Elsevier

Computer Communications

Volume 31, Issue 15, 25 September 2008, Pages 3662-3671
Computer Communications

Protocols for purpose-restricted anonymous communications in IP-based wireless networks

https://doi.org/10.1016/j.comcom.2008.06.026Get rights and content

Abstract

Anonymity and specifically sender anonymity have become essential requirements for many privacy-related applications (e.g. net counselling and whistle blowing). On the other hand, anonymity may be abused for various malicious activities (e.g. redistribution of copyrighted contents and illegal drug trading). In this paper, we address both by proposing protocols for authenticated anonymous communications channels. In such channels, the client can authenticate the authentication server while the latter can only authenticate the fact that the client is one of the qualified members that are eligible to use the wireless network (e.g. WLAN hot spots, WiMAX). Our protocols are based on an efficient anonymous password-based authenticated key exchange protocol and on an anonymous IP address assignment. The proposed protocols have the following advantages: (1) they can restrict the usage of the established anonymous channels to certain fair purposes; (2) they do not involve rerouting of the packets through a chain of intermediate nodes; (3) they are available right after registration of a normal password to an authentication server as for a classical non-anonymous authentication (e.g. EAP-TTLS and PEAP) and do not require any special registration procedures that would reveal initially to the authentication server that the client belongs to a small list of users of anonymous services. However, each scheme has different features with respect to the changes required of the DHCP standard, the controlled and adaptive IP address assignment, the compatibility to authentication frameworks used for wireless networks, the scalability and the number of messages involved.

Introduction

Anonymity has become an essential requirement for many privacy-related applications such as net counselling, whistle blowing and many others. Sender anonymity that protects the identity of the sender is the most demanded in the current applications.

One approach to provide sender anonymity is to route all messages to the destination through several intermediate hops in order to hide the identity of the sender (i.e. its IP address). Many re-routing protocols with different path selection strategies have been proposed. Also another approach for anonymous communication that does not involve re-routing but lacks scalability has been proposed: the dining cryptographers networks [1].

In the re-routing category, anonymizer [2] provides anonymous communication services using a web proxy server (anonymizer server) that takes out the crucial headers and source addresses from web browser requests. Instead of the user identity which is the IP address for instance, a web server can only get the identity of the anonymizer server. In this approach, all rerouting paths have a single intermediate node, which is the anonymizer server. Mixes [3] are another technique that provides anonymity by routing each message over a series of independent stations. A mix is a store-and-forward station that accepts a number of fixed-length messages from different sources, performs cryptographic transformation on the messages, and then outputs the message to the next station in a different order.

Onion Routing [4], [5], [6], [7] and Crowds [8] protocol provide anonymous Internet services using a rerouting path within a network of onion routers or crowd members. Onion Routing performs anonymous communication within a network of onion routers that can be considered as real-time mixes. In Onion Routing, the whole path called onion can be considered as a recursively layered data structure that is constructed by the sender in the connection setup. After the connection is established, the data packet is broken into fixed-size blocks and each block is encrypted multiple times along the path (once for each onion router on the path). Thus, each onion router removes one layer of encryption so that the plaintext blocks can be obtained successfully at the destination. It is assumed that the sender knows the identity and the public keys of the onion routers used.

Like Onion Routing, the Crowds protocol [8] uses a series of cooperating proxies to maintain anonymity within the group. Unlike Onion Routing, the sender does not determine the whole path before sending a message. Instead, each hop chooses randomly the next hop. Each crowd member receiving a packet decides based on the forwarding probability whether to send the packet directly to the destination or to forward it to another randomly chosen crowd member.

But all these re-routing protocols do not prevent against the abuse of anonymity for illegal activities (e.g. redistribution of copy-righted contents, illegal drug trading and so on). Moreover they introduce extra delay and increase the amount of traffic due to longer routing paths. The main contribution of this paper is to propose protocols for authenticated anonymous communications in IP-based wireless networks. Our goal is to provide authenticated anonymity at the IP layer to avoid the abuse of anonymity while keeping the communication cost as low as possible.

In this paper, we address these issues through anonymous authentication and anonymous stateful IP address assignment to clients. As the anonymity is provided at the stateful IP address assignment stage using the dynamic host configuration protocol (DHCP) [9], the source IP address can be revealed to the destination and there is no need to re-route the messages in order to hide the sender’s address. The assigned IP address does not link back or give any information about the sender’s identity. Our protocols avoid the time-consuming rerouting procedure through different routers and the processing involved. Each protocol is designed for a specific scenario and has different features with respect to the changes required in the DHCP standard [9], the controlled and adaptive IP address assignment, the compatibility to other authentication frameworks, and the number of messages involved. Our protocols aim at providing anonymity over wireless hotspots such as Wifi hotspots and Wimax hotspots.

Anonymous authentication of authorized clients is fundamental in our approach in order to prevent the abuse of the anonymous communication channels by clients willing to perform attacks or illegal activities. The authentication relies on an efficient anonymous password-authenticated key exchange (PAKE) protocol proposed in [10]. This protocol is more efficient than the PAKE proposed in [11] in terms of computational and communication cost. The security goal of our framework is to establish anonymous communication channels with usage restricted to fair and legal activities performed by authorized users. Our proposals provide anonymity for authorized users wishing to connect to a server providing anonymous services such as net counselling.

The rest of the paper is organized as follows: in Section 2 the efficient anonymous PAKE is described. In Section 3, we propose a set of new protocols for authenticated anonymous communications. The security analysis of the proposed framework is given in Section 4. In Section 5, we discuss the advantages of our approach over existing ones. The concluding remarks are given in the last section.

Section snippets

Efficient anonymous PAKE protocol

In this section, we describe the efficient anonymous PAKE (E-APAKE) protocol [10] that significantly reduces computational cost for both client and server as well as communication cost compared to [11]. More details of the computational and communication efficiency are given in Section 2.4.

Protocols for authenticated anonymous communications

As illustrated in Fig. 2, the architecture considered here involves a DHCP server (DS) and a firewall (FW) in the same local area network as the client; an authentication server (AS) and an application server (S) authorized to provide anonymous services both located in the other networks. The client is connected wirelessly to the core network and the infrastructure.

We propose five protocols that have different features with respect to the changes required of the DHCP standard, the controlled

Security analysis

Let us consider an attacker who has ability to eavesdrop, modify and insert the messages exchanged by parties.

We mainly discuss here the anonymity of the proposed protocols. The anonymity is provided by the E-APAKE protocol, by the symmetric-key encryptions used by the client with the DHCP server, the firewall and the application server S.

As the session keys used in the above mentioned symmetric-key encryption are derived from keying material provided by the authentication server to the other

Discussion

Our protocols and the Anonymizer [2] rely both on a server to provide anonymity. However, our protocols guarantee anonymity even if there is collusion of all the entities involved in the protocol, while in the Anonymizer approach, the compromise of the anonymizer server reveals the client’s identity.

Our approach also outperforms other techniques such as Mixes [3], Onion Routing [4] and Crowds [8] in terms of communication and computation efficiency. Indeed, our approach does not require to

Conclusion

In this paper, we have proposed a set of new protocols for anonymous wireless communications that can restrict the usage of such channels to fair and legal activities. Our protocols are mainly based on the efficient anonymous PAKE and on an anonymous stateful IP address assignment by DHCP servers. They present the following assets: (1) preventing the abuse of the anonymous communication channels to perform malicious activities; (2) avoiding the time and bandwidth consuming rerouting involved in

Acknowledgement

Authors thank Yukiko Ito for her precious help in editing this paper.

References (19)

  • D. Chaum

    The dining cryptographers problem: unconditional sender and recipient untraceability

    Journal of Cryptology

    (1998)
  • Anonymizer, Available from:...
  • D. Chaum

    Untraceable electronic mail, return addresses, and digital pseudonyms

    Communications of the ACM

    (1981)
  • D. Goldschlag et al.

    Onion routing for anonymous and private internet connections

    Communications of the ACM

    (1999)
  • P. Syverson, D. Goldschlag, and M. Reed, Anonymous connections and onion routing, in: Proceedings of the IEEE Symposium...
  • P. Syverson, M. Reed, D. Goldschlag, Onion routing access configuration, in: Proceedings of the DARPA Information...
  • P. Syverson, G. Tsudik, M. Reed, C. Landwehr, Towards an analysis of onion routing security, in: Proceedings of the...
  • M. Reiter et al.

    Crowds: anonymity for web transactions

    ACM Transactions on Information and System Security

    (1998)
  • R. Droms, Dynamic host configuration protocol, IETF RFC2131 March...
There are more references available in the full text version of this article.
View full text