1 anonymous communication -- a brief survey pan wang north carolina state university
TRANSCRIPT
2
Outline
• Why anonymous communication
• Definitions of anonymities
• Traffic analysis attacks
• Some anonymous communication protocols for Internet
• Some anonymous communication schemes for MANET and sensor networks
• Potential research problems
3
Why Anonymous Communication
• Privacy issue
• Some covert missions may require anonymous communication
• In hostile environments, end-hosts may need hidden their communications to against being captured
4
Anonymity in terms of unlinkability*
• Sender anonymity – A particular message is not linkable to any sender and that
to a particular sender, no message is linkable
• Recipient anonymity– A particular message cannot be linked to any recipient and
that to a particular recipient, no message is linkable
• Relationship anonymity– The sender and the recipient cannot be identified as
communicating with each other, even though each of them can be identified as participating in some communication.
• A. Pfizmann and M. Waidner, Networks without User Observability. Computers & Security 6/2 (1987) 158-166
5
Traffic Analysis Attacks against an Anonymous Communication System• Contextual attacks
– Communication pattern attacks– Packet counting attacks– Intersection attack
• Brute force attack• Node flushing attack• Timing attacks• Massage tagging attack• On flow marking attack
6
Some Anonymous Communication Protocols for Internet• Mix-NET
– Feb 1981, D. Chaum
• Crowd– June 1997, Michael K. Reiter and Aviel D. Rubin
• Tarzan – Nov 2002, Michael J. Freedman and Robert Morris
• K-Anonymous Message Transmission– Oct, 2003, Luis von Ahn, Andrew Bortz and
Nicholas J. Hopper
7
Mix-NET*
• Basic idea:– Traffic sent from sender to destination should pass one or
more Mixes
– Mix relays data from different end-to-end connections, reorder and re-encrypt the data
– So, incoming and outgoing traffic cannot be related
• *D. Chaum, Untraceable Electric Mail, Return Address and Digital Pseudonyms, Communication of A.C.M 24.2 (Feb 1981), 84-88
10
Crowds*
• P2P anonymizer network for Web Transactions
• Uses a trusted third party (TTP) as centralized crowd membership server (“blender”)
• Provides sender anonymity and relationship anonymity
*M. Reiter and A. Rubin, Crowd: Anonymity for Web Transactions. ACM Transactions on Information and System Security, 1(1) June 1998
11
Crowd (cont)
Webserver
A nodes decide randomly whether to forward the request to another node or to send it to the server
12
Tarzan*
• All nodes act as relays, Mix-net encoding
• Each node selects a set of mimics
• Tunneling data traffic through mimics
• Exchanging cover traffic with mimics– Constant packet sending rate and uniformed packet size
• Network address translator
• Anonymity against corrupt relays and global
eavesdropping M. Freedman and R. Morris, Tarzan: A Peer-to-Peer Anonymizing Network Layer,
CCS 2002, Washington DC
15
k-Anonymous Message Transmission*
• Based on secure multiparty sum protocol
• Local group broadcast
• The adversaries, trying to determine the sender/receiver of a particular message, cannot narrow down its search to a set of k suspects
• Robust against selective non-participations
• L.Ahn, A.Bortz and N.Hopper, k-Anonymous Message Transmission, CCS 2003, Washington DC
17
Some anonymous communication schemes for MANET and sensor networks• Anonymous on demand routing (ANODR)
– Jun 2003, Jiejun Kong and Xiaoyan Hong
• Phantom flooding protocol – Jun 2005, Pandurang Kamat, Yanyong Zhang,
Wade Trappe and Celal Ozturk
18
ANODR*
• Assuming salient adversaries• Broadcast with trapdoor• Route pseudonym
• J.Kong and X.Hong, ANODR: Anonymous On Demand Routing with Untraceable for Mobile Ad-hoc Networks, MobiHoc, 2003, Annapolis, MD
20
Source-Location Privacy in Sensor network
• Network model:– A sensor reports its measurement to a centralized
base station (sink)
• Attack model: – Adversaries may use RF localization to hop-by-
hop traceback to the source’s location
• Why location privacy
21
Phantom Flooding Protocol*
• Random work plus local broadcast
P. Kamat, et. al., Enhancing Source-Location Privacy in Sensor Network Routing,
ICDCS 2005, Columbus, OH
22
Potential Research Problems
• Anonymity vs accountability
• Detect malicious users
• Efficiency vs anonymity
• More?