Two-Sided Statistical Disclosure Attack

  • George Danezis
  • Claudia Diaz
  • Carmela Troncoso
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4776)


We introduce a new traffic analysis attack: the Two-sided Statistical Disclosure Attack, that tries to uncover the receivers of messages sent through an anonymizing network supporting anonymous replies. We provide an abstract model of an anonymity system with users that reply to messages. Based on this model, we propose a linear approximation describing the likely receivers of sent messages. Using simulations, we evaluate the new attack given different traffic characteristics and we show that it is superior to previous attacks when replies are routed in the system.


Target User Normal Message Anonymous Communication Anonymity System Real Receiver 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, D., Kesdogan, D.: Measuring anonymity: The disclosure attack. IEEE Security & Privacy 1(6), 27–34 (2003)CrossRefGoogle Scholar
  2. 2.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)CrossRefGoogle Scholar
  3. 3.
    Danezis, G.: Statistical disclosure attacks. In: Gritzalis, D., De Capitani di Vimercati, S., Samarati, P., Katsikas, S.K. (eds.) SEC of IFIP Conference Proceedings, vol. 250, pp. 421–426. Kluwer, Dordrecht (2003)Google Scholar
  4. 4.
    Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a type iii anonymous remailer protocol. In: IEEE Symposium on Security and Privacy, pp. 2–15. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  5. 5.
    Danezis, G., Serjantov, A.: Statistical disclosure or intersection attacks on anonymity systems. In: Fridrich [6], pp. 293–308Google Scholar
  6. 6.
    Fridrich, J. (ed.): IH 2004. LNCS, vol. 3200, pp. 23–25. Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Heydt-Benjamin, T.S., Serjantov, A., Defend, B.: Nonesuch: a mix network with sender unobservability. In: 2006 Workshop on Privacy in the Electronic Society, ACM Press, New York (2006)Google Scholar
  8. 8.
    Kesdogan, D., Agrawal, D., Penz, S.: Limits of anonymity in open environments. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 53–69. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Kesdogan, D., Pimenidis, L. : The hitting set attack on anonymity protocols. In: Fridrich [6], pp. 326–339Google Scholar
  10. 10.
    Mathewson, N., Dingledine, R.: Practical traffic analysis: Extending and resisting statistical disclosure. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 17–34. Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • George Danezis
    • 1
  • Claudia Diaz
    • 1
  • Carmela Troncoso
    • 1
  1. 1.K.U. Leuven, ESAT/COSIC, Kasteelpark Arenberg 10, B-3001 Leuven-HeverleeBelgium

Personalised recommendations