Real World Patterns of Failure in Anonymity Systems

  • Richard Clayton
  • George Danezis
  • Markus G. Kuhn
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2137)


We present attacks on the anonymity and pseudonymity provided by a “lonely hearts” dating service and by the HushMail encrypted email system. We move on to discuss some generic attacks upon anonymous systems based on the engineering reality of these systems rather than the theoretical foundations on which they are based. However, for less sophisticated users it is social engineering attacks, owing nothing to computer science, that pose the biggest day-to-day danger. This practical experience then permits a start to be made on developing a security policy model for pseudonymous communications.


Security Policy Covert Channel Physical User Brute Force Attack Anonymity System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Comm. ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  2. 2.
    Goldberg, I., Shostack, A: Freedom Network 1.0. Zero-Knowledge Systems, Inc. (November 1999)
  3. 3.
    Goldschlag, D. M., Reed, M. G., Syverson, P. F.: Onion Routing for Anonymous and Private Internet Connections. Comm. ACM 42(2) (1999)Google Scholar
  4. 4.
    Privada Inc: How privacy is maintained (2000)
  5. 5.
    Reiter, M., Rubin, A.: Anonymous web transactions with crowds. Comm. ACM 42(2) 32–38 (1999)CrossRefGoogle Scholar
  6. 6.
    Hush Communications:
  7. 7.
    Syverson, P. F., Tsudik G., Reed M. G., Landwehr, C. E.: Towards an Analysis of Onion Routing. Security Workshop on Design Issues in Anonymity and Unobservability Berkeley, Ca. (July 2000)Google Scholar
  8. 8.
    Kesdogan, D., Egner, J., Büschkes, R.: Stop-And-Go-MIXes Providing Probabilistic Anonymity in an Open System. IHW’98-Proc. of the International Information Hiding Workshop. (April 1998)Google Scholar
  9. 9.
    Waidner, M., Pfitzmann, B.: Unconditional Sender and Recipient Untraceability in spite of Active Attacks-Some Remarks. Fakultät für Informatik, Universität Karlsruhe, Interner Bericht 5/89 (March 1989)Google Scholar
  10. 10.
    Miles, G., Bowden, E. J.: Scripting Backdoor Steals Secrets. ZDNet.,5594,2585941,00.html (June 12, 2000)
  11. 11.
    Anupam, V., Mayer, A.: Security of Web Browser Scripting Languages: Vulnerabilities, Attacks, and Remedies. 9th USENIX Security Symposium (2000)Google Scholar
  12. 12.
    Hush Communications Anguilla, Inc.:
  13. 13.
    Almgren, F., Andersson, G., Granlund, T., Ivansson, L., Ulfberg, S.: How We Cracked the Code Book Ciphers
  14. 14.
    Yan, J., Blackwell, A., Anderson, R., Grant, A.: The Memorability and Security of Passwords Some Empirical Results. TR 500, University of Cambridge Computer Laboratory (September 2000)Google Scholar
  15. 15.
    Morris, R., Thompson, K.: Password Security: A Case History. Comm. ACM 22(11) 594–597 (1979)CrossRefGoogle Scholar
  16. 16.
    Sporkin, S.: McVeigh v Cohen. United States District Court for the District of Columbia, Civil Action No 98–116 (1998)
  17. 17.
    Bell, B. A. (ed.): CyberSecurities Law Case Digest: Corporate Cybersmear Lawsuits,
  18. 18.
    Childnet: Chat Tips Banner.
  19. 19.
    Smith, R. M.: Problems with Web Anonymizing Services
  20. 20.
    Fajman, R.: An Extensible Message Format for Message Disposition Notifications. Request for Comments 2298. (March 1998)
  21. 21.
    Denning, D. E.: Cryptography and Data Security. Addison Wesley (1982)Google Scholar
  22. 22.
    Anderson, R.: Security Engineering-A Guide to Building Dependable Distributed Systems. John Wiley & Sons (2001) 146–148Google Scholar
  23. 23.
    National Computer Security Center: A Guide to Understanding Covert Channel Analysis of Trusted Systems. NCSC-TG-030, Version 1 (November 1993)Google Scholar
  24. 24.
    Iachello, G.: Single MIX Protection Profile, Revision 1.11 (May 1999)
  25. 25.
    Rao, J. R., Rohatgi, P.: Can Pseudonymity Really Guarantee Privacy? 9th USENIX Security Symposium (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Richard Clayton
    • 1
  • George Danezis
    • 1
  • Markus G. Kuhn
    • 1
  1. 1.Computer LaboratoryUniversity of CambridgeCambridgeUK

Personalised recommendations