Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gergely Tóth, 23 September 20031 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Measure for Anonymity Gergely Tóth Budapest University of Technology and.

Published byJayson Scott Modified over 9 years ago

Similar presentations

Presentation on theme: "Gergely Tóth, 23 September 20031 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Measure for Anonymity Gergely Tóth Budapest University of Technology and."— Presentation transcript:

1 Gergely Tóth, 23 September 20031 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Measure for Anonymity Gergely Tóth Budapest University of Technology and Economics Department of Measurement and Information Systems IWCIT’03

2 Gergely Tóth, 23 September 20032 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Contents Background: Onion-routing Model of the PROB-channel Source- and destination-hiding property MIN/MAX property Optimum

3 Gergely Tóth, 23 September 20033 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Research Background anonymous message transmission techniquesNeed for anonymous message transmission techniques –transparent –general-purpose –independent Research & planning is ongoing Theoretical analysis not complete

4 Gergely Tóth, 23 September 20034 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Classification of Techniques According to –behavior –behavior: passive & active techniques –delay –delay: real-time & non-deterministic systems –number of relaying nodes –number of relaying nodes: proxy & distributed systems –what adversaries can see –what adversaries can see: observable & unobservable systems –level of abstraction –level of abstraction: black-box models & finished implementations

5 Gergely Tóth, 23 September 20035 IWCIT’03, Gliwice, Poland, 22-23 September 2003 An Existing Approach — Onion-routing Distributed system Onion-structuredOnion-structured packets cannot be compromised even if some relaying nodes are compromisedAnonymity of the sender cannot be compromised even if some relaying nodes are compromised

6 Gergely Tóth, 23 September 20036 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Our Model — the PROB-channel PassivePassive: configuration is static (not affected by message distribution) Real-timeReal-time: there is a maximal delay ObservableObservable: an observer can eavesdrop on all connection channels Black-boxproxyBlack-box (  proxy): the observer cannot gain information from within the channel

7 Gergely Tóth, 23 September 20037 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Requirements for the Model Guaranteed transmission throughputGuaranteed transmission throughput –time between sending and delivery of messages has a defined maximum Measurable anonymityMeasurable anonymity –there should be an objective, theoretical measure for the anonymity provided Requirements for guaranteed anonymity levelRequirements for guaranteed anonymity level –should be defined

8 Gergely Tóth, 23 September 20038 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Example System Anonymous medical consulting systemAnonymous medical consulting system –patientsquestionsdoctors –patients ask questions the doctors questions in e-mail –answer on a public forum –answer on a public forum together with the question the question should not be linkable to the patient –aim: the question should not be linkable to the patient questions should not be linkable to patients patients should not be linkable to their questions

9 Gergely Tóth, 23 September 20039 IWCIT’03, Gliwice, Poland, 22-23 September 2003 PROB-channel I. Senders messagesrecipientsSenders (patients) send encrypted messages (questions ) to recipients (doctors) transformingdelayingThe channel delivers the messages after transforming and delaying them

10 Gergely Tóth, 23 September 200310 IWCIT’03, Gliwice, Poland, 22-23 September 2003 PROB-channel II. Message delay in the channel: probability variable –is a probability variable (  ) message and time invariant –is message and time invariant distribution –has a known distribution f(  )

11 Gergely Tóth, 23 September 200311 IWCIT’03, Gliwice, Poland, 22-23 September 2003 The Observer Passive observerPassive observer: –cannot delete, alter or delay messages –cannot create new messages KnowsKnows: –parameters and environment of the channel –time of sending and receipt of messages link messages to sendersAim: link messages to senders (who asked the questions)

12 Gergely Tóth, 23 September 200312 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Confidence of the Observer How can it be computedHow can it be computed: –for each sender –for each message –by knowing the history of the system  with what probability a certain sender sent a certain message:

13 Gergely Tóth, 23 September 200313 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Global Back-tracing Search for the most probable match among all the possible matches AdvantageAdvantage: finds out the links (if possible) DisadvantageDisadvantage: slow (exponential) –under some circumstances even for about 30 messages unfeasible for today’s computers

14 Gergely Tóth, 23 September 200314 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Local Back-tracing Confidence of the observer calculated for each delivered message independently AdvantageAdvantage: fast (polynomial) DisadvantageDisadvantage: some links are not detected

15 Gergely Tóth, 23 September 200315 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Conclusion for Behavior of Observer Global back-tracingGlobal back-tracing would provide best results unfeasible –for practical user unfeasible Local back-tracingLocal back-tracing is polynomial used in the practice –can be used in the practice –for following conclusions local back-tracing is assumed

16 Gergely Tóth, 23 September 200316 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Source-hiding Property Source-hiding propertySource-hiding property with parameter   Measure for sender-anonymity The observer cannot link any message to a sender with a probability greater than .

17 Gergely Tóth, 23 September 200317 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Destination-hiding Property Destination-hiding propertyDestination-hiding property with parameter   Measure for recipient-anonymity The observer cannot link any sender to a message with a probability greater than .

18 Gergely Tóth, 23 September 200318 IWCIT’03, Gliwice, Poland, 22-23 September 2003 MIN/MAX Property I. MIN/MAX property  min,  maxMIN/MAX property with parameters  min,  max rules  Senders don’t send messages at their own consideration, they have to follow rules. No sender sends message within  min time and all senders send a message in  max time.

19 Gergely Tóth, 23 September 200319 IWCIT’03, Gliwice, Poland, 22-23 September 2003 MIN/MAX Property II. Upper limitUpper limit can be given to the confidence of the observer: –message invariant –depends only on the parameters of the channel and on  min,  max

20 Gergely Tóth, 23 September 200320 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Problem canSource-hiding property can be guaranteed –oblige senders to send messages according to rules –MIN/MAX property cannotDestination-hiding property cannot be guaranteed –recipients cannot be obliged to receive messages according to rules

21 Gergely Tóth, 23 September 200321 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Optimum randomlyThe observer can only choose randomly from the possible senders Uniform distributionUniform distribution for the delay With MIN/MAX property independent from actual message distribution:

22 Gergely Tóth, 23 September 200322 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Global Optimum With MIN/MAX property if  min =  max all the sendersThe observer has to choose randomly from all the senders No additional informationNo additional information is gained with the observation

23 Gergely Tóth, 23 September 200323 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Conclusions PROB-channelModel of the PROB-channel Confidence of the observer Source-hiding propertySource-hiding property –measure for sender-anonymity Destination-hiding propertyDestination-hiding property –measure for recipient anonymity MIN/MAX propertyMIN/MAX property –method for limiting confidence of the observer

24 Gergely Tóth, 23 September 200324 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Research Plans Open the black-box channelOpen the black-box channel –move to a distributed system (graph consisting of nodes) –messages can be created and dropped Active adversaryActive adversary –can drop messages –can block messages –can delay or reorder messages

Download ppt "Gergely Tóth, 23 September 20031 IWCIT’03, Gliwice, Poland, 22-23 September 2003 Measure for Anonymity Gergely Tóth Budapest University of Technology and."

Similar presentations

Mobility Increase the Capacity of Ad-hoc Wireless Network Matthias Gossglauser / David Tse Infocom 2001.

Mobility Increase the Capacity of Ad-hoc Wireless Network Matthias Gossglauser / David Tse Infocom 2001.
Estimation of Means and Proportions

Estimation of Means and Proportions
Lecture 8: Asynchronous Network Algorithms

Lecture 8: Asynchronous Network Algorithms
Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.

Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.
OSI MODEL Maninder Kaur www.eazynotes.com.

OSI MODEL Maninder Kaur
Exact Inference in Bayes Nets

Exact Inference in Bayes Nets
Gossip Algorithms and Implementing a Cluster/Grid Information service MsSys Course Amar Lior and Barak Amnon.

Gossip Algorithms and Implementing a Cluster/Grid Information service MsSys Course Amar Lior and Barak Amnon.
----Presented by Di Xu 17.12.2010.  Introduction  Overview of Spam  Solutions to Spam  Conclusion.

----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.
Anonymity Analysis of Onion Routing in the Universally Composable Framework Joan Feigenbaum Aaron Johnson Paul Syverson Yale University U.S. Naval Research.

Anonymity Analysis of Onion Routing in the Universally Composable Framework Joan Feigenbaum Aaron Johnson Paul Syverson Yale University U.S. Naval Research.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.

Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.
Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June 17-19 2002.

Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June
By Libo Song and David F. Kotz Computer Science,Dartmouth College.

By Libo Song and David F. Kotz Computer Science,Dartmouth College.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
Dynamic Tuning of the IEEE 802.11 Protocol to Achieve a Theoretical Throughput Limit Frederico Calì, Marco Conti, and Enrico Gregori IEEE/ACM TRANSACTIONS.

Dynamic Tuning of the IEEE Protocol to Achieve a Theoretical Throughput Limit Frederico Calì, Marco Conti, and Enrico Gregori IEEE/ACM TRANSACTIONS.
© nCode 2000 Title of Presentation goes here - go to Master Slide to edit - Slide 1 Reliable Communication for Highly Mobile Agents ECE 7995: Term Paper.

© nCode 2000 Title of Presentation goes here - go to Master Slide to edit - Slide 1 Reliable Communication for Highly Mobile Agents ECE 7995: Term Paper.
Path Protection in MPLS Networks Ashish Gupta Design and Evaluation of Fault Tolerance Algorithms with Performance Constraints.

Path Protection in MPLS Networks Ashish Gupta Design and Evaluation of Fault Tolerance Algorithms with Performance Constraints.
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
1 NETWORK CODING Anthony Ephremides University of Maryland - A NEW PARADIGM FOR NETWORKING - February 29, 2008 University of Minnesota.

1 NETWORK CODING Anthony Ephremides University of Maryland - A NEW PARADIGM FOR NETWORKING - February 29, 2008 University of Minnesota.

Similar presentations

Ads by Google