Analysing the MUTE Anonymous File-Sharing System Using the Pi-Calculus

  • Tom Chothia
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4229)


This paper gives details of a formal analysis of the MUTE system for anonymous file-sharing. We build pi-calculus models of a node that is innocent of sharing files, a node that is guilty of file-sharing and of the network environment. We then test to see if an attacker can distinguish between a connection to a guilty node and a connection to an innocent node. A weak bi-simulation between every guilty network and an innocent network would be required to show possible innocence. We find that such a bi-simulation cannot exist. The point at which the bi-simulation fails leads directly to a previously undiscovered attack on MUTE. We describe a fix for the MUTE system that involves using authentication keys as the nodes’ pseudo identities and give details of its addition to the MUTE system.


Target Node Mute System Reply Message Elliptic Curve Digital Signature Algorithm SHA1 Hash 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [ALRV05]
    Aristizabal, A., Lopez, H., Rueda, C., Valencia, F.D.: Formally reasoning about security issues in p2p protocols: A case study. In: Third Taiwanese-French Conference on Information Technology (2005)Google Scholar
  2. [Ant03]
  3. [BASM04]
    Bono, S., Christopher, A., Soghoian, Monrose, F.: Mantis: A high-performance, anonymity preserving, p2p network. Johns Hopkins University Information Security Institute Technical Report TR-2004-01-B-ISI-JHU (2004)Google Scholar
  4. [BDG92]
    Beckers, R., Deneubourg, J.L., Goss, S.: Trails and u-turns in the selection of the shortest path by the ant lasius niger. Journal of Theoretical Biology 159, 397–415 (1992)CrossRefGoogle Scholar
  5. [BP05]
    Bhargava, M., Palamidessi, C.: Probabilistic anonymity. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 171–185. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. [CC05]
    Chothia, T., Chatzikokolakis, K.: A survey of anonymous peer-to-peer file-sharing. In: Yang, L.T., Amamiya, M., Liu, Z., Guo, M., Rammig, F.J. (eds.) EUC 2005. LNCS, vol. 3824, pp. 744–755. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. [CP05]
    Chatzikokolakis, K., Palamidessi, C.: Probable innocence revisited. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2005. LNCS, vol. 3866, pp. 142–157. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. [CSWH01]
    Clarke, I., Sandberg, O., Wiley, B., Hong, T.W.: Freenet: A distributed anonymous information storage and retrieval system. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, p. 46. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. [DD99]
    Dorigo, M., Di Caro, G.: The ant colony optimization meta-heuristic. In: Corne, D., Dorigo, M., Glover, F. (eds.) New Ideas in Optimization, pp. 11–32. McGraw-Hill, London (1999)Google Scholar
  10. [DFM00]
    Dingledine, R., Freedman, M.J., Molnar, D.: The free haven project: Distributed anonymous storage service. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, p. 67. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. [DMS04]
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (2004)Google Scholar
  12. [DPP05]
    Deng, Y., Palamidessi, C., Pang, J.: Weak probabilistic anonymity. In: Proc. 3rd International Workshop on Security Issues in Concurrency (SecCo 2005) (2005)Google Scholar
  13. [GHPvR05]
    Garcia, F.D., Hasuo, I., Pieters, W., van Rossum, P.: Provable anonymity. In: Proceedings of the 3rd ACM Workshop on Formal Methods in Security Engineering (FMSE 2005) (2005)Google Scholar
  14. [GSB02]
    Gunes, M., Sorges, U., Bouazzi, I.: Ara – the ant-colony based routing algorithm for manets. In: Proceedings of the International Workshop on Ad Hoc Networking (IWAHN 2002), Vancouver (August 2002)Google Scholar
  15. [HP00]
    Herescu, O.M., Palamidessi, C.: Probabilistic asynchronous pi-calculus. In: Foundations of Software Science and Computation Structure, pp. 146–160 (2000)Google Scholar
  16. [HT91]
    Honda, K., Tokoro, M.: An object calculus for asynchronous communication. In: America, P. (ed.) ECOOP 1991. LNCS, vol. 512, pp. 133–147. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  17. [KKK05]
    Kim, B.R., Kim, K.C., Kim, Y.S.: Securing anonymity in p2p network. In: sOc-EUSAI 2005: Proceedings of the joint conference on Smart objects and ambient intelligence. ACM Press, New York (2005)Google Scholar
  18. [KNP02]
    Kwiatkowska, M., Norman, G., Parker, D.: PRISM: Probabilistic symbolic model checker. In: Field, T., Harrison, P.G., Bradley, J., Harder, U. (eds.) TOOLS 2002. LNCS, vol. 2324, pp. 200–204. Springer, Heidelberg (2002)Google Scholar
  19. [KR05]
    Kremer, S., Ryan, M.D.: Analysis of an electronic voting protocol in the applied pi calculus. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 186–200. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. [Mil93]
    Milner, R.: The polyadic π-calculus: A tutorial. In: Logic and Algebra of Specification. Computer and Systems Sciences, vol. 94, pp. 203–246 (1993)Google Scholar
  21. [Par01]
    Parrow, J.: Handbook of Process Algebra. In: An Introduction to the pi-calculus. Elsevier, Amsterdam (2001)Google Scholar
  22. [Roh06]
    Rohrer, J.: Mute technical details (2006),
  23. [RR98]
    Reiter, M., Rubin, A.: Crowds: anonymity for web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)CrossRefGoogle Scholar
  24. [SGRE04]
    Sirer, E.G., Goel, S., Robson, M., Engin, D.: Eluding carnivores: File sharing with strong anonymity, Cornell Univ. Tech. Rep. (2004)Google Scholar
  25. [SS96]
    Schneider, S., Sidiropoulos, A.: CSP and anonymity. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 198–218. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  26. [Tiu04]
    Tiu, A.: Level 0/1 prover: A tutorial (2004), Avilable online at:
  27. [VM94]
    Victor, B., Moller, F.: The Mobility Workbench — a tool for the π-calculus. In: Dill, D.L. (ed.) CAV 1994. LNCS, vol. 818, pp. 428–440. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  28. [was03]

Copyright information

© IFIP International Federation for Information Processing 2006

Authors and Affiliations

  • Tom Chothia
    • 1
  1. 1.CWIAmsterdamThe Netherlands

Personalised recommendations