity in open environments. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, Springer, Heidelberg (2003)Google Scholar
  4. 4.
    Danezis, G.: Statistical disclosure attacks: Traffic confirmation in open environments. In: Proc. Security and Privacy in the Age of Uncertainty (SEC) (May 2003)Google Scholar
  5. 5.
    Mathewson, N., Dingledine, R.: Practical traffic analysis: Extending and resisting statistical disclosure. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, Springer, Heidelberg (2005)Google Scholar
  6. 6.
    Díaz, C., Serjantov, A.: Generalising mixes. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, Springer, Heidelberg (2003)Google Scholar
  7. 7.
    Barabási, A.L., Albert, R.: Emergence of scaling in random networks. Science 286, 509–512 (1999)CrossRefMathSciNetGoogle Scholar
  8. 8.
    Zimmermann, P.R.: The official PGP user’s guide. MIT Press, Cambridge, MA, USA (1995)Google Scholar
  9. 9.
    Dusse, S., Hoffman, P., Ramsdell, B., Lundblade, L., Repka, L.: S/mime version 2 message specification (1998)Google Scholar
  10. 10.
    Graham, P.: A plan for spam (August 2002), available at
  11. 11.
    Meyer, T., Whateley, B.: Spambayes: Effective open-source, bayesian based, email classification. In: Proc. Conference on Email and Anti-Spam (CEAS) (July 2004)Google Scholar
  12. 12.
    Androutsopoulos, I., Koutsias, J., Chandrinos, K., Paliouras, G., Spyropoulos, C.: An evaluation of naive bayesian anti-spam filtering. In: Proc. Workshop on Machine Learning in the New Information Age (May 2000)Google Scholar
  13. 13.
    Dingledine, R., Mathewson, P.S.N.: Tor: The next-generation onion router. In: Proc. 13th USENIX Security Symposium (August 2004)Google Scholar
  14. 14.
    Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a type III anonymous remailer protocol. In: Proc. 2003 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  15. 15.
    Weinstein, L.: Spam wars. Communications of the ACM 46(8), 136 (2003)CrossRefGoogle Scholar
  16. 16.
    Berthold, O., Langos, H.: Dummy traffic against long-term intersection attacks. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Shmatikov, V., Wang, M.-H.: Timing analysis in low-latency mix networks: attacks and defenses. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 18–33. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Bennett, K., Grothoff, C., Horozov, T., Patrascu, I., Stef, T.: Gnunet – a truly anonymous networking infrastructure. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, Springer, Heidelberg (2003)Google Scholar
  19. 19.
    Clarke, I., Sandberg, O., Wiley, B., Hong, T.W.: Freenet: A distributed anonymous information storage and retrieval system. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 46–66. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Scarlatta, V., Levine, B., Shields, C.: Responder anonymity and anonymous peer-to-peer file sharing. In: Proc. IEEE Intl. Conference on Network Protocols (ICNP), IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  21. 21.
    Sherwood, R., Bhattacharjee, B., Srinivasan, A.: P5: A protocol for scalable anonymous communication. In: Proc. 2002 IEEE Sym. on Security and Privacy, IEEE Computer Society Press, Los Alamitos (May 2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Nayantara Mallesh
    • 1
  • Matthew Wright
    • 1
  1. 1.Department of Computer Science and Engineering, The University of Texas at Arlington 

Personalised recommendations