Stop- and- Go-MIXes Providing Probabilistic Anonymity in an Open System
Currently known basic anonymity techniques depend on identity verification. If verification of user identities is not possible due to the related management overhead or a general lack of information (e.g. on the Internet), an adversary can participate several times in a communication relationship and observe the honest users. In this paper we focus on the problem of providing anonymity without identity verification. The notion of probabilistic anonymity is introduced. Probabilistic anonymity is based on a publicly known security parameter, which determines the security of the protocol. For probabilistic anonymity the insecurity, expressed as the probability of having only one honest participant, approaches 0 at an exponential rate as the security parameter is changed linearly. Based on our security model we propose a new MIX variant called “Stop-and-Go-MIX” (SG-MIX) which provides anonymity without identity verification, and prove that it is probabilistically secure.
KeywordsTime Stamp Busy Period Security Parameter Attack Model Incoming Packet
Unable to display preview. Download preview PDF.
- 5.D.J. Farber and K.C. Larson, “Network Security Via Dynamic Process Renaming”, Fourth Data Communication Symp., Quebec City, Canada, Oct. 1975, pp. 8–18.Google Scholar
- 6.A. Fasbender, D. Kesdogan, and O. Kubitz, “Analysis of Security and Privacy in Mobile IP”, 4th International Conference on Telecommunication Systems, Modelling and Analysis, Nashville, 1996.Google Scholar
- 7.A. Fasbender, D. Kesdogan, and O. Kubitz, “Variable and Scalable Security: Protection of Location Information in Mobile IP”, VTC’96, Atlanta, 1996.Google Scholar
- 8.H. Federrath, A. Jerichow, D. Kesdogan, A. Pfitzmann, and D. Trossen, “Minimizing the Average Cost of Paging on the Air Interface-An Approach Considering Privacy”, IEEE VTC’ 97, May 1997, Phoenix, Arizona.Google Scholar
- 12.S. Hoff, K. Jakobs, and D. Kesdogan, “Secure Location Management in UMTS”, Communications and Multimedia Security, Proceedings of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security at Essen, Germany, September 1996, Chapman & Hall, ISBN 0-412-79780-1.Google Scholar
- 13.D. Kesdogan, H. Federrath, A. Jerichow, and A. Pfitzmann, “Location Management Strategies increasing Privacy in Mobile Communication Systems”, IFIP SEC 96, 12th International Information Security Conference, May 1996, pp. 39–48.Google Scholar
- 14.D. Kesdogan and X. Fouletier, “Secure Location Information Management in Cellular Radio Systems”, IEEE Wireless Communication Systems Symposium WCSS 95, Wireless Trends in 21st Century”, New York, 1995, pp. 35–40.Google Scholar
- 15.L. Kleinrock, “Queuing Systems, Vol. I: Theory”, John Wiley & Sons, 1975.Google Scholar
- 16.P.A. Karger, “Non-Discretionary Access Control for decentralized Computing Systems”, Master Thesis, MIT, Laboratory for Computer Science, Report MIT/LCS/TR-179, 1977.Google Scholar
- 19.A. Pfitzmann, B. Pfitzmann, and M. Waidner, “ISDN-MIXes: Untraceable Communication wit Very Small Bandwidth Overhead”, Information Security, Proc. IFIP/SEC 91, Brighton, UK, 15–17 May 1991, D.T. Lindsay, W.L. Price (eds.), North-Holland, Amsterdam 1991, pp. 245–258.Google Scholar
- 20.B. Pfitzmann, “Digital Signature Schemes. General Framework and Fail-Stop Signatures”, Springer-Verlag LNCS 1100, Springer 1996.Google Scholar
- 21.M.G. Reed, P.F. Syverson, and D.M. Goldschlag, “Protocols using Anonymous Connections: Mobile Applications”, 1997 Workshop on Security Protocols, Paris, France, April 1997.Google Scholar
- 22.M.K. Reiter and A.D. Rubin, “Crowds: Anonymity for Web Transactions”, DIMACS Technical Report 97-15, http://www.research.att.com/projects/crowds/.