Abstract
In this paper we look closely at the popular metric of anonymity, the anonymity set, and point out a number of problems associated with it. We then propose an alternative information theoretic measure of anonymity which takes into account the probabilities of users sending and receiving the messages and show how to calculate it for a message in a standard mix-based anonymity system. We also use our metric to compare a pool mix to a traditional threshold mix, which was impossible using anonymity sets. We also show how the maximum route length restriction which exists in some fielded anonymity systems can lead to the attacker performing more powerful traffic analysis. Finally, we discuss open problems and future work on anonymity measurements.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
O. Berthold, A. Pfitzmann, and R. Standtke. The disadvantages of free MIX routes and how to overcome them. In Designing Privacy Enhancing Technologies: Proceedings of the International Workshop on the Design Issues in Anonymity and Observability, LNCS 2009. 2000.
D. Chaum. Untraceable electronic mail, return addresses and digital pseudonyms. Communications of the A.C.M., 24(2):84–88, 1981.
D. Chaum. The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology: the journal of the International Association for Cryptologic Research, 1(1):65–75, 1988.
L. Cottrell. Mixmaster and remailer attacks, 1994. http://www.obscura.com/~loki/remailer/remailer-essay.html.
C. Diaz, S. Seys, J. Claessens, and B. Preneel. Towards measuring anonymity. In Workshop on Privacy Enhancing Technologies, LNCS 2482. 2002.
C. Gulcu and G. Tsudik. Mixing email with Babel. In 1996 Internet Society Symposium on Network and Distributed Sytem Security, pages 2–16. San Diego, CA, 1996.
D. Kesdogan, J. Egner, and R. Buschkes. Stop-and-go-MIXes providing probabilistic anonymity in an open system. In Proceedings of the International Information Hiding Workshop, LNCS 1525. 1998.
U. Moeller and L. Cottrell. Mixmaster Protocol Version 3, 2000. http://www.eskimo.com/~rowdenw/crypt/Mix/draft-moeller-v3-01.txt.
M. Ohkubo and M. Abe. A length-invariant hybrid mix. In T. Okamoto, editor, Advances in Cryptology-ASIACRYPT, LNCS 1976, page 178 ff. 2000.
A. Pfitzmann and M. Kohntopp. Anonymity, unobservability and pseudonymity — a proposal for terminology. In Designing Privacy Enhancing Technologies: Proceedings of the International Workshop on the Design Issues in Anonymity and Observability, LNCS 2009. 2000.
C. Shannon. The mathematical theory of communication. Bell Systems Technical Journal, 30:50–64, 1948.
P. F. Syverson, G. Tsudik, M. G. Reed, and C. E. Landwehr. Towards an analysis of onion routing security. In Designing Privacy Enhancing Technologies: Proceedings of the International Workshop on the Design Issues in Anonymity and Observability, LNCS 2009. 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Serjantov, A., Danezis, G. (2003). Towards an Information Theoretic Metric for Anonymity. In: Dingledine, R., Syverson, P. (eds) Privacy Enhancing Technologies. PET 2002. Lecture Notes in Computer Science, vol 2482. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36467-6_4
Download citation
DOI: https://doi.org/10.1007/3-540-36467-6_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00565-0
Online ISBN: 978-3-540-36467-2
eBook Packages: Springer Book Archive