Tor is an anonymous communications network with thousands of router nodes worldwide. An intuition reflected in much of the literature on anonymous communications is that, as an anonymity network grows, it becomes more secure against a given observer because the observer will see less of the network. In particular, as the Tor network grows from volunteers operating relays all over the world, it becomes less and less likely for a single autonomous system (AS) to be able to observe both ends of an anonymous connection. Yet, as the network continues to grow significantly, no analysis has been done to determine if this intuition is correct. Further, modifications to Tor's path selection algorithm to help clients avoid an AS-level observer have not been proposed and analyzed.Five years ago a previous study examined the AS-level threat against client and destination addresses chosen a priori to be likely or interesting to examine. Using an ASlevel path inference algorithm with improved accuracy, more extensive Internet routing data, and, most importantly, a model of typical Tor client AS-level sources and destinations based on data gathered from the live network, we demonstrate that the threat of a single AS observing both ends of an anonymous Tor connection is greater than previously thought. We look at the growth of the Tor network over the past five years and show that its explosive growth has had only a small impact on the network's robustness against an AS-level attacker. Finally, we propose and evaluate the effectiveness of some simple, AS-aware path selection algorithms that avoid the computational overhead imposed by full AS-level path inference algorithms. Our results indicate that a novel heuristic we propose is more effective against an AS-level observer than other commonly proposed heuristics for improving location diversity in path selection.
In this paper we define a new metric for quantifying formally define our proposed anonymity metric. We then show the degree of anonymity collectively afforded to users of an how our model can be generalized to include probabilistic anonymous communication system. We show how our metric, information in Section III. We demonstrate how to apply our based on the permanent of a matrix, can be useful in evaluating the amount of information needed by an observer to reveal the metio some common type o me istin iV. In communication pattern as a whole. We also show how our model Section V, we compare our metric to some existing metrics to can be extended to include probabilistic information learned illustrate the more important differences. Section VI describes by an attacker about possible sender-recipient relationships. how we can obtain a lower-bound on the anonymity level Our work is intended to serve as a complementary tool to of a system while avoiding some computational complexity existing information-theoretic metrics, which typically consider the anonymity of the system from the perspective of a single user inheren in ctin tnr a or message.conclude in Section VII.A. Related Work Diaz et al. [7] independently proposed a similar entropy-The rest of this paper is structured as follows. First, we will based metric they refer to as the degree of anonymity, a term review some of the previous work done to establish measures first introduced by Reiter and Rubin in the Crowds design [8].Of anonymity. In Section II, we introduce our model and They define the degree of anonymity d as
Physical-layer key extraction techniques attempt to derive a shared symmetric cryptographic key between two wireless devices based on the principle of channel reciprocity, which states that the signal envelope between two communicating devices is strongly correlated. A key security assumption made in previous literature is that the signal envelope observed by an adversary located greater than a half-wavelength away is uncorrelated with that shared between the two communicating devices; however, this assumption has yet to be rigorously evaluated in previous work on physical-layer key extraction. In this paper, we present an experimental analysis that examines the relationship between the channel measurements used to extract a symmetric key between two devices and those observed by one or more distantly located passive adversaries. We find that, contrary to previous assumptions, there does exist a strong correlation in measurements observed by adversaries located significantly greater than a half-wavelength away from two communicating wireless devices. Further, we provide initial results that show the extent to which the adversary is able to leverage such correlations to infer portions of the key extracted between two devices using previously published physical-layer key extraction techniques.
Abstract-Key extraction via measuring a physical quantity is a class of information theoretic key exchange protocols that rely on the physical characteristics of the communication channel, to enable the computation of a shared key by two parties that share no prior secret information. The key is supposed to be information theoretically hidden to an eavesdropper. Despite the recent surge of research activity in the area, concrete claims about the security of the protocols typically rely on channel abstractions that are not fully experimentally substantiated. In this work, we propose a novel methodology for the experimental security analysis of these protocols. The crux of our methodology is a falsifiable channel abstraction that is accompanied by an efficient experimental approximation algorithm of the conditional minentropy available to the parties given the view of the eavesdropper.We focus on the signal strength between two wirelessly communicating transceivers as the measured quantity and we use an experimental setup to compute the conditional min-entropy of the channel given the view of the attacker which we find to be linearly increasing. Armed with this understanding of the channel, we showcase the methodology by providing a general protocol for key extraction in this setting that is shown to be secure for a concrete parameter selection. In this way we provide a comprehensively analyzed wireless key extraction protocol that is demonstrably secure against passive adversaries assuming our falsifiable channel abstraction. Our use of hidden Markov models as the channel model and a dynamic programming approach to approximate conditional min-entropy might be of independent interest, while other possible instantiations of our methodology can be feasible and may be motivated by this work.
The past two decades have seen a growing interest in methods for anonymous communication on the Internet, both from the academic community and the general public. Several system designs have been proposed in the literature, of which a number have been implemented and are used by diverse groups, such as journalists, human rights workers, the military, and ordinary citizens, to protect their identities on the Internet.In this work, we survey the previous research done to design, develop, and deploy systems for enabling private and anonymous communication on the Internet. We identify and describe the major concepts and technologies in the field, including mixes and mix networks, onion routing, and Dining Cryptographers networks. We will also review powerful traffic analysis attacks that have motivated improvements and variations on many of these anonymity protocols made since their introduction. Finally, we will summarize some of the major open problems in anonymous communication research and discuss possible directions for future work in the field. ACM Reference Format:Edman, M. and Yener, B. 2009. On anonymity in an electronic society: A survey of anonymous communication systems.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.
