Abstract
We present traffic analyses of two anonymous communications schemes that build on the classic Crowds/Hordes protocols. The AJSS10 [1] scheme combines multiple Crowds-like forward channels with a Hordes reply channel in an attempt to offer robustness in a mobile environment. We show that the resulting scheme fails to guarantee the claimed k-anonymity, and is in fact more vulnerable to malicious peers than Hordes, while suffering from higher latency. Similarly, the RWS11 [15] scheme invokes multiple instances of Crowds to provide receiver anonymity. We demonstrate that the sender anonymity of the scheme is susceptible to a variant of the predecessor attack [21], while receiver anonymity is fully compromised with an active attack. We conclude that the heuristic security claims of AJSS10 and RWS11 do not hold, and argue that composition of multiple anonymity channels can in fact weaken overall security. In contrast, we provide a rigorous security analysis of Hordes under the same threat model, and reflect on design principles for future anonymous channels to make them amenable to such security analysis.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ardagna, C.A., Jajodia, S., Samarati, P., Stavrou, A.: Providing Mobile Users’ Anonymity in Hybrid Networks. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 540–557. Springer, Heidelberg (2010)
Borisov, N., Danezis, G., Mittal, P., Tabriz, P.: Denial of service or denial of security? In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 92–102 (2007)
Danezis, G.: Breaking Four Mix-Related Schemes Based on Universal Re-encryption. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 46–59. Springer, Heidelberg (2006)
Danezis, G., Diaz, C.: A survey of anonymous communication channels (2008)
Danezis, G., Diaz, C., Käsper, E., Troncoso, C.: The Wisdom of Crowds: Attacks and Optimal Constructions. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 406–423. Springer, Heidelberg (2009)
Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a type iii anonymous remailer protocol. In: Proceedings 2003 Symposium on Security and Privacy, pp. 2–15 (2003)
Danezis, G., Goldberg, I.: Sphinx: A compact and provably secure mix format. In: Proceedings of the 30th IEEE Symposium on Security and Privacy (S&P 2009), May 17-20, pp. 269–282. IEEE Computer Society Press (2009)
Dingledine, R., Mathewson, N.: Anonymity loves company: Usability and the network effect. In: Designing Security Systems That People Can Use. O Reilly Media (2005)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th Conference on USENIX Security Symposium, vol. 13, p. 21 (2004)
Kesdogan, D., Agrawal, D., Penz, S.: Limits of Anonymity in Open Environments. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 53–69. Springer, Heidelberg (2003)
Kong, J., Hong, X.: ANODR: anonymous on demand routing with untraceable routes for mobile ad-hoc networks. In: Proceedings of the 4th ACM International Symposium on Mobile Ad Hoc Networking & Computing, pp. 291–302 (2003)
Murdoch, S., Zieliński, P.: Sampled traffic analysis by internet-exchange-level adversaries. In: Proceedings of the 7th International Conference on Privacy Enhancing Technologies, pp. 167–183 (2007)
Pfitzmann, A., Köhntopp, M.: Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001)
Pfitzmann, A., Pfitzmann, B., Waidner, M.: ISDN-MIXes: Untraceable communication with very small bandwidth overhead. In: Proceedings of the GI/ITG Conference on Communication in Distributed Systems (1991)
Rass, S., Wigoutschnigg, R., Schartner, P.: Doubly-anonymous crowds: Using secret-sharing to achieve sender- and receiver-anonymity. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 7(4), 25–39 (2011)
Reiter, M., Rubin, A.: Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security (TISSEC) 1(1), 66–92 (1998)
Shields, C., Levine, B.N.: A protocol for anonymous communication over the internet. In: Gritzalis, D., Jajodia, S., Samarati, P. (eds.) CCS 2000, Proceedings of the 7th ACM Conference on Computer and Communications Security, November 1-4, pp. 33–42. ACM (2000)
Shmatikov, V.: Probabilistic analysis of anonymity. In: CSFW, pp. 119–128. IEEE Computer Society Press (2002)
Troncoso, C., Danezis, G.: The bayesian traffic analysis of mix networks. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 369–379 (2009)
Westermann, B., Kesdogan, D.: Malice versus AN.ON: Possible Risks of Missing Replay and Integrity Protection. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 62–76. Springer, Heidelberg (2012)
Wright, M.K., Adler, M., Levine, B.N., Shields, C.: The predecessor attack: An analysis of a threat to anonymous communications systems. ACM Trans. Inf. Syst. Secur. 7(4), 489–522 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Danezis, G., Käsper, E. (2013). The Dangers of Composing Anonymous Channels. In: Kirchner, M., Ghosal, D. (eds) Information Hiding. IH 2012. Lecture Notes in Computer Science, vol 7692. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36373-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-36373-3_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36372-6
Online ISBN: 978-3-642-36373-3
eBook Packages: Computer ScienceComputer Science (R0)