Towards an Information Theoretic Metric for Anonymity
In this paper we look closely at the popular metric of anonymity, the anonymity set, and point out a number of problems associated with it. We then propose an alternative information theoretic measure of anonymity which takes into account the probabilities of users sending and receiving the messages and show how to calculate it for a message in a standard mix-based anonymity system. We also use our metric to compare a pool mix to a traditional threshold mix, which was impossible using anonymity sets. We also show how the maximum route length restriction which exists in some fielded anonymity systems can lead to the attacker performing more powerful traffic analysis. Finally, we discuss open problems and future work on anonymity measurements.
KeywordsRoute Length Information Theoretic Anonymous Communication Outgoing Message Anonymity System
Unable to display preview. Download preview PDF.
- BPS00.O. Berthold, A. Pfitzmann, and R. Standtke. The disadvantages of free MIX routes and how to overcome them. In Designing Privacy Enhancing Technologies: Proceedings of the International Workshop on the Design Issues in Anonymity and Observability, LNCS 2009. 2000.Google Scholar
- Cha81.D. Chaum. Untraceable electronic mail, return addresses and digital pseudonyms. Communications of the A.C.M., 24(2):84–88, 1981.Google Scholar
- Cot94.L. Cottrell. Mixmaster and remailer attacks, 1994. http://www.obscura.com/~loki/remailer/remailer-essay.html.
- DSCP02.C. Diaz, S. Seys, J. Claessens, and B. Preneel. Towards measuring anonymity. In Workshop on Privacy Enhancing Technologies, LNCS 2482. 2002.Google Scholar
- GT96.C. Gulcu and G. Tsudik. Mixing email with Babel. In 1996 Internet Society Symposium on Network and Distributed Sytem Security, pages 2–16. San Diego, CA, 1996.Google Scholar
- MC00.U. Moeller and L. Cottrell. Mixmaster Protocol Version 3, 2000. http://www.eskimo.com/~rowdenw/crypt/Mix/draft-moeller-v3-01.txt.
- PK00.A. Pfitzmann and M. Kohntopp. Anonymity, unobservability and pseudonymity — a proposal for terminology. In Designing Privacy Enhancing Technologies: Proceedings of the International Workshop on the Design Issues in Anonymity and Observability, LNCS 2009. 2000.Google Scholar
- STRL00.P. F. Syverson, G. Tsudik, M. G. Reed, and C. E. Landwehr. Towards an analysis of onion routing security. In Designing Privacy Enhancing Technologies: Proceedings of the International Workshop on the Design Issues in Anonymity and Observability, LNCS 2009. 2000.Google Scholar