Towards Measuring Anonymity

Díaz, Claudia; Seys, Stefaan; Claessens, Joris; Preneel, Bart

doi:10.1007/3-540-36467-6_5

Cited by 475 publications

(376 citation statements)

References 12 publications

Supporting

Mentioning

375

Contrasting

Unclassified

Order By: Relevance

“…5 Critics of this way of measuring anonymity mention (rightly so) that the probability distribution of all elements in S(t) is not necessarily uniform [8,9]. However, we know that the best case from the perspective of law enforcement would be, if S(t) contains one element only.…”

Section: Cross-section Attackmentioning

confidence: 99%

“…If the law enforcement agency possesses a priori knowledge that one and the same target person is responsible for the events of interest observed at t 1 , t 2 , and t 3 , then this person (or rather her identifier) belongs to the intersection of S(t 1 ) ∩ S(t 2 ) ∩ S(t 3 ). 8 Note that events may basically occur on various layers, the application layer or the network layer, for instance. On the application layer, a law enforcement agency may observe that the same e-mail account was accessed several times.…”

Section: Intersection Attackmentioning

confidence: 99%

See 1 more Smart Citation

Data Retention and Anonymity Services

Berthold

Böhme

Köpsell

2009

The Future of Identity in the Information Society

View full text Add to dashboard Cite

Abstract.The recently introduced legislation on data retention to aid prosecuting cyber-related crime in Europe also affects the achievable security of systems for anonymous communication on the Internet. We argue that data retention requires a review of existing security evaluations against a new class of realistic adversary models. In particular, we present theoretical results and first empirical evidence for intersection attacks by law enforcement authorities. The reference architecture for our study is the anonymity service AN.ON, from which we also collect empirical data. Our adversary model reflects an interpretation of the current implementation of the EC Directive on Data Retention in Germany.

show abstract

Section: Cross-section Attackmentioning

confidence: 99%

Section: Intersection Attackmentioning

confidence: 99%

Data Retention and Anonymity Services

Berthold

Böhme

Köpsell

2009

The Future of Identity in the Information Society

View full text Add to dashboard Cite

show abstract

“…Stop-and-Go Mixes) an alternative approach is suggested with the goal of providing probabilistic security against the (n − 1)-Attack with a security parameter µ. It was shown that a linear change of this parameter µ should have an exponential effect on the protection level of the method and on the achieved anonymity size n. However, recent research work [22,23] limits the exponential effect on the size of the anonymity set by neglecting small probabilities, e.g. by neglecting all participants with a-posteriori probability less than p ≤ 0.0001 (see Definition 1).…”

Section: Related Work: Vulnerabilities Of the Mixesmentioning

confidence: 99%

Limits of Anonymity in Open Environments

Kedogan

Agrawal²,

Penz

2002

Information Hiding

View full text Add to dashboard Cite

Abstract.A user is only anonymous within a set of other users. Hence, the core functionality of an anonymity providing technique is to establish an anonymity set. In open environments, such as the Internet, the established anonymity sets in the whole are observable and change with every anonymous communication. We use this fact of changing anonymity sets and present a model where we can determine the protection limit of an anonymity technique, i.e. the number of observations required for an attacker to "break" uniquely a given anonymity technique. In this paper, we use the popular MIX method to demonstrate our attack. The MIX method forms the basis of most of the today's deployments of anonymity services (e.g. Freedom, Onion Routing, Webmix). We note that our approach is general and can be applied equally well to other anonymity providing techniques.

show abstract

“…One simple metric for anonymity system security is the size of the anonymity set, but this does not capture the non-uniformity. For this reason, Danezis and Serjantov [8] proposed entropy of the anonymity set as the effective size, and Diaz et al [9] proposed normalised entropy as the system's degree of anonymity.…”

Section: Metrics For Path Selectionmentioning

confidence: 99%

Metrics for Security and Performance in Low-Latency Anonymity Systems

Murdoch

Watson

Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract. In this paper we explore the tradeoffs between security and performance in anonymity networks such as Tor. Using probability of path compromise as a measure of security, we explore the behaviour of various path selection algorithms with a Tor path simulator. We demonstrate that assumptions about the relative expense of IP addresses and cheapness of bandwidth break down if attackers are allowed to purchase access to botnets, giving plentiful IP addresses, but each with relatively poor symmetric bandwidth. We further propose that the expected latency of data sent through a network is a useful performance metric, show how it may be calculated, and demonstrate the counter-intuitive result that Tor's current path selection scheme, designed for performance, both performs well and is good for anonymity in the presence of a botnetbased adversary.

show abstract

Towards Measuring Anonymity

Cited by 475 publications

References 12 publications

Data Retention and Anonymity Services

Data Retention and Anonymity Services

Limits of Anonymity in Open Environments

Metrics for Security and Performance in Low-Latency Anonymity Systems

Contact Info

Product

Resources

About