towards measuring anonymity
play

Towards Measuring Anonymity Claudia Diaz, Stefaan Seys, Joris - PowerPoint PPT Presentation

Towards Measuring Anonymity Claudia Diaz, Stefaan Seys, Joris Claessens, Bart Preneel Presented By: Chris Coakley Overview Background Topic Area Problem Research Threat and Privacy Models Results Examples


  1. Towards Measuring Anonymity Claudia Diaz, Stefaan Seys, Joris Claessens, Bart Preneel Presented By: Chris Coakley

  2. Overview • Background – Topic Area – Problem • Research – Threat and Privacy Models • Results • Examples • Pro/Con Pro/Con

  3. Background • Topic Area – Anonymous routing protocols – Keeping the sender secret – Secret data is a separate problem • Problem – How much anonymity does a system provide? – What does that mean, anyway?

  4. System Model • Senders • Recipients Recipients • Mixes • Anonymity Set - the “honest” Senders A it S t th “h t” S d R M M M S S

  5. Threat Model • Attacker Properties – Internal - External – Passive - Active – Local - Global • Probabilistic Attack – With probability p, A is the sender • Maximum Anonymity: All senders equally probable

  6. Degree of Anonymity QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture. QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture. p QuickTime™ and a TIFF (Uncompressed) decompressor TIFF (Uncompressed) decompressor are needed to see this picture.

  7. What does it mean? • d = 0 - it was YOU! • d = 1 - it could be anyone d 1 it could be anyone

  8. Example - Crowds • Sender submits web request to Mixes • With probability: With probability: – p f - forward to another mix – 1-p f - make request 1 p make request • Property Missing: Mix doesn’t try to hide correlation of incoming and outgoing correlation of incoming and outgoing traffic

  9. Crowds - Attack • Corrupted Mixes (C Collaborators) • Internal Passive Local Internal, Passive, Local

  10. Attack QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture.

  11. Attack QuickTime™ and a TIFF (LZW) decompressor TIFF (LZW) decompressor are needed to see this picture. QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture. d d hi i QuickTime™ and a Q TIFF (LZW) decompressor are needed to see this picture. QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture.

  12. QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture.

  13. Sender’s Point of View QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture.

  14. Example - Onion Routing • Sender routes message through Mixes • Sender determines path Sender determines path

  15. Onion Routing - Attack • Attack method is indeterminate • Somehow identifies a subset of possible Somehow identifies a subset of possible senders S – Each has probability 1 / S – Each has probability 1 / S

  16. Onion Routing - Attack QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture. QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture. QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture.

  17. QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture.

  18. Pros • Easy to see contributions to previous work – Precise Definition of Degree of Anonymity • Crowds Example is nice Crowds Example is nice

  19. Cons • Change of Language – Mix becomes Jondo, User – 3 becomes C+1 • Useless Examples p – Anonymous Email (elided) – Onion Routing • Pulls numbers from anus

  20. Done • Questions? – true – 42 42

Recommend


More recommend