Gergely Tóth, 5 November 20041 Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Measuring Anonymity Revisited Gergely Tóth Zoltán Hornák Ferenc Vajda.

Slides:



Advertisements
Similar presentations
Supporting Cooperative Caching in Disruption Tolerant Networks
Advertisements

Mobility Increase the Capacity of Ad-hoc Wireless Network Matthias Gossglauser / David Tse Infocom 2001.
Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China Smartening the Environment using Wireless Sensor Networks in a Developing Country Presented By Al-Sakib.
Enhancing Secrecy With Channel Knowledge
Sheng Xiao, Weibo Gong and Don Towsley,2010 Infocom.
Integration of sensory modalities
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
SUCCESSIVE INTERFERENCE CANCELLATION IN VEHICULAR NETWORKS TO RELIEVE THE NEGATIVE IMPACT OF THE HIDDEN NODE PROBLEM Carlos Miguel Silva Couto Pereira.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Communication-Efficient Distributed Monitoring of Thresholded Counts Ram Keralapura, UC-Davis Graham Cormode, Bell Labs Jai Ramamirtham, Bell Labs.
1 Learning Entity Specific Models Stefan Niculescu Carnegie Mellon University November, 2003.
Department of Computer Engineering Koc University, Istanbul, Turkey
Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.
The Sampling Distribution Introduction to Hypothesis Testing and Interval Estimation.
Opportunistic Routing Based Scheme with Multi-layer Relay Sets in Cognitive Radio Networks Ying Dai and Jie Wu Department of Computer and Information Sciences.
On Error Preserving Encryption Algorithms for Wireless Video Transmission Ali Saman Tosun and Wu-Chi Feng The Ohio State University Department of Computer.
Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.
Cryptography Week-6.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
How to play ANY mental game
TCP Enhancement for Random Loss Jiang Wu Computer Science Lakehead University.
When rate of interferer’s codebook small Does not place burden for destination to decode interference When rate of interferer’s codebook large Treating.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Delay-Throughput Tradeoff with Correlated Mobility in Ad-Hoc Networks Shuochao Yao*, Xinbing Wang*, Xiaohua Tian* ‡, Qian Zhang † *Department of Electronic.
Protecting Sensitive Labels in Social Network Data Anonymization.
Mobile Traffic Sensor Network versus Motion-MIX: Tracing and Protecting Mobile Wireless Nodes JieJun Kong Dapeng Wu Xiaoyan Hong and Mario Gerla.
Utilizing Call Admission Control for Pricing Optimization of Multiple Service Classes in Wireless Cellular Networks Authors : Okan Yilmaz, Ing-Ray Chen.
ACN: RED paper1 Random Early Detection Gateways for Congestion Avoidance Sally Floyd and Van Jacobson, IEEE Transactions on Networking, Vol.1, No. 4, (Aug.
User Cooperation via Rateless Coding Mahyar Shirvanimoghaddam, Yonghui Li, and Branka Vucetic The University of Sydney, Australia IEEE GLOBECOM 2012 &
Distributed Maintenance of Cache Freshness in Opportunistic Mobile Networks Wei Gao and Guohong Cao Dept. of Computer Science and Engineering Pennsylvania.
On Exploiting Transient Contact Patterns for Data Forwarding in Delay Tolerant Networks Wei Gao and Guohong Cao Dept. of Computer Science and Engineering.
Routing In Socially Selfish Delay Tolerant Networks Chan-Myung Kim
Content Sharing over Smartphone-Based Delay- Tolerant Networks.
On the Cost of Reconstructing a Secret, or VSS with Optimal Reconstruction Phase Ronald Cramer, Ivan Damgard, Serge Fehr.
Statistical-Time Access Fairness Index of One-Bit Feedback Fair Scheduler Fumio Ishizaki Dept. of Systems Design and Engineering Nanzan University, Japan.
Secure and Energy-Efficient Disjoint Multi-Path Routing for WSNs Presented by Zhongming Zheng.
Preserving Location Privacy in Wireless LANs Jiang, Wang and Hu MobiSys 2007 Presenter: Bibudh Lahiri.
University of Massachusetts Amherst · Department of Computer Science Square Root Law for Communication with Low Probability of Detection on AWGN Channels.
Recommendation for English multiple-choice cloze questions based on expected test scores 2011, International Journal of Knowledge-Based and Intelligent.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
Gergely Tóth, 23 September IWCIT’03, Gliwice, Poland, September 2003 Measure for Anonymity Gergely Tóth Budapest University of Technology and.
Jun Luo Panos Papadimitratos Jean-Pierre Hubaux By: Mai Ali Sayed.
Multicast Recipient Maximization in IEEE j WiMAX Relay Networks Wen-Hsing Kuo † ( 郭文興 ) & Jeng-Farn Lee ‡ ( 李正帆 ) † Department of Electrical Engineering,
Probabilistic km-anonymity (Efficient Anonymization of Large Set-valued Datasets) Gergely Acs (INRIA) Jagdish Achara (INRIA)
Multicasting in delay tolerant networks a social network perspective networks October2012 In-Seok Kang
Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.
Energy-Efficient Randomized Switching for Maximizing Lifetime in Tree- Based Wireless Sensor Networks Sk Kajal Arefin Imon, Adnan Khan, Mario Di Francesco,
Network Security Introduction
UNIT IV INFRASTRUCTURE ESTABLISHMENT. INTRODUCTION When a sensor network is first activated, various tasks must be performed to establish the necessary.
Multicast Scaling Laws with Hierarchical Cooperation Chenhui Hu, Xinbing Wang, Ding Nie, Jun Zhao Shanghai Jiao Tong University, China.
Optimization Problems in Wireless Coding Networks Alex Sprintson Computer Engineering Group Department of Electrical and Computer Engineering.
Network Security Celia Li Computer Science and Engineering York University.
Lecture 3 Page 1 CS 236 Online Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
INCS 741: Cryptography Overview and Basic Concepts.
Gergely Tóth, Rump Session1 PETWorkshop 2004, Toronto, Canada, May 2004 Gergely Tóth Budapest University of Technology and Economics Department of.
Computer Security By Rubel Biswas. Introduction History Terms & Definitions Symmetric and Asymmetric Attacks on Cryptosystems Outline.
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
Medium access in “new” contexts: Are we reinventing the wheel? Koushik Kar ECSE Department Rensselaer Polytechnic Institute, Troy, NY
1 Introduction to Quantum Information Processing CS 467 / CS 667 Phys 467 / Phys 767 C&O 481 / C&O 681 Richard Cleve DC 3524 Course.
Location Cloaking for Location Safety Protection of Ad Hoc Networks
SocialMix: Supporting Privacy-aware Trusted Social Networking Services
Towards Measuring Anonymity
Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity and Identity Management – A Consolidated Proposal for Terminology Authors: Andreas.
Anonymity in Structured Peer-to-Peer Networks
Quantum Information Theory Introduction
Modeling Entropy in Onion Routing Networks
Information Theoretical Analysis of Digital Watermarking
Continuous Random Variables: Basics
Presentation transcript:

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Measuring Anonymity Revisited Gergely Tóth Zoltán Hornák Ferenc Vajda Budapest University of Technology and Economics Department of Measurement and Information Systems Nordsec 2004

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Outline Our research group Anonymity in general Anonymous communication Measuring anonymity –past and present approaches –our suggestion Summary and future plans

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 SEARCH-LAB at BUTE DMIS BUTEBudapest University of Technology and Economics (BUTE) DMISDepartment of Measurement and Information Systems (DMIS) SEARCH-LABSecurity Evaluation Analysis and Research Laboratory (SEARCH-LAB) Security in mobile networksCore focus: Security in mobile networks DRM, Biometrics & AnonymityCurrent research areas: DRM, Biometrics & Anonymity

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Summary of the Presentation & Paper Anonymous communicationAnonymous communication is needed for several real-world scenarios Different implementations provide different levels of anonymity metricA theoretical, objective metric is needed to be able to compare them After analyzing past approaches, we present our suggestion

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Introduction

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Anonymity in General hiding the identityAnonymity means hiding the identity –actions are performed by subjects –aim is to hide the identity of these subjects from any possible adversary anonymity scenariosPossible anonymity scenarios –hide the identity of the voter during e-voting –hide the identity of the buyer during e-payment –hide the identity of the sender of s

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Anonymous Communication Several layers in the anonymity architecture with different functions anonymous communicationFocus of the presentation & paper: anonymous communication –systems that deliver messages so that they cannot be traced back to their sources –several such systems have been designed –aim is now to define metrics to be able to compare them

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Need for Measuring Anonymity Different systemsDifferent systems –algorithms –network topologies –adversary models Anonymity provided has to be measured –objective, theoretically –objective, theoretically based metrics easy to understand –should be easy to understand by laymen define their required anonymity level –users should be able to define their required anonymity level

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Anonymous Communication

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Model of Anonymous Communication Anonymous message transmissionAnonymous message transmission system –senders send encrypted messages to recipients through a channel –the channel alters, delays and reorders messages before delivery adversary –an adversary tries to back-trace delivered messages to their senders

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Anonymity Terminology anonymity set“Anonymity is the state of being not identifiable within a set of subjects, the anonymity set” Sender anonymitySender anonymity means that –a particular message is not linkable to any sender and –to a particular sender no message is linkable.

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Different Realizations During the evolution of science several schemes have been proposed and implemented –batch systems: MIXes –continuous-time systems –peer-to-peer systems –systems with provable anonymity, such as DC networks Let’s see some examples

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 MIXes I – Batched Operation MIXes are network relays to make back- tracing messages to their senders hard buffer randomly reorderFor this they buffer incoming messages and randomly reorder them upon delivery MIX

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 MIXes II – the MIX Network networksThey are furthermore organized in networks onion-like messagesThere, special, onion-like messages are created and propagated M to Y to MIX 3 to MIX 2 MIX 1 MIX 2 MIX 3 from sender to recipient to MIX 2 to MIX 3 to Y M to Y M

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Continuous Time Systems MIXes did batching, in most cases they do not guarantee real-time delivery process messages individuallyOn the other hand continuous-time systems process messages individually probability variable with a given density –message delay (  ) in the channel is a probability variable with a given density f(  ) –delay is not dependent on the actual message distribution

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 PROB-channel & SG-MIX Two recent continuous-time systems: –SG-MIX –SG-MIX (Stop-and-go MIX): exponential density function for non real-time scenarios –PROB-channel –PROB-channel: uniform distribution with definite maximum for real-time use-cases

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Challenge The challenge: newer and newer systems –with the evolution of science, newer and newer systems are constructed organized into networks of various topologies –different known systems are organized into networks of various topologies Which architecture is better? metric –a theoretical metric is needed to objectively compare different systems easy to understand –measuring should be easy to understand

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 More Complex Systems and Networks MIX

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Measuring Anonymity

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Attempt #1 – Anonymity Set Size Size of the anonymity set –the first attempt to quantity the level of anonymity –the bigger the anonymity set, the greater the level of anonymity –easy to calculate –easy to understand you are anonymous as if one had to pick randomly from 500 equal possibilities

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Problem with Anonymity Set Size In some simple cases anonymity set size works well (e.g. for simple MIXes) However a closer look reveals different probabilities –in the anonymity set subjects have different probabilities, i.e. one is more likely to be the actual sender than the other according to the knowledge of the adversary –simply the size of the anonymity set is not definite enough

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Attempt #2 – Entropy The probabilities of the different subjects have to be considered information theory entropyFor this purpose in the information theory a fundamental construction had been defined: entropy The improved approach: use the entropy of the probability distribution for quantifying anonymity

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Entropy – Definitions probabilitiesDetermine the probabilities for a sender being the originator for a message anonymity setThe anonymity set: Simple entropySimple entropy measure: Normalized entropyNormalized entropy measure:

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Problems with Entropy totally breakEntropy-based metrics aim to quantify the amount of information that is needed to totally break anonymity non-desirable systemsProblem: non-desirable systems with arbitrarily high entropy exist –both for simple entropy and –for normalized entropy.

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Example 20 senders, uniform distribution, P=5% 101 senders, non-uniform distribution –for one sender P=50% –for all the other 100 senders P=0.5% entropy is the sameFor both cases entropy is the same S= bits don’t achieve the same level of anonymityHowever, it is clear, that the two systems don’t achieve the same level of anonymity

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Problems with Entropy – continued In the paper for both simple and normalized entropy degenerate cases were shown local aspect –such measures neglect the local aspect of anonymity does not necessarily want to totally compromise all messagesthe adversary does not necessarily want to totally compromise all messages locally guess forsome messages with a better probability than anticipatedaim could be to locally guess for some messages with a better probability than anticipated Also easy understandability suffers

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Our Suggestion – Maximal Probability maximal probabilityUse the maximal probability as a measure source-hiding with parameter If the above holds, a system is called source-hiding with parameter  –this approach is easy-to-understand  =10% means that regardless what the adversary does, he won’t be able to compromise any of your messages with a probability greater than 10%

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Maximal Probability – continued Source-hiding property –it can be converted back to the entropy-based metrics for both simple and normalized entropy equations were given local aspect of anonymity –considers the local aspect of anonymity for no messages can the threshold be exceeded source-hiding property can be set as a requirement –for some systems source-hiding property can be set as a requirement

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Summary & Future

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Summary The field of anonymous communication is rapidly evolving In order to be able to objectively compare different systems, a theoretical metric is needed Our suggestion is to use the maximal probability from the probability distribution of the adversary to measure the achieved level of anonymity

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Research Plans For some scenarios the level of anonymity can be calculated anonymity has to be analyzed further –there are constructions where the anonymity has to be analyzed further combination of different systems –it has to be evaluated, how the combination of different systems behaves QoSSystems are needed, where the level of anonymity can be set as a requirement (QoS)

Gergely Tóth, 5 November Nordsec 2004, Helsinki, Finland, 4-5 November 2004 Thank you for your attention Gergely Tóth Budapest University of Technology and Economics Department of Measurement and Information Systems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.