Stop- and- Go-MIXes Providing Probabilistic Anonymity in an Open System

  • Dogan Kesdogan
  • Jan Egner
  • Roland Büschkes
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1525)


Currently known basic anonymity techniques depend on identity verification. If verification of user identities is not possible due to the related management overhead or a general lack of information (e.g. on the Internet), an adversary can participate several times in a communication relationship and observe the honest users. In this paper we focus on the problem of providing anonymity without identity verification. The notion of probabilistic anonymity is introduced. Probabilistic anonymity is based on a publicly known security parameter, which determines the security of the protocol. For probabilistic anonymity the insecurity, expressed as the probability of having only one honest participant, approaches 0 at an exponential rate as the security parameter is changed linearly. Based on our security model we propose a new MIX variant called “Stop-and-Go-MIX” (SG-MIX) which provides anonymity without identity verification, and prove that it is probabilistically secure.


Time Stamp Busy Period Security Parameter Attack Model Incoming Packet 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    D.L. Chaum, “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms”, Comm. ACM, Feb. 1981, Vol. 24, No. 2, pp. 84–88.CrossRefGoogle Scholar
  2. 2.
    D.L. Chaum, “The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability”, J. Cryptology, Vol. 1, No. 1, Springer-Verlag, 1988, pp. 65–75.CrossRefMathSciNetzbMATHGoogle Scholar
  3. 3.
    D.A. Cooper and K.P. Birman, “Preserving Privacy in a Network of Mobile Computers”, 1995 Symposium on Research in Security and Privacy, IEEE Computer Society Press, Los Alamitos, 1995, pp. 26–38.CrossRefGoogle Scholar
  4. 4.
    W. Diffie and M.E. Hellman, “New Directions in Cryptography”, IEEE Transactions on Information Theory, 22 (1976), pp. 644–654.CrossRefMathSciNetzbMATHGoogle Scholar
  5. 5.
    D.J. Farber and K.C. Larson, “Network Security Via Dynamic Process Renaming”, Fourth Data Communication Symp., Quebec City, Canada, Oct. 1975, pp. 8–18.Google Scholar
  6. 6.
    A. Fasbender, D. Kesdogan, and O. Kubitz, “Analysis of Security and Privacy in Mobile IP”, 4th International Conference on Telecommunication Systems, Modelling and Analysis, Nashville, 1996.Google Scholar
  7. 7.
    A. Fasbender, D. Kesdogan, and O. Kubitz, “Variable and Scalable Security: Protection of Location Information in Mobile IP”, VTC’96, Atlanta, 1996.Google Scholar
  8. 8.
    H. Federrath, A. Jerichow, D. Kesdogan, A. Pfitzmann, and D. Trossen, “Minimizing the Average Cost of Paging on the Air Interface-An Approach Considering Privacy”, IEEE VTC’ 97, May 1997, Phoenix, Arizona.Google Scholar
  9. 9.
    S. Goldwasser and S. Micali, “Probabilistic Encryption”, Journal of Computer and System Science 28 (1984), pp. 270–299.CrossRefMathSciNetzbMATHGoogle Scholar
  10. 10.
    D.M. Goldschlag, M.G. Reed, and P.F. Syverson, “Hiding Routing Information”, Information Hiding, Springer-Verlag LNCS 1174, 1996, pp. 137–150.CrossRefGoogle Scholar
  11. 11.
    C. Gülcü and G. Tsudik, “Mixing Email with Babel”, Proc. Symposium on Network and Distributed System Security, San Diego, IEEE Comput. Soc. Press, 1996, pp. 2–16.CrossRefGoogle Scholar
  12. 12.
    S. Hoff, K. Jakobs, and D. Kesdogan, “Secure Location Management in UMTS”, Communications and Multimedia Security, Proceedings of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security at Essen, Germany, September 1996, Chapman & Hall, ISBN 0-412-79780-1.Google Scholar
  13. 13.
    D. Kesdogan, H. Federrath, A. Jerichow, and A. Pfitzmann, “Location Management Strategies increasing Privacy in Mobile Communication Systems”, IFIP SEC 96, 12th International Information Security Conference, May 1996, pp. 39–48.Google Scholar
  14. 14.
    D. Kesdogan and X. Fouletier, “Secure Location Information Management in Cellular Radio Systems”, IEEE Wireless Communication Systems Symposium WCSS 95, Wireless Trends in 21st Century”, New York, 1995, pp. 35–40.Google Scholar
  15. 15.
    L. Kleinrock, “Queuing Systems, Vol. I: Theory”, John Wiley & Sons, 1975.Google Scholar
  16. 16.
    P.A. Karger, “Non-Discretionary Access Control for decentralized Computing Systems”, Master Thesis, MIT, Laboratory for Computer Science, Report MIT/LCS/TR-179, 1977.Google Scholar
  17. 17.
    A. Pfitzmann, “Dienstintegrierende Kommunikationsnetze mit teilnehmerüberpr üfbarem Datenschutz”, IFB 234, Springer-Verlag, Heidelberg, 1990.CrossRefGoogle Scholar
  18. 18.
    A. Pfitzmann and M. Waidner, “Networks without User Observability”, Computers & Security 6, 1987, pp. 158–166.CrossRefGoogle Scholar
  19. 19.
    A. Pfitzmann, B. Pfitzmann, and M. Waidner, “ISDN-MIXes: Untraceable Communication wit Very Small Bandwidth Overhead”, Information Security, Proc. IFIP/SEC 91, Brighton, UK, 15–17 May 1991, D.T. Lindsay, W.L. Price (eds.), North-Holland, Amsterdam 1991, pp. 245–258.Google Scholar
  20. 20.
    B. Pfitzmann, “Digital Signature Schemes. General Framework and Fail-Stop Signatures”, Springer-Verlag LNCS 1100, Springer 1996.Google Scholar
  21. 21.
    M.G. Reed, P.F. Syverson, and D.M. Goldschlag, “Protocols using Anonymous Connections: Mobile Applications”, 1997 Workshop on Security Protocols, Paris, France, April 1997.Google Scholar
  22. 22.
    M.K. Reiter and A.D. Rubin, “Crowds: Anonymity for Web Transactions”, DIMACS Technical Report 97-15,
  23. 23.
    R.L. Rivest, A. Shamir, and L.M. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems”, Communications of the ACM, 21 (1978), pp. 96–99.CrossRefMathSciNetzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Dogan Kesdogan
    • 1
  • Jan Egner
    • 1
  • Roland Büschkes
    • 1
  1. 1.Department of Computer ScienceAachen University of TechnologyAachenGermany

Personalised recommendations