The main goal of anonymity protocols is to protect the identities of communicating entities in a network communication. An anonymity protocol can be characterized by a noisy channel in the information-theoretic sense. The anonymity of the protocol is then tightly related to how much information is being leaked by the channel. In this paper we investigate a new idea of measuring the information leaked based on how much the rows of the channel probabilities matrix are different from each other. We considered each row of the matrix as a point in the n-dimensional space and we used statistical dispersion measures to estimate how much the points are scattered in the space. Empirical results showed that the two proposed measures KLSD and KLMD are sensitive to the modifications of the attacker capabilities and most importantly they are stable when the a priori distribution on the secret events changes. We show that a variant of KLSD coincides with the classical notion of mutual information which gives the latter an interesting geometric interpretation. The same idea of statistical dispersion is used in a new decision function when the protocol is re-executed several times.


Mutual Information Relative Entropy Decision Function Channel Matrix Noisy Channel 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–90 (1981)CrossRefGoogle Scholar
  2. 2.
    Reiter, M., Rubin, A.: Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)CrossRefGoogle Scholar
  3. 3.
    Syverson, P., Goldschlag, D., Reed, M.: Anonymous connections and onion routing. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy (SP 1997), Washington, DC, USA. IEEE Computer Society, Los Alamitos (1997)Google Scholar
  4. 4.
    Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. Journal of Cryptology 1(1), 65–75 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Shields, C., Levine, B.: A protocol for anonymous communication over the internet. In: Proceedings of the 7th ACM Conference on Computer and Communications Security, pp. 33–42. ACM, New York (2000)Google Scholar
  6. 6.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Diaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Zhu, Y., Bettati, R.: Anonymity vs. information leakage in anonymity systems. In: Proceedings of the 25th IEEE International Conference on Distributed Computing Systems (ICDCS 2005), Columbus, Ohio, pp. 514–524 (2005)Google Scholar
  9. 9.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Anonymity protocols as noisy channels. Information and Computation 206(2-4), 378–401 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Moskowitz, I., Newman, R., Crepeau, D., Miller, A.: Covert channels and anonymizing networks. In: WPES 2003: Proceedings of the 2003 ACM workshop on Privacy in the electronic society, pp. 79–88. ACM, New York (2003)Google Scholar
  11. 11.
    Cover, T., Thomas, J.: Elements of Information Theory. Wiley-Interscience, New York (1991)CrossRefzbMATHGoogle Scholar
  12. 12.
    Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Rény, A.: On measures of entropy and information. In: Proceedings of the 4th Berkeley Symposium on Mathematics, Statistics, and Probability, pp. 547–561 (1960)Google Scholar
  14. 14.
    Moskowitz, I., Newman, R., Syverson, P.: Quasi-anonymous channels. In: IASTED CNIS, pp. 126–131 (2003)Google Scholar
  15. 15.
    Newman, R., Moskowitz, I., Syverson, P., Serjantov, A.: Metrics for traffic analysis prevention. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 48–65. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Tóth, G., Hornák, Z., Vajda, F.: Measuring anonymity revisited. In: Liimatainen, S., Virtanen, T. (eds.) Proceedings of the Ninth Nordic Workshop on Secure IT Systems, Espoo, Finland, pp. 85–90 (November 2004)Google Scholar
  17. 17.
    Edman, M., Sivrikaya, F., Yener, B.: A combinatorial approach to measuring anonymity. In: 2007 IEEE Intelligence and Security Informatics, pp. 356–363 (2007)Google Scholar
  18. 18.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: On the bayes risk in information-hiding protocols. Journal of Computer Security 16(5), 531–571 (2008)CrossRefGoogle Scholar
  19. 19.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative analysis of the leakage of confidential data. Electrical Notes in Theoretical Computer Science 59, 238–251 (2001)CrossRefGoogle Scholar
  20. 20.
    University of Oxford: Prism,
  21. 21.
    Chatzikokolakis, K.: Probabilistic and Information-Theoretic Approaches to Anonymity. PhD thesis, Laboratoire d’Informatique (LIX), École Polytechnique, Paris (October 2007)Google Scholar
  22. 22.
    MacKay, D.: Information Theory, Inference and Learning Algorithms. Cambridge University Press, Cambridge (2003)zbMATHGoogle Scholar
  23. 23.
    Wright, M., Adler, M., Levine, B., Shields, C.: An analysis of the degradation of anonymous protocols. In: Proceedings of the Network and Distributed Security Symposium (NDSS 2002). IEEE Computer Society, Los Alamitos (2001)Google Scholar
  24. 24.
    Syverson, P., Tsudik, G., Reed, M., Landwehr, C.: Towards an analysis of onion routing security. In: Proceedings of the international workshop on Designing privacy enhancing technologies, pp. 96–114. Springer, New York (2001)CrossRefGoogle Scholar
  25. 25.
    Gibbs, A., Su, F.: On choosing and bounding probability metrics. International Statistical Institute 70, 418–435 (2002)zbMATHGoogle Scholar
  26. 26.
    Danezis, G., Diaz, C.: A survey of anonymous communication channels. Technical Report MSR-TR-2008-35, Microsoft Research (January 2008)Google Scholar
  27. 27.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th Usenix Security Symposium (August 2004)Google Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2010

Authors and Affiliations

  • Sami Zhioua
    • 1
  1. 1.King Fahd University of Petroleum and MineralsSaudi Arabia

Personalised recommendations