A Combinatorial Approach for an Anonymity Metric

  • Dang Vinh Pham
  • Dogan Kesdogan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5594)


A number of papers are suggested with the goal to measure the quality of anonymity of a given anonymity system. Most of them use the anonymity set as the basis for developing, reasoning about and applying measure. In this paper we argue that these approaches are premature. In this work we suggest to use the so called hypothesis set – a term derived from possibilistic information flow theory. Investigating the hypothesis set, it is possible to make the “protection structure” explicit and also define well known terms from measurement theory like scale and metric. We demonstrate our approach by evaluating the hypothesis set of the classical Chaumian Mix.


Combinatorial Approach Exclusion Process Full Disclosure Extensive Class Communication Round 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chaum, D.L.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  2. 2.
    Pfitzmann, A., Köhntopp, M.: Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Eusgeld, I., Freiling, F.C., Reussner, R. (eds.): Dependability Metrics. LNCS, vol. 4909. Springer, Heidelberg (2008)Google Scholar
  4. 4.
    Shannon, C.E.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28, 656–715 (1949)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Kesdogan, D., Agrawal, D., Pham, V., Rauterbach, D.: Fundamental Limits on the Anonymity Provided by the Mix Technique. In: IEEE Symposium on Security and Privacy (May 2006)Google Scholar
  6. 6.
    Clauß, S., Schiffner, S.: Structuring Anonymity Metrics. In: DIM 2006: Proceedings of the second ACM workshop on Digital identity management, pp. 55–62 (2006)Google Scholar
  7. 7.
    Deng, Y., Pang, J., Wu, P.: Measuring Anonymity with Relative Entropy. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2006. LNCS, vol. 4691, pp. 65–79. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards Measuring Anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Edman, M., Sivrikaya, F., Yener, B.: A Combinatorial Approach to Measuring Anonymity, 356–363 (2007)Google Scholar
  10. 10.
    Serjantov, A., Danezis, G.: Towards an Information Theoretic Metric for Anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 259–263. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Tóth, G., Hornák, Z., Vajda, F.: Measuring Anonymity Revisited. In: Proceedings of the Ninth Nordic Workshop on Secure IT Systems, pp. 85–90 (November 2004)Google Scholar
  12. 12.
    Zhu, Y., Bettati, R.: Anonymity vs. Information Leakage in Anonymity Systems. In: ICDCS 2005: Proceedings of the 25th IEEE International Conference on Distributed Computing Systems, pp. 514–524 (2005)Google Scholar
  13. 13.
    Clarkson, M.R., Myers, A.C., Schneider, F.B.: Belief in Information Flow. In: Proceedings of the 18th IEEE workshop on Computer Security Foundations, pp. 31–45 (2005)Google Scholar
  14. 14.
    Reiter, M.K., Rubin, A.D.: Crowds: Anonymity for Web Transactions. ACM Transactions on Information and System Security 1, 66–92 (1998)CrossRefGoogle Scholar
  15. 15.
    Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD thesis, Universität des Saarlandes (July 2003)Google Scholar
  16. 16.
    Schneider, S., Sidiropoulos, A.: CSP and Anonymity. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 198–218. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  17. 17.
    Halpern, J.Y., O’Neill, K.R.: Anonymity and Information Hiding in Multiagent Systems 13, 483–514 (2005)Google Scholar
  18. 18.
    Hughes, D., Shmatikov, V.: Information Hiding, Anonymity and Privacy: a Modular Approach. J. Comput. Secur. 12, 3–36 (2004)CrossRefGoogle Scholar
  19. 19.
    Padlipsky, M.A., Snow, D.W., Karger, P.A.: Limitations of End-to-End Encryption in Secure Computer Networks. Technical Report ESD-TR-78-158 (August 1978)Google Scholar
  20. 20.
    Pfitzmann, A.: Diensteintegrierende Kommunikationsnetze mit teilnehmerüberprüfbarem Datenschutz. Informatik-Fachberichte, vol. 234 (1990)Google Scholar
  21. 21.
    Kesdogan, D., Pimenidis, L.: The Hitting Set Attack on Anonymity Protocols. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 326–339. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Kesdogan, D., Agrawal, D., Penz, S.: Limits of Anonymity in Open Environments. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 53–69. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Pham, V.: Analysis of the Anonymity Set of Chaumian Mixes. In: 13th Nordic Workshop on Secure IT-Systems (October 2008)Google Scholar
  24. 24.
    Pham, D.V.: Analysis of Attacks on Chaumian Mixes (Analyse von Angriffen auf Chaummixen). Master’s thesis, RWTH-Aachen (April 2006)Google Scholar
  25. 25.
    O’Connor, L.: Entropy Bounds for Traffic Confirmation. Cryptology ePrint Archive (2008),

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Dang Vinh Pham
    • 1
  • Dogan Kesdogan
    • 1
    • 2
  1. 1.Siegen UniversitySiegenGermany
  2. 2.NTNU-Norwegian University of Science and TechnologyTrondheimNorway

Personalised recommendations