On the Fundamentals of Anonymity Metrics

  • Christer Andersson
  • Reine Lundin
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 262)


In recent years, a handful of anonymity metrics have been proposed that are either based on (i) the number participants in the given scenario, (ii) the probability distribution in an anonymous network regarding which participant is the sender / receiver, or (iii) a combination thereof. In this paper, we discuss elementary properties of metrics in general and anonymity metrics in particular, and then evaluate the behavior of a set of state-of-the-art anonymity metrics when applied in a number of scenarios. On the basis of this evaluation and basic measurement theory, we also define criteria for anonymity metrics and show that none of the studied metrics fulfill all criteria. Lastly, based on previous work on entropy-based anonymity metrics, as well as on theories on the effective support size of the entropy function and on Huffman codes, we propose an alternative metric — the scaled anonymity set size — that fulfills these criteria.


Leaf Node Code Word User Base Huffman Code Anonymous Communication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Michele Bezzi. An Entropy Based Method for Measuring Anonymity. In Proceedings of the 3rdInternational Workshop on the Value of Security through Collaboration (SECOVAL 2007) in conjunction with the 3rdInternational Conference on Security and Privacy in Communication Networks (SecureComm2007), Nice, France, 17–20 Sep 2007. IEEE Xplore Digital Library.Google Scholar
  2. 2.
    David Chaum. The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability. J. Cryptography, 1(1):65–75, 1988.MathSciNetMATHGoogle Scholar
  3. 3.
    Thomas M. Cover and Joy A. Thomas. Elements of Information Theory. Wiley, 1991.Google Scholar
  4. 4.
    Claudia Díaz, Stefaan Seys, Joris Ciaessens, and Bart Preneel. Towards Measuring Anonymity. In Dingledine and Syverson [5].Google Scholar
  5. 5.
    Roger Dingledine and Paul Syverson, editors. Proceedings of the 2nd Workshop on Privacy Enhancing Technologies (PET 2002), volume 2482 of LNCS, San Fransisco, CA, USA, Apr 2002. Springer-Verlag.Google Scholar
  6. 6.
    John R. Douceur. The Sybil Attack. In P. Druschel, F. Kaashoek, and A. Rowstron, editors, Peer-to-Peer Systems: Proceedings of the 1stInternational Peer-to-Peer Systems Workshop (IPTPS), volume 2429, pages 251-260, Cambridge, MA, USA, 7–8 Mar 2002. Springer-Verlag.Google Scholar
  7. 7.
    Norman E. Fenton and Shari Lawrence Pfleeger. Software Metrics — A Rigorous & Practical Approach. PWS Publishing Company, 20 Park Plaza, Boston, MA 02116-4324, second edition, 1997.Google Scholar
  8. 8.
    Simone Fischer-Hübner. IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms, volume 1958 of LNCS. Springer-Verlag, May 2001.Google Scholar
  9. 9.
    Marian Grendar. Entropy and Effective Support Size. Entropy, 8(3): 169–174, Aug 2006. Short note.MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    David A. Huffman. A Method for the Construction of Minimum-Redundancy Codes. Proceedings of the Institute of Radio Engineers, 40(9): 1098–1101, Sep 1952.MATHGoogle Scholar
  11. 11.
    Reine Lundin, This J. Holleboom, and Stefan Lindskog. On the Relationship between Confidentiality Measures: Entropy and Guesswork. In Proceedings of the 5thInternational Workshop on Security in Information System (WOSIS 2007), held in conjuction with 9thInternational Conference on Enterprise Information Systems, pages 135-144, Madeira, Portugal, 12–13 Jun 2007.Google Scholar
  12. 12.
    Andreas Pfitzmann and Marit Hansen. Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management — A Consolidated Proposal for Terminology v0.29, 31 Jul 2007.Google Scholar
  13. 13.
    Jean-François Raymond. Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems. In H. Federrath, editor, Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, volume 2009 of LNCS, pages 10-29. Springer-Verlag, July 2000.Google Scholar
  14. 14.
    Michael Reiter and Avi Rubin. Crowds: Anonymity for Web Transactions. In DIMACS Technical report, pages 97-115, 1997.Google Scholar
  15. 15.
    Andrei Serjantov and George Danezis. Towards and Information Theoretic Metric for Anonymity. In Dingledine and Syverson [5].Google Scholar
  16. 16.
    Claude E. Shannon. A Mathematical Theory of Communication. The Bell System Technical Journal, 27:379–423, Jul 1948.MathSciNetCrossRefMATHGoogle Scholar
  17. 17.
    Gergely Tóth and Zöltan Hornák. Measuring Anonymity in a Non-Adaptive, Real-Time System. In David Martin and Andrei Serjantov, editors, Proceedings of the 4thWorkshop on Privacy Enhancing Technologies (PET 2004), pages 226-241, Toronto, Canada, 26–28 May 2004.Google Scholar
  18. 18.
    Matthew K. Wright, Micah Adler, and Brian Neil Levine. The Predecessor Attack: An Analysis of a Threat to Anonymous Communication Systems. ACM Transactions on Information and System Security, 7(4):489–522, Nov 2004.CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Christer Andersson
    • 1
  • Reine Lundin
    • 1
  1. 1.Department of Computer ScienceKarlstad UniversityKarlstadSweden

Personalised recommendations