Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anonymity – Generalizing Mixes

Published byΛυσιμάχη Σπυρόπουλος Modified over 5 years ago

Similar presentations

Presentation on theme: "Anonymity – Generalizing Mixes"— Presentation transcript:

1 Anonymity – Generalizing Mixes
R. Newman

2 Topics Defining anonymity Need for anonymity Defining privacy
Threats to anonymity and privacy Mechanisms to provide anonymity Applications of anonymity technology

3 Mix Generics Mix must make input messages unlinkable with output messages Messages must all be same length Messages must all be encrypted so as to appear random Can't hide source/destination addresses along a single hop in path, but must hide sender and receiver, as well as distance along path Mix must randomize order of output Batching Strategy How does Mix collect messages for mixing How does Mix select and forward messages

4 Mix Triggers Timed mix Threshold mix Hybrid mix Pool mix
Mix gathers messages for period T, then sends Threshold mix Mix gathers N messages, then sends Classic Chaum Mix Hybrid mix Mix sends when N messages or period T reached Pool mix Mix keeps pool of messages of size P, when pool reaches size N+P, N randomly chosen messages are sent Continuous mix Mix attaches random delay D from some distribution to each msg M, sends M when delay is reached

5 Mix Generics Function p: N -> [0,1] Threshold mix Timed mix
p depends on number of messages, outputs fraction of messages that mix flushes When to execute p? Threshold mix Mix runs p when N messages are in batch p always returns 1 (all messages are sent) Timed mix Mix runs p every T seconds p(n) = 1 always (flush all messages)

6 Mix Generics Function p: N -> [0,1] Threshold Pool mix
p depends on number of messages, outputs fraction of messages that mix flushes When to execute p? Threshold Pool mix Mix runs p when pool reaches size n = N+P p(n) = N/(N+P) = 1 – P/(N+P) (always leave P messages in pool) Timed Pool mix Mix runs p every T seconds p(n) = (n-P)/n = 1 – P/n

7 Measuring Anonymity Anonymity Set Size = number of input messages that could correspond to a given output message Threshold Mix: Anonymity set size is always N (threshold) Timed Mix: Anonymity set size depends on batch size Pool Mix: Message may remain in pool for some time Anonymity set size = number of messages that ever entered Mix! Not a good model!

8 Measuring Anonymity Anonymity Set Size = number of input messages that could correspond to a given output message Change to ”effective” AS size Use Entropy as measure H = - Sum [pi log pi ], pi is probability of ith item If N items, all have prob p = 1/N, then H = log N i.e., number of bits to specify which item out of N Here, pi is the probability that a particular input message i corresponds to an output message Effective AS size is 2H

9 Measuring Anonymity Timed Pool Mix Mix fires every T seconds
ni msgs in pool in ith round ni – P messages are randomly selected Prob(msg is flushed) = pi = (ni–P)/ni Prob(msg that arrived in round r leaves in round i) = pr P [j = i to r-1] (1 – pj)

10 Measuring Anonymity Threshold Pool Mix
Mix fires whenever n = N+P N messages are randomly selected Prob(msg is flushed) = N/(N+P) = 1 – P/(N+P) Prob(msg that arrived in round r leaves in round i) = [N/(N+P)] Prod [j = i to r-1] [N/(N+P)] Gain anonymity at cost of increasing delay Delay increased probabilistically according to exponential distribution

11 Binomial Mix Treat p(n) not as a (hard) fraction
Treat as a probability instead Bias for coin to toss for each message in pool Decide whether to flush that message or not Now size of pool varies Let s = number of messages flushed On average, s = n p(n) But follows binomial distribution Variance = n p (1-p) Attacker gains less info about size of pool Practically can’t guess n with prob > 15%

12 Mix Padding In addition to padding messages to some constant length (and segmenting longer messages), mix may introduce dummy messages into traffic Dummy messages especially useful in timed mixes (may not have many messages to send) Strong resistance from network guys Increased network load! Research question: how much does this form of padding help, and what is the relationship between increase in anonymity and cost of padding?

13 Next Attacks on Mix networks Cost measures of Optimization
Rerouting Message padding Optimization How to preserve anonymity at low (least?) cost Information leakage How much information is revealed? How? How to prevent? Treat as (covert) communication channel

Download ppt "Anonymity – Generalizing Mixes"

Similar presentations

Provable Unlinkability Against Traffic Analysis Ron Berman Joint work with Amos Fiat and Amnon Ta-Shma School of Computer Science, Tel-Aviv University.

Provable Unlinkability Against Traffic Analysis Ron Berman Joint work with Amos Fiat and Amnon Ta-Shma School of Computer Science, Tel-Aviv University.
The Contest between Simplicity and Efficiency in Asynchronous Byzantine Agreement Allison Lewko The University of Texas at Austin TexPoint fonts used in.

The Contest between Simplicity and Efficiency in Asynchronous Byzantine Agreement Allison Lewko The University of Texas at Austin TexPoint fonts used in.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.

Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.
Reusable Anonymous Return Channels

Reusable Anonymous Return Channels
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
Foundations of Cryptography Lecture 9 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 9 Lecturer: Moni Naor.
Multicast Communication Multicast is the delivery of a message to a group of receivers simultaneously in a single transmission from the source – The source.

Multicast Communication Multicast is the delivery of a message to a group of receivers simultaneously in a single transmission from the source – The source.
Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.

Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.
Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.

Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.
Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.

Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
Slicing the Onion: Anonymity Using Unreliable Overlays Sachin Katti Jeffrey Cohen & Dina Katabi.

Slicing the Onion: Anonymity Using Unreliable Overlays Sachin Katti Jeffrey Cohen & Dina Katabi.
Provable Protocols for Unlinkability Ron Berman, Amos Fiat, Amnon Ta-Shma Tel Aviv University.

Provable Protocols for Unlinkability Ron Berman, Amos Fiat, Amnon Ta-Shma Tel Aviv University.
Traffic Analysis Prevention Chris Conger CIS6935 – Cryptographic Protocols 11/16/2004.

Traffic Analysis Prevention Chris Conger CIS6935 – Cryptographic Protocols 11/16/2004.
Provable Unlinkability Against Traffic Analysis Amnon Ta-Shma Joint work with Ron Berman and Amos Fiat School of Computer Science, Tel-Aviv University.

Provable Unlinkability Against Traffic Analysis Amnon Ta-Shma Joint work with Ron Berman and Amos Fiat School of Computer Science, Tel-Aviv University.
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms David Chaum CACM Vol. 24 No. 2 February 1981 Presented by: Adam Lee 1/24/2006 David.

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms David Chaum CACM Vol. 24 No. 2 February 1981 Presented by: Adam Lee 1/24/2006 David.
1 Quasi-Anonymous Channels Ira S. Moskowitz --- NRL Richard E. Newman --- UF Paul F. Syverson --- NRL Center for High Assurance Computer Systems Code 5540.

1 Quasi-Anonymous Channels Ira S. Moskowitz --- NRL Richard E. Newman --- UF Paul F. Syverson --- NRL Center for High Assurance Computer Systems Code 5540.
Anonymity on the Internet Presented by Randy Unger.

Anonymity on the Internet Presented by Randy Unger.

Similar presentations

Ads by Google