Abstract
We consider a process during which encoded messages are processed through a network; at one step a message can be delivered only to a neighbor of the current node; at each node a message is recoded cryptographically so that an external observer cannot link the messages before and after re-coding. The goal of re-coding is to hide origins of the messages from an adversary who monitors the traffic. Recoding becomes useful, if at least two messages simultaneously enter a node – then the node works like a mix server.
We investigate how long the route of messages must be so that traffic analysis does not provide any substantial information for the adversary. Anonymity model we consider is very strong and concerns distance between a priori probability distribution describing origins of each message, and the same probability distribution but conditioned upon the traffic information. We provide a rigid mathematical proof that for a certain route length, expressed in terms of mixing time of the network graph, variation distance between the probability distributions mentioned above is small with high probability (over possible traffic patterns).
While the process concerned is expressed in quite general terms, it provides tools for proving privacy and anonymity features of many protocols. For instance, our analysis extends results concerning security of an anonymous communication protocol based on onion encoding – we do not assume, as it is done in previous papers, that a message can be sent directly between arbitrary nodes. However, the most significant application now might be proving immunity against traffic analysis of RFID tags with universal re-encryption performed for privacy protection.
Partially supported by KBN grants 0 T00A 003 23 and 1 P03A 025 27 in years 2002-2004.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Aldous, D., Fill, J.: Reversible Markov chains and random walks on graphs in preparation, some chapters, available at http://stat-www.berkeley.edu/pub/users/aldous/RWG/book.html
Beimel, A., Dolev, S.: Buses for Anonymous Message Delivery. In: Second International Conference on FUN with Algorithms, pp. 1–13. Carleton Scientific (2001)
Berman, R., Fiat, A., Ta-Shma, A.: Provable Unlinkability Against Traffic Analysis. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 266–280. Springer, Heidelberg (2004)
Bubley, B., Dyer, M.: Path Coupling: A Technique for Proving Rapid Mixing in Markov Chains. In: IEEE Symposium on Foundations of Computer Science (FOCS) 1997, pp. 223-231 (1997)
Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communication of the ACM 24(2), 84–88 (1981)
Czumaj, A., Kutyłowski, M.: Generating Random Permutations and Delayed Path Coupling Method for Mixing Time of Markov Chains. Random Structures and Algorithms 17, 238–259 (2000)
Czumaj, A., Kanarek, P., Kutyłowski, M., Loryś, K.: Distributed Stochastic Processes for Generating Random Permutations. In: ACM-SIAM Symposium on Discrete Algorithms (SODA) 1999, pp. 271–280 (1999)
Danezis, G., Serjantov, A.: Towards an Information Theoretic Metric for Anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)
Dingledine, R., Shmatikov, V., Syverson, P.: Synchronous Batching: From Cascades to Free Routes. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 186–206. Springer, Heidelberg (2005)
Fairbrother, P.: An improved construction for universal re-encryption. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 79–87. Springer, Heidelberg (2005)
Gogolewski, M., Kutyłowski, M.: Łuczak, T.: Distributed Time-Stamping with Boomerang Onions. Manuscript (2004)
Golle, P., Jakobsson, M., Juels, A., Syverson, P.: Universal Re-encryption for Mixnets. In: RSACT 2004 (2004)
Gomułkiewicz, M., Klonowski, M., Kutyłowski, M.: Provable unlinkability against traffic analysis already after \(\mathcal{O}(\log(n))\) steps! In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 354–366. Springer, Heidelberg (2004)
Gülcü, C., Tsudik, G.: Mixing E-mail with BABEL. In: ISOC Symposium on Network and Distributed System Security, pp. 2-16. IEEE, Los Alamitos(1996)
Rackoff, C., Simon, D.R.: Cryptographic Defense Against Traffic Analysis. In: ACM Symposium on Theory of Computing (STOC) 1993, 672–681 (1993)
Szemerédi, E.: Regular Partitions of Graphs. In: Bermond, J.-C., Fournier, J.-C., Las Vergnas, M., Sotteau, D. (eds.) Problèmes Combinatoires et Théorie des Graphes, Proc. Colloque Inter. CNRS, Paris, pp. 399–401 (1978)
Syverson, P.F., Goldschlag, D., Reed, M.: Hiding Routing Information. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gogolewski, M., Kutyłowski, M., Łuczak, T. (2005). Mobile Mixing. In: Park, Cs., Chee, S. (eds) Information Security and Cryptology – ICISC 2004. ICISC 2004. Lecture Notes in Computer Science, vol 3506. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11496618_28
Download citation
DOI: https://doi.org/10.1007/11496618_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26226-8
Online ISBN: 978-3-540-32083-8
eBook Packages: Computer ScienceComputer Science (R0)