Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anonymity Metrics R. Newman.

Published byBerenice Perkins Modified over 6 years ago

Similar presentations

Presentation on theme: "Anonymity Metrics R. Newman."— Presentation transcript:

1 Anonymity Metrics R. Newman

2 Topics Defining anonymity Need for anonymity Defining privacy
Threats to anonymity and privacy Mechanisms to provide anonymity Metrics for Anonymity Applications of anonymity technology

3 Anonymity Set Size Used with Chaum (free-route) Mixes
Anonymity measure: Anonymity set size Relative to message m All possible senders Pfitzmann – log |AS| Measure used is log2 (|AS(m)|) AS(m) is Anonymity Set for message m Does not capture different likelihoods for different senders

4 Free-Route Mix Network
Suppose Threshold Mixes, threshold N = 2 M2 M4 M1 M3

5 Free-Route Mix Network
Suppose Threshold Mixes, threshold N = 2 Trace backwards through Mix that sent m M2 M4 M1 M3 m – msg of interest

6 Free-Route Mix Network
Suppose Threshold Mixes, threshold N = 2 Trace backwards through Mix that sent m Recursively.... M2 M4 M1 M3 m – msg of interest Possible sender

7 Free-Route Mix Network
Continue, and get all possible senders M2 M4 M1 M3 m – msg of interest Possible senders

8 Free-Route Mix Network
Continue, and get all possible senders This is the Anonymity Set for m M2 M4 M1 M3 m – msg of interest Possible senders |AS| = all 4 nodes!

9 Free-Route Mix Network
But are all senders equally likely? Q: What is the likelihood of each sender? S1 S2 M2 M4 S3 M1 S4 M3 m – msg of interest Possible senders

10 Free-Route Mix Network
But are all senders equally likely? Q: What is the likelihood of each sender? p = ¼ p = ¼ p = 1/8 M2 p = 1/8 p = ¼ M4 M1 p = 1/8 p = 1/8 p = ½ p = ½ p = ½ M3 p = 1 Possible senders |AS| = all 4 nodes!

11 Anonymity Set Relative to a message m All possible senders of m
If Mix M that forwards m is honest AS(m) = Union of AS(m’) for all m’ input to M If Mix that forwards m is corrupt AS(m) = AS(m’) for input message m’ linked to m Can be further constrained by path limitations

12 Effective Anonymity Set Size
Given that senders are NOT all equally likely What is information that attacker has? Can measure using information theory concept Entropy of the distribution S = - Sum pu log2(pu) Where pu is probability of element u What is effective AS size for our example?

13 Effective Anonymity Set Size
What is effective AS size for our example? Entropy of the distribution S = - Sum pu log2(pu) Where pu is probability of element u Distribution = {1/2, 1/4, 1/8, 1/8} S = - [(1/2)(-1) + (1/4)(-2) + (1/8)(-3) + (1/8)(-3)] S = ½ + ½ + 6/8 = 1.75 Effective AS size is = 3.36 < 4 So non-uniform probabilities provide attacker with some usable information

14 Effective Anonymity Set Size
How to combine networks of Mixes? Let Mix sec have l input Mixes, M1, M2, ... Ml All senders are independent Analyze effective anonymity set size for sec Ssec = - Sum pi log2(pi) Where pi is probability m came from Mix Mi Let Si be the effective anonymity set size of Mi Then effective anonymity set size for system is Stotal = Ssec + Sum pi Si

15 Route Length Constraints
Suppose max route length = 2 i.e., message only traverses 2 mixes M2 M4 M1 M3

16 Route Length Constraints
Suppose max route length = 2 i.e., message only traverses 2 mixes M2 M4 M1 M3

17 Route Length Constraints
Suppose max route length = 2 i.e., message only traverses 2 mixes M2 M4 M1 M3

18 Route Length Constraints
Suppose max route length = 2 i.e., message only traverses 2 mixes M2 M4 M1 M3

19 Route Length Constraints
Suppose max route length = 2 i.e., message only traverses 2 mixes Can’t be this one – path too long! M2 M4 M1 M3

20 Route Length Constraints
Suppose max route length = 2 i.e., message only traverses 2 mixes M2 M4 M1 M3 What is effect on effective AS size?

21 Mix Cascade Single chain of Mixes for a sender group
All traffic enters first Mix M1 in cascade All traffic is shuffled and re-encrypted All traffic is sent from Mi to Mi+1 in cascade All traffic exits last Mix to destinations M1 M2 M3 M4

22 Mix Cascade What is effect of Mix cascade on effective AS size? M1 M2

23 Threshold Pool Mixes Mix starts with P messages in pool
When N messages arrive, Mix fires Selects N messages from pool uniformly Sends those N messages, keeping P in pool N N PM n

24 Threshold Pool Mixes Using standard AS measure, a given message m sent by mix M could have been sent by any node that ever could have sent a message to the mix or to one of its predecessors before m was sent by M What about effective AS size? S1 SN+1 S(k-1)N+1 SN N S2N N SkN N Round 2 Round k PM n PM n n PM n N N N Round 1

25 Threshold Pool Mixes For effective AS size, must analyze probability distribution for a message coming from senders at each previous round (i.e., firing) For example, if m comes out at round k Prob that message arrived at round x, 0<x<=k Px = [N/(N+n)][n/(N+n)]k-x Prob(arrived round x given that it didn’t arrive later) Prob=N/(N+n) N Prob(didn’t arrive rounds x+1 to k) M Prob=n/(N+n)

26 Threshold Pool Mixes For effective AS size, must analyze probability distribution for a message coming from senders at each previous round (i.e., firing) For example, if m comes out at round k Prob that message arrived at round 0 P0 = [1][n/(N+n)]k Prob=N/(N+n) Prob(arrived round 0 given that it didn’t arrive later) N Prob(didn’t arrive rounds 1 to k) M Prob=n/(N+n)

27 Threshold Pool Mixes Entropy measure is then sum over all possible arrival rounds (0 to k) of probability times log2 probability (kinda big to write out here) As k -> infinity (large number of rounds), the expression converges to Lim Ek = [1+(n/N)] log2(N+n) – (n/N) log2n When n=0 (no pool – standard threshold mix) Ek = log2 N When n=1, Lim Ek = (N+1/N) log2(N+1) For N = 100, this is about 6.725 Effective AS size is about 106

28 Threshold Pool Mixes When n=10 and N=100 At what price?
Lim Ek is about 7.13 Effective AS size is about 140 At what price? Not free! Increased delay due to chance of staying in pool Average latency increases from 1 to 1+n/N rounds Variance of n(N+n)2/N3

29 Entropy Measure So now we have an effective way to account for what the attacker actually knows That reflects the non-uniformity of probability distributions for senders (or recipients) of a given message

Download ppt "Anonymity Metrics R. Newman."

Similar presentations

A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.

A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.
A Formal Analysis of Onion Routing 10/26/2007 Aaron Johnson (Yale) with Joan Feigenbaum (Yale) Paul Syverson (NRL)

A Formal Analysis of Onion Routing 10/26/2007 Aaron Johnson (Yale) with Joan Feigenbaum (Yale) Paul Syverson (NRL)
Definition of the Anonymity of Mix Network Runs Andrei Serjantov University of Cambridge Computer Laboratory.

Definition of the Anonymity of Mix Network Runs Andrei Serjantov University of Cambridge Computer Laboratory.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.

Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.
Slicing the Onion: Anonymous Routing without PKI Saurabh Shrivastava CS 259

Slicing the Onion: Anonymous Routing without PKI Saurabh Shrivastava CS 259
Cashmere: Resilient Anonymous Routing CS290F March 7, 2005.

Cashmere: Resilient Anonymous Routing CS290F March 7, 2005.
1 Modeling and Analysis of Anonymous-Communication Systems Joan Feigenbaum WITS’08; Princeton NJ; June 18, 2008 Acknowledgement:

1 Modeling and Analysis of Anonymous-Communication Systems Joan Feigenbaum WITS’08; Princeton NJ; June 18, 2008 Acknowledgement:
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Advanced Topics in Data Mining Special focus: Social Networks.

Advanced Topics in Data Mining Special focus: Social Networks.
Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.

Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.
Some basic concepts of Information Theory and Entropy

Some basic concepts of Information Theory and Entropy
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
Provable Unlinkability Against Traffic Analysis Amnon Ta-Shma Joint work with Ron Berman and Amos Fiat School of Computer Science, Tel-Aviv University.

Provable Unlinkability Against Traffic Analysis Amnon Ta-Shma Joint work with Ron Berman and Amos Fiat School of Computer Science, Tel-Aviv University.
1 Quasi-Anonymous Channels Ira S. Moskowitz --- NRL Richard E. Newman --- UF Paul F. Syverson --- NRL Center for High Assurance Computer Systems Code 5540.

1 Quasi-Anonymous Channels Ira S. Moskowitz --- NRL Richard E. Newman --- UF Paul F. Syverson --- NRL Center for High Assurance Computer Systems Code 5540.
Anonymity on the Internet Presented by Randy Unger.

Anonymity on the Internet Presented by Randy Unger.
Mobile Traffic Sensor Network versus Motion-MIX: Tracing and Protecting Mobile Wireless Nodes JieJun Kong Dapeng Wu Xiaoyan Hong and Mario Gerla.

Mobile Traffic Sensor Network versus Motion-MIX: Tracing and Protecting Mobile Wireless Nodes JieJun Kong Dapeng Wu Xiaoyan Hong and Mario Gerla.
Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.
Anonymity – Crowds R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

Anonymity – Crowds R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
1 Chapters 8 Overview of Queuing Analysis. Chapter 8 Overview of Queuing Analysis 2 Projected vs. Actual Response Time.

1 Chapters 8 Overview of Queuing Analysis. Chapter 8 Overview of Queuing Analysis 2 Projected vs. Actual Response Time.

Similar presentations

Ads by Google