Skip to main content
SpringerLink
Log in

Two Cents for Strong Anonymity: The Anonymous Post-office Protocol

  • Conference paper
  • First Online:
Cryptology and Network Security (CANS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11261))

Included in the following conference series:

Abstract

We introduce the Anonymous Post-Office Protocol (AnonPoP), a practical strongly-anonymous messaging system. Its design effectively combines known techniques such as (synchronous) mix-cascade and constant sending rate, with several new techniques including request-pool, bad-server isolation and per-epoch mailboxes. AnonPoP offers strong anonymity against strong, globally-eavesdropping adversaries, that may also control multiple servers, including all-but-one servers in a mix-cascade. Significantly, AnonPoP’s anonymity holds even when clients may occasionally disconnect, which is essential for supporting mobile clients.

AnonPoP is affordable, with monthly costs of 2 cents per client. It is also efficient with respect to latency, communication, and energy, making it suitable for mobile clients. We developed an API that allows other applications to use AnonPoP for adding strong anonymity. We evaluated AnonPoP in several experiments, including a ‘double-blinded’ usability study, a cloud-based deployment, and simulations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    To further increase the anonymity set, at the small price of extra bandwidth, it is possible to pad all types to be of the same size.

  2. 2.

    Checking if a mailbox is not empty could be done anonymously and efficiently via [13].

References

  1. Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: the second-generation onion router. In: USENIX Security Symposium, USENIX, pp. 303–320 (2004)

    Google Scholar 

  2. Gilad, Y., Herzberg, A.: Spying in the dark: TCP and tor traffic analysis. In: Fischer-Hübner, S., Wright, M. (eds.) PETS 2012. LNCS, vol. 7384, pp. 100–119. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31680-7_6

    Chapter  Google Scholar 

  3. Bauer, K., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.: Low-resource routing attacks against tor. In: Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society, pp. 11–20. ACM (2007)

    Google Scholar 

  4. Borisov, N., Danezis, G., Mittal, P., Tabriz, P.: Denial of service or denial of security? In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 92–102. ACM (2007)

    Google Scholar 

  5. Dingledine, R., Mathewson, N.: Anonymity loves company: usability and the network effect. In: WEIS (2006)

    Google Scholar 

  6. Gelernter, N., Herzberg, A., Leibowitz, H.: Two cents for strong anonymity: the anonymous post-office protocol. Cryptology ePrint Archive, Report 2016/489 (2016) http://eprint.iacr.org/2016/489

  7. Farb, M., Burman, M., Chandok, G., McCune, J., Perrig, A.: SafeSlinger: an easy-to-use and secure approach for human trust establishment. Technical report, Technical Report CMU-CyLab-11-021, Carnegie Mellon University (2011)

    Google Scholar 

  8. Bellare, M., Rogaway, P.: Asymmetric encryption. http://cseweb.ucsd.edu/~mihir/cse207/w-asym.pdf

  9. Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–90 (1981)

    Article  Google Scholar 

  10. Goldschlag, D., Reed, M., Syverson, P.: Onion routing. Commun. ACM 42(2), 39–41 (1999)

    Article  Google Scholar 

  11. Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_41

    Chapter  Google Scholar 

  12. Pfitzmann, A., Pfitzmann, B., Waidner, M.: ISDN-MIXes: untraceable communication with very small bandwidth overhead. GI/ITG Conf. Commun. Distrib. Syst. 267, 451–463 (1991)

    Google Scholar 

  13. Piotrowska, A., Hayes, J., Gelernter, N., Danezis, G., Herzberg, A.: AnNotify: a private notification service. In: Workshop on Privacy in the Electronic Society (WPES 2017) (2017)

    Google Scholar 

  14. Dingledine, R., Syverson, P.: Reliable MIX cascade networks through reputation. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 253–268. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36504-4_18

    Chapter  Google Scholar 

  15. Berthold, O., Federrath, H., Köhntopp, M.: Project “anonymity and unobservability in the internet”. In: Proceedings of the Tenth Conference on Computers, Freedom and Privacy: Challenging the Assumptions, pp. 57–65. ACM (2000)

    Google Scholar 

  16. Berthold, O., Langos, H.: Dummy traffic against long term intersection attacks. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 110–128. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36467-6_9

    Chapter  Google Scholar 

  17. Mathewson, N., Dingledine, R.: Practical traffic analysis: extending and resisting statistical disclosure. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 17–34. Springer, Heidelberg (2005). https://doi.org/10.1007/11423409_2

    Chapter  Google Scholar 

  18. Wright, M.K., Adler, M., Levine, B.N., Shields, C.: Passive-logging attacks against anonymous communications systems. ACM Trans. Inf. Syst. Secur. (TISSEC) 11(2), 3 (2008)

    Article  Google Scholar 

  19. Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management, 34 (2010). http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0

  20. Hughes, D., Shmatikov, V.: Information hiding, anonymity and privacy: a modular approach. J. Comput. Secur. 12(1), 3–36 (2004)

    Article  Google Scholar 

  21. Halpern, J., O’Neill, K.: Anonymity and information hiding in multiagent systems. J. Comput. Secur. 13(3), 483–514 (2005)

    Article  Google Scholar 

  22. Pashalidis, A.: Measuring the effectiveness and the fairness of relation hiding systems. In: IEEE Asia-Pacific Services Computing Conference, APSCC 2008, pp. 1387–1394. IEEE (2008)

    Google Scholar 

  23. Tsukada, Y., Mano, K., Sakurada, H., Kawabe, Y.: Anonymity, privacy, onymity, and identity: a modal logic approach. In: International Conference on Computational Science and Engineering, CSE 2009, vol. 3, pp. 42–51. IEEE (2009)

    Google Scholar 

  24. Bohli, J., Pashalidis, A.: Relations among privacy notions. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(1), 4 (2011)

    Article  Google Scholar 

  25. Goriac, I.: An epistemic logic based framework for reasoning about information hiding. In: 2011 Sixth International Conference on Availability, Reliability and Security (ARES), pp. 286–293. IEEE (2011)

    Google Scholar 

  26. Veeningen, M., de Weger, B., Zannone, N.: Modeling identity-related properties and their privacy strength. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 126–140. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19751-2_9

    Chapter  Google Scholar 

  27. Backes, M., Goldberg, I., Kate, A., Mohammadi, E.: Provably secure and practical onion routing. In: 2012 IEEE 25th Computer Security Foundations Symposium (CSF), pp. 369–385. IEEE (2012)

    Google Scholar 

  28. Feigenbaum, J., Johnson, A., Syverson, P.: Probabilistic analysis of onion routing in a black-box model. ACM Trans. Inf. Syst. Secur. 15(3), 14:1–14:28 (2012)

    Article  Google Scholar 

  29. Hevia, A., Micciancio, D.: An indistinguishability-based characterization of anonymous channels. In: Borisov, N., Goldberg, I. (eds.) PETS 2008. LNCS, vol. 5134, pp. 24–43. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70630-4_3

    Chapter  Google Scholar 

  30. Gelernter, N., Herzberg, A.: On the limits of provable anonymity. In: Proceedings of the 12th Annual ACM Workshop on Privacy in the Electronic Society, WPES 2013 (2013)

    Google Scholar 

  31. Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_16

    Chapter  Google Scholar 

  32. Canetti, R., Halevi, S., Herzberg, A.: Maintaining authenticated communication in the presence of break-ins. J. Cryptol. 13(1), 61–105 (2000)

    Article  MathSciNet  Google Scholar 

  33. Danezis, G., Goldberg, I.: Sphinx: a compact and provably secure mix format. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 269–282. IEEE (2009)

    Google Scholar 

  34. Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: design of a type iii anonymous remailer protocol. In: Proceedings of 2003 Symposium on Security and Privacy, pp. 2–15. IEEE (2003)

    Google Scholar 

  35. Gülcü, C., Tsudik, G.: Mixing email with Babel. In: Ellis, J.T., Neuman, B.C., Balenson, D.M. (eds.) NDSS, pp. 2–16. IEEE Computer Society (1996)

    Google Scholar 

  36. Díaz, C., Sassaman, L., Dewitte, E.: Comparison between two practical mix designs. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 141–159. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30108-0_9

    Chapter  Google Scholar 

  37. Beimel, A., Dolev, S.: Buses for anonymous message delivery. J. Cryptol. 16(1), 25–39 (2003)

    Article  MathSciNet  Google Scholar 

  38. Corrigan-Gibbs, H., Wolinsky, D.I., Ford, B.: Proactively accountable anonymous messaging in Verdict. In: Proceedings of the 22nd USENIX Conference on Security, pp. 147–162. USENIX Association (2013)

    Google Scholar 

  39. Wolinsky, D.I., Corrigan-Gibbs, H., Ford, B., Johnson, A.: Dissent in numbers: making strong anonymity scale. In: 10th OSDI (2012)

    Google Scholar 

  40. Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988)

    Article  MathSciNet  Google Scholar 

  41. Corrigan-Gibbs, H., Boneh, D., Mazires, D.: Riposte: an anonymous messaging system handling millions of users. In: IEEE Symposium on Security and Privacy, pp. 321–338. IEEE Computer Society (2015)

    Google Scholar 

  42. Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. J. ACM (JACM) 45(6), 965–981 (1998)

    Article  MathSciNet  Google Scholar 

  43. Demmler, D., Herzberg, A., Schneider, T.: RAID-PIR: practical multi-server PIR. In: Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security, pp. 45–56. ACM (2014)

    Google Scholar 

  44. Sassaman, L., Cohen, B., Mathewson, N.: The Pynchon gate: a secure method of pseudonymous mail retrieval. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, pp. 1–9. ACM (2005)

    Google Scholar 

  45. Nipane, N., Dacosta, I., Traynor, P.: “mix-in-place” anonymous networking using secure function evaluation. In: Zakon, R.H., McDermott, J.P., Locasto, M.E. (eds.) ACSAC, pp. 63–72. ACM (2011)

    Google Scholar 

  46. Le Blond, S., Choffnes, D., Zhou, W., Druschel, P., Ballani, H., Francis, P.: Towards efficient traffic-analysis resistant anonymity networks. In: Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM, pp. 303–314. ACM (2013)

    Google Scholar 

  47. von Ahn, L., Bortz, A., Hopper, N.J.: K-anonymous message transmission. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 122–130. ACM (2003)

    Google Scholar 

  48. van den Hooff, J., Lazar, D., Zaharia, M., Zeldovich, N.: Vuvuzela: scalable private messaging resistant to traffic analysis. In: SOSP, pp. 137–152. ACM (2015)

    Google Scholar 

  49. Gelernter, N., Herzberg, A.: AnonPoP old anonymous technical report (before the system implementation). Anonymised Technical report, August 2014. https://sites.google.com/site/anonymoustechreports/home

  50. Gelernter, N., Herzberg, A.: Hide from the NSA: achieving strong anonymity against strong adversaries. In: 2014 IEEE International Conference on Software Science, Technology and Engineering (SWSTE), Doctoral Symposium (2014)

    Google Scholar 

  51. Wolinsky, D.I., Syta, E., Ford, B.: Hang with your buddies to resist intersection attacks. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS 2013, pp. 1153–1166. ACM, New York (2013)

    Google Scholar 

  52. Herzberg, A., Leibowitz, H.: Can Johnny finally encrypt? Evaluating E2E encryption in popular IM applications. In: ACM Workshop on Socio-Technical Aspects in Security and Trust (STAST) (2016)

    Google Scholar 

  53. Leibowitz, H., Piotrowska, A., Danezis, G., Herzberg, A.: No right to remain silent: isolating malicious mixes. Cryptology ePrint Archive, Report 2017/1000 (2017). http://eprint.iacr.org/2017/1000

Download references

Acknowledgments

We are grateful to George Danezis, Yossi Gilad, Hezi Moriel, Roee Shlomo, Bogdan Carbunar and the anonymous reviewers for their helpful and constructive feedback. This work was supported by the Israeli Ministry of Science and Technology.

Author information

Authors and Affiliations

  1. Department of Computer Science, College of Management Academic Studies, Rishon LeZion, Israel

    Nethanel Gelernter

  2. Department of Computer Science, Bar Ilan University, Ramat Gan, Israel

    Amir Herzberg & Hemi Leibowitz

  3. Department of Computer Science, University of Connecticut, Mansfield, CT, USA

    Amir Herzberg

Authors
  1. Nethanel Gelernter
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amir Herzberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hemi Leibowitz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hemi Leibowitz .

Editor information

Editors and Affiliations

  1. ETH Zürich, Zürich, Switzerland

    Srdjan Capkun

  2. Chinese University of Hong Kong, Shatin, Hong Kong

    Sherman S. M. Chow

Appendices

Appendix

A Probability of Compromised Channel

When the PO is corrupt, AnonPoP’s sender (recipient) anonymity may fail, if all mixes in the push (resp., pull) channel are malicious (1). We now show that, under the reasonable assumption that \(f<<n\), the probability of such ‘all bad’ channel is small.

To increase the probability of ‘all bad’ channel, the attacker may decrease the number of possible channels where at least one mix is honest, by disconnecting up to \(f\) honest servers from each malicious mix, abusing the ‘bad server isolation’ mechanism. However, as we show, this abuse does not significantly improve the probability of ‘all bad’ channel. Assume, for simplicity, that the attacker can cancel every connection between malicious and honest mixes; for simplicity, assume three mixes in a channel. Hence, there are \(3! \cdot {f\atopwithdelims ()3}\) ‘all bad’ channels, and \(3! \cdot {{n - f} \atopwithdelims ()3}\) ‘all honest’ channels. The probability of choosing an ‘all bad’ channel is therefore only: \(\frac{{f\atopwithdelims ()3}}{{f\atopwithdelims ()3} + {{n - f} \atopwithdelims ()3}}\).

B AnonPoP and Vuvuzela

In this appendix, we briefly discuss some of the differences between AnonPoP and Vuvuzela.

Vuvuzela allows communication only between connected (online) users, where AnonPoP aims to provide defense to users who may disconnect. AnonPoP’s motivation for this decision is to provide protection for its users from attacks that takes advantage of disconnections to infer information about the users. Furthermore, AnonPoP also aims to have a built-in support for mobile users, and mobile users sometimes disconnect.

AnonPoP’s goal to provide support for mobile users is also exhibited in its attempt to minimize the communication overhead requirements to be suitable for the low energy and low bandwidth requirements of usable mobile environments. In Vuvuzela, at each ‘dial round’ (currently set at 10 min), every Vuvuzela user downloads and decrypts all ‘invitations’ sent to her invitation dead drop, shared with many other users and determined as the hash of the user’s public key. Even with only three servers, this is 7MB per (10-min) dialing round.

AnonPoP presents the bad-server isolation mechanism, which actively takes measures against misbehaving servers, to deter rogue servers from performing active attacks against AnonPoP users.

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gelernter, N., Herzberg, A., Leibowitz, H. (2018). Two Cents for Strong Anonymity: The Anonymous Post-office Protocol. In: Capkun, S., Chow, S. (eds) Cryptology and Network Security. CANS 2017. Lecture Notes in Computer Science(), vol 11261. Springer, Cham. https://doi.org/10.1007/978-3-030-02641-7_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02641-7_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02640-0

  • Online ISBN: 978-3-030-02641-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation