research-article

Effect of Group Based Synchronization on User Anonymity in Mix Networks

Authors:

Dogan KesdoganAuthors Info & Claims

ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security

Article No.: 146, Pages 1 - 9

https://doi.org/10.1145/3600160.3604998

Published: 29 August 2023 Publication History

Abstract

In so-called closed environments, the MIX network can theoretically provide perfect security, i.e. if perfect protection is envisaged, all senders and receivers should be perfectly synchronized and participate equally in each communication round of the MIX technique. In the context of open environments (e.g., the Internet), there is no synchronization between the participants and here the technique is vulnerable to known analyses such as (statistical) disclosure attacks. In short, the Mix technology is highly dependent on its application context in which it involves the participants. In this work, we study the effect of context in terms of synchronization rate, present two different synchronization approaches and evaluate their protection against disclosure attacks.

References

[1]

D. Agrawal, D. Kesdogan, and S. Penz. 2003. Probabilistic treatment of MIXes to hamper traffic analysis. In 2003 Symposium on Security and Privacy, 2003.16–27. https://doi.org/10.1109/SECPRI.2003.1199324

[2]

Oliver Berthold and Heinrich Langos. 2003. Dummy Traffic against Long Term Intersection Attacks. In Privacy Enhancing Technologies, Roger Dingledine and Paul Syverson (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 110–128.

[3]

David L Chaum. 1981. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24, 2 (1981), 84–90.

Digital Library

[4]

George Danezis. 2003. Statistical Disclosure Attacks. In Security and Privacy in the Age of Uncertainty. Springer US, Boston, MA, 421–426.

[5]

G. Danezis, R. Dingledine, and N. Mathewson. 2003. Mixminion: design of a type III anonymous remailer protocol. In 2003 Symposium on Security and Privacy, 2003. 2–15.

[6]

Debajyoti Das, Sebastian Meiser, Esfandiar Mohammadi, and Aniket Kate. 2018. Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency - Choose Two. In 2018 IEEE Symposium on Security and Privacy (SP). 108–126. https://doi.org/10.1109/SP.2018.00011

[7]

Claudia Diaz, Harry Halpin, and Aggelos Kiayias. [n. d.]. The Nym Network | The Next Generation of Privacy Infrastructure. https://nymtech.net/nym-whitepaper.pdf Accessed: 12.03.2023.

[8]

Claudia Diaz and Bart Preneel. 2005. Reasoning about the anonymity provided by pool mixes that generate dummy traffic. In Information Hiding: 6th International Workshop, IH 2004, Toronto, Canada, May 23-25, 2004, Revised Selected Papers 6. Springer, 309–325.

[9]

Claudia Díaz and Andrei Serjantov. 2003. Generalising Mixes. In Privacy Enhancing Technologies, Third International Workshop, PET 2003, Dresden, Germany, March 26-28, 2003, Revised Papers(Lecture Notes in Computer Science, Vol. 2760), Roger Dingledine (Ed.). Springer, 18–31. https://doi.org/10.1007/978-3-540-40956-4_2

[10]

Roger Dingledine and Nick Mathewson. 2006. Anonymity Loves Company: Usability and the Network Effect. In Proceedings of the Fifth Workshop on the Economics of Information Security (WEIS 2006), Ross Anderson (Ed.). Cambridge, UK. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.61.510

[11]

Matthew Edman and Bülent Yener. 2009. On Anonymity in an Electronic Society: A Survey of Anonymous Communication Systems. ACM Comput. Surv. 42, 1, Article 5 (Dec. 2009), 35 pages.

[12]

Casey Hladik. 2019. Rusbridger’s “The Snowden Leaks and the Public” and Mill’s Utilitarianism: An Analysis of the Utilitarian Concern of “Going Dark”. Stance: an international undergraduate philosophy journal 7, 1 (Sep. 2019), 29–40. https://doi.org/10.33043/S.7.1.29-40

[13]

Dogan Kedogan, Dakshi Agrawal, and Stefan Penz. 2002. Limits of Anonymity in Open Environments. In Revised Papers from the 5th International Workshop on Information Hiding(IH ’02). Springer-Verlag, Berlin, Heidelberg, 53–69.

[14]

Dogan Kesdogan, Dakshi Agrawal, and Stefan Penz. 2003. Limits of Anonymity in Open Environments. In Information Hiding, Fabien A. P. Petitcolas (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 53–69.

[15]

D. Kesdogan, D. Agrawal, Vinh Pham, and D. Rautenbach. 2006. Fundamental limits on the anonymity provided by the MIX technique. In 2006 IEEE Symposium on Security and Privacy (S P’06). 14 pp.–99. https://doi.org/10.1109/SP.2006.17

Digital Library

[16]

Dogan Kesdogan, Jan Egner, and Roland Büschkes. 1998. Stop- and- Go-MIXes Providing Probabilistic Anonymity in an Open System. In Information Hiding, David Aucsmith (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 83–98.

[17]

Dogan Kesdogan and Lexi Pimenidis. 2005. The Hitting Set Attack on Anonymity Protocols. In Information Hiding, Jessica Fridrich (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 326–339.

[18]

Albert Kwon, David Lu, and Srinivas Devadas. 2020. XRD: Scalable Messaging System with Cryptographic Privacy. In NSDI.

[19]

Nayantara Mallesh and Matthew Wright. 2007. Countering Statistical Disclosure with Receiver-Bound Cover Traffic. In Computer Security – ESORICS 2007, Joachim Biskup and Javier López (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 547–562.

[20]

Nick Mathewson and Roger Dingledine. 2005. Practical Traffic Analysis: Extending and Resisting Statistical Disclosure. In Privacy Enhancing Technologies, David Martin and Andrei Serjantov (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 17–34.

[21]

Sameer Parekh. 1996. Prospects for remailers. First Monday 1, 2 (Aug. 1996). https://doi.org/10.5210/fm.v1i2.476

[22]

Andreas Pfitzmann. 1990. Diensteintegrierende Kommunikationsnetze mit teilnehmerüberprüfbarem Datenschutz. In Informatik-Fachberichte.

[23]

Andreas Pfitzmann and Marit Hansen. 2010. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management.

[24]

Andreas Pfitzmann and Marit Köhntopp. 2001. Anonymity, unobservability, and pseudonymity—a proposal for terminology. In Designing privacy enhancing technologies. Springer, 1–9.

[25]

Ania M. Piotrowska, Jamie Hayes, Tariq Elahi, Sebastian Meiser, and George Danezis. 2017. The Loopix Anonymity System. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1199–1216.

[26]

Andrei Serjantov and Richard E Newman. 2003. On the anonymity of timed pool mixes. In Security and Privacy in the Age of Uncertainty. Springer US, Boston, MA, 427–434.

[27]

Carmela Troncoso, Benedikt Gierlichs, Bart Preneel, and Ingrid Verbauwhede. 2008. Perfect Matching Disclosure Attacks. In Privacy Enhancing Technologies, Nikita Borisov and Ian Goldberg (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 2–23.

[28]

Nirvan Tyagi, Yossi Gilad, Derek Leung, Matei Zaharia, and Nickolai Zeldovich. 2017. Stadium: A Distributed Metadata-Private Messaging System. In Proceedings of the 26th Symposium on Operating Systems Principles (Shanghai, China) (SOSP ’17). Association for Computing Machinery, New York, NY, USA, 423–440. https://doi.org/10.1145/3132747.3132783

Digital Library

[29]

Jelle van den Hooff, David Lazar, Matei Zaharia, and Nickolai Zeldovich. 2015. Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis. In Proceedings of the 25th Symposium on Operating Systems Principles (Monterey, California) (SOSP ’15). Association for Computing Machinery, New York, NY, USA, 137–152. https://doi.org/10.1145/2815400.2815417

Digital Library

[30]

Dauren Zhumazhanov and Deepa Kundur. 2018. Delay in Chaum’s Anonymizing Mix Networks. In 2018 IEEE Canadian Conference on Electrical & Computer Engineering (CCECE). 1–5. https://doi.org/10.1109/CCECE.2018.8447568

Cited By

Aksoy AKesdoğan D(2024)Enhanced Closed-Loop Control Anonymity Protection Model with Inactive Period Feedback2024 17th International Conference on Information Security and Cryptology (ISCTürkiye)10.1109/ISCTrkiye64784.2024.10779244(1-6)Online publication date: 16-Oct-2024
https://doi.org/10.1109/ISCTrkiye64784.2024.10779244
Aksoy AKesdogan D(2024)Distributed Dynamic Self-control Anonymity Management ModelSecurity and Trust Management10.1007/978-3-031-76371-7_2(21-35)Online publication date: 21-Dec-2024
https://doi.org/10.1007/978-3-031-76371-7_2

Index Terms

Effect of Group Based Synchronization on User Anonymity in Mix Networks
1. Security and privacy
  1. Security services
    1. Pseudonymity, anonymity and untraceability

Recommendations

On Evaluating Anonymity of Onion Routing
Selected Areas in Cryptography
Abstract
Anonymous communication networks (ACNs) aim to thwart an adversary, who controls or observes chunks of the communication network, from determining the respective identities of two communicating parties. We focus on low-latency ACNs such as Tor, ...
Measuring the user's anonymity when disclosing personal properties
MetriSec '10: Proceedings of the 6th International Workshop on Security Measurements and Metrics

Anonymous credentials allow to selectively disclose personal properties included in the credential, while hiding the other information. For instance, a user could only disclose that he is an adult using a credential in which zip code and date of birth ...
Traffic Analysis Attacks in Anonymity Networks
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

With more than 1.7 million daily users, Tor is a large-scale anonymity network that helps people to protect their identities in the Internet. Tor provides low-latency transmissions that can serve a wide range of applications including web browsing, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security

August 2023

1440 pages

ISBN:9798400707728

DOI:10.1145/3600160

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 August 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ARES 2023

ARES 2023: The 18th International Conference on Availability, Reliability and Security

August 29 - September 1, 2023

Benevento, Italy

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
60
Total Downloads

Downloads (Last 12 months)40
Downloads (Last 6 weeks)2

Reflects downloads up to 24 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Aksoy AKesdoğan D(2024)Enhanced Closed-Loop Control Anonymity Protection Model with Inactive Period Feedback2024 17th International Conference on Information Security and Cryptology (ISCTürkiye)10.1109/ISCTrkiye64784.2024.10779244(1-6)Online publication date: 16-Oct-2024
https://doi.org/10.1109/ISCTrkiye64784.2024.10779244
Aksoy AKesdogan D(2024)Distributed Dynamic Self-control Anonymity Management ModelSecurity and Trust Management10.1007/978-3-031-76371-7_2(21-35)Online publication date: 21-Dec-2024
https://doi.org/10.1007/978-3-031-76371-7_2

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents