A Framework for Quantification of Linkability Within a Privacy-Enhancing Identity Management System

  • Sebastian Clauß
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3995)


Within a privacy-enhancing identity management system, among other sources of information, knowledge about current anonymity and about linkability of user’s actions should be available, so that each user is enabled to make educated decisions about performing actions and disclosing PII (personal identifiable information).

In this paper I describe a framework for quantification of anonymity and linkability of a user’s actions for use within a privacy-enhancing identity management system. Therefore, I define a model of user’s PII and actions as well as an attacker model. Based thereon, I describe an approach to quantify anonymity and linkability of actions. Regarding practical applicability, a third party service for linkability quantification is discussed.


Shannon Entropy Observer State Attack Model Observer Model Digital Identity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Clauß, S., Köhntopp, M.: Identity management and its support of multilateral security. Computer Networks, Special Issue on Electronic Business Systems 37, 205–219 (2001)Google Scholar
  2. 2.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4(2), 84–88 (1981)CrossRefGoogle Scholar
  3. 3.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards Measuring Anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Serjantov, A., Danezis, G.: Towards an Information Theoretic Metric for Anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Steinbrecher, S., Köpsell, S.: Modelling unlinkability. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 32–47. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Díaz, C., Claessens, J., Seys, S., Preneel, B.: Information theory and anonymity. In: Proceedings of the 23rd Symposium on Information Theory in the Benelux, Louvain la Neuve, Belgium, Werkgemeenschap voor Informatie en Communicatietheorie, May 29-31 (2002)Google Scholar
  7. 7.
    Hughes, D., Shmatikov, V.: Information hiding, anonymity and privacy: A modular approach. Journal of Computer Security 12(1), 3–36 (2004)CrossRefGoogle Scholar
  8. 8.
    Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudonymity - A proposal for terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001), Version 0.27 at: CrossRefGoogle Scholar
  9. 9.
    Orwell, G.: Nineteen Eighty-Four. Martin Secker & Warburg (1949)Google Scholar
  10. 10.
    Clauß, S., Schiffner, S.: Anonymität auf Anwendungsebene. In: Dittmann, J. (ed.) Proceedings of Sicherheit 2006, Bonn, GI. Lecture Notes in Informatics, vol. P-77, pp. 171–182 (2006) (German)Google Scholar
  11. 11.
    Shannon, C.: A mathematical theory of communication. The Bell System Technical Journal 27, 379–423 (1948)MathSciNetCrossRefMATHGoogle Scholar
  12. 12.
    Micali, S., Rogaway, P.: Secure computation. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 392–404. Springer, Heidelberg (1992)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Sebastian Clauß
    • 1
  1. 1.TU DresdenGermany

Personalised recommendations