Abstract
We introduce the Anonymous Post-Office Protocol (AnonPoP), a practical strongly-anonymous messaging system. Its design effectively combines known techniques such as (synchronous) mix-cascade and constant sending rate, with several new techniques including request-pool, bad-server isolation and per-epoch mailboxes. AnonPoP offers strong anonymity against strong, globally-eavesdropping adversaries, that may also control multiple servers, including all-but-one servers in a mix-cascade. Significantly, AnonPoP’s anonymity holds even when clients may occasionally disconnect, which is essential for supporting mobile clients.
AnonPoP is affordable, with monthly costs of 2 cents per client. It is also efficient with respect to latency, communication, and energy, making it suitable for mobile clients. We developed an API that allows other applications to use AnonPoP for adding strong anonymity. We evaluated AnonPoP in several experiments, including a ‘double-blinded’ usability study, a cloud-based deployment, and simulations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
To further increase the anonymity set, at the small price of extra bandwidth, it is possible to pad all types to be of the same size.
- 2.
Checking if a mailbox is not empty could be done anonymously and efficiently via [13].
References
Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: the second-generation onion router. In: USENIX Security Symposium, USENIX, pp. 303–320 (2004)
Gilad, Y., Herzberg, A.: Spying in the dark: TCP and tor traffic analysis. In: Fischer-Hübner, S., Wright, M. (eds.) PETS 2012. LNCS, vol. 7384, pp. 100–119. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31680-7_6
Bauer, K., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.: Low-resource routing attacks against tor. In: Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society, pp. 11–20. ACM (2007)
Borisov, N., Danezis, G., Mittal, P., Tabriz, P.: Denial of service or denial of security? In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 92–102. ACM (2007)
Dingledine, R., Mathewson, N.: Anonymity loves company: usability and the network effect. In: WEIS (2006)
Gelernter, N., Herzberg, A., Leibowitz, H.: Two cents for strong anonymity: the anonymous post-office protocol. Cryptology ePrint Archive, Report 2016/489 (2016) http://eprint.iacr.org/2016/489
Farb, M., Burman, M., Chandok, G., McCune, J., Perrig, A.: SafeSlinger: an easy-to-use and secure approach for human trust establishment. Technical report, Technical Report CMU-CyLab-11-021, Carnegie Mellon University (2011)
Bellare, M., Rogaway, P.: Asymmetric encryption. http://cseweb.ucsd.edu/~mihir/cse207/w-asym.pdf
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–90 (1981)
Goldschlag, D., Reed, M., Syverson, P.: Onion routing. Commun. ACM 42(2), 39–41 (1999)
Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_41
Pfitzmann, A., Pfitzmann, B., Waidner, M.: ISDN-MIXes: untraceable communication with very small bandwidth overhead. GI/ITG Conf. Commun. Distrib. Syst. 267, 451–463 (1991)
Piotrowska, A., Hayes, J., Gelernter, N., Danezis, G., Herzberg, A.: AnNotify: a private notification service. In: Workshop on Privacy in the Electronic Society (WPES 2017) (2017)
Dingledine, R., Syverson, P.: Reliable MIX cascade networks through reputation. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 253–268. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36504-4_18
Berthold, O., Federrath, H., Köhntopp, M.: Project “anonymity and unobservability in the internet”. In: Proceedings of the Tenth Conference on Computers, Freedom and Privacy: Challenging the Assumptions, pp. 57–65. ACM (2000)
Berthold, O., Langos, H.: Dummy traffic against long term intersection attacks. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 110–128. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36467-6_9
Mathewson, N., Dingledine, R.: Practical traffic analysis: extending and resisting statistical disclosure. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 17–34. Springer, Heidelberg (2005). https://doi.org/10.1007/11423409_2
Wright, M.K., Adler, M., Levine, B.N., Shields, C.: Passive-logging attacks against anonymous communications systems. ACM Trans. Inf. Syst. Secur. (TISSEC) 11(2), 3 (2008)
Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management, 34 (2010). http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0
Hughes, D., Shmatikov, V.: Information hiding, anonymity and privacy: a modular approach. J. Comput. Secur. 12(1), 3–36 (2004)
Halpern, J., O’Neill, K.: Anonymity and information hiding in multiagent systems. J. Comput. Secur. 13(3), 483–514 (2005)
Pashalidis, A.: Measuring the effectiveness and the fairness of relation hiding systems. In: IEEE Asia-Pacific Services Computing Conference, APSCC 2008, pp. 1387–1394. IEEE (2008)
Tsukada, Y., Mano, K., Sakurada, H., Kawabe, Y.: Anonymity, privacy, onymity, and identity: a modal logic approach. In: International Conference on Computational Science and Engineering, CSE 2009, vol. 3, pp. 42–51. IEEE (2009)
Bohli, J., Pashalidis, A.: Relations among privacy notions. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(1), 4 (2011)
Goriac, I.: An epistemic logic based framework for reasoning about information hiding. In: 2011 Sixth International Conference on Availability, Reliability and Security (ARES), pp. 286–293. IEEE (2011)
Veeningen, M., de Weger, B., Zannone, N.: Modeling identity-related properties and their privacy strength. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 126–140. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19751-2_9
Backes, M., Goldberg, I., Kate, A., Mohammadi, E.: Provably secure and practical onion routing. In: 2012 IEEE 25th Computer Security Foundations Symposium (CSF), pp. 369–385. IEEE (2012)
Feigenbaum, J., Johnson, A., Syverson, P.: Probabilistic analysis of onion routing in a black-box model. ACM Trans. Inf. Syst. Secur. 15(3), 14:1–14:28 (2012)
Hevia, A., Micciancio, D.: An indistinguishability-based characterization of anonymous channels. In: Borisov, N., Goldberg, I. (eds.) PETS 2008. LNCS, vol. 5134, pp. 24–43. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70630-4_3
Gelernter, N., Herzberg, A.: On the limits of provable anonymity. In: Proceedings of the 12th Annual ACM Workshop on Privacy in the Electronic Society, WPES 2013 (2013)
Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_16
Canetti, R., Halevi, S., Herzberg, A.: Maintaining authenticated communication in the presence of break-ins. J. Cryptol. 13(1), 61–105 (2000)
Danezis, G., Goldberg, I.: Sphinx: a compact and provably secure mix format. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 269–282. IEEE (2009)
Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: design of a type iii anonymous remailer protocol. In: Proceedings of 2003 Symposium on Security and Privacy, pp. 2–15. IEEE (2003)
Gülcü, C., Tsudik, G.: Mixing email with Babel. In: Ellis, J.T., Neuman, B.C., Balenson, D.M. (eds.) NDSS, pp. 2–16. IEEE Computer Society (1996)
Díaz, C., Sassaman, L., Dewitte, E.: Comparison between two practical mix designs. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 141–159. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30108-0_9
Beimel, A., Dolev, S.: Buses for anonymous message delivery. J. Cryptol. 16(1), 25–39 (2003)
Corrigan-Gibbs, H., Wolinsky, D.I., Ford, B.: Proactively accountable anonymous messaging in Verdict. In: Proceedings of the 22nd USENIX Conference on Security, pp. 147–162. USENIX Association (2013)
Wolinsky, D.I., Corrigan-Gibbs, H., Ford, B., Johnson, A.: Dissent in numbers: making strong anonymity scale. In: 10th OSDI (2012)
Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988)
Corrigan-Gibbs, H., Boneh, D., Mazires, D.: Riposte: an anonymous messaging system handling millions of users. In: IEEE Symposium on Security and Privacy, pp. 321–338. IEEE Computer Society (2015)
Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. J. ACM (JACM) 45(6), 965–981 (1998)
Demmler, D., Herzberg, A., Schneider, T.: RAID-PIR: practical multi-server PIR. In: Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security, pp. 45–56. ACM (2014)
Sassaman, L., Cohen, B., Mathewson, N.: The Pynchon gate: a secure method of pseudonymous mail retrieval. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, pp. 1–9. ACM (2005)
Nipane, N., Dacosta, I., Traynor, P.: “mix-in-place” anonymous networking using secure function evaluation. In: Zakon, R.H., McDermott, J.P., Locasto, M.E. (eds.) ACSAC, pp. 63–72. ACM (2011)
Le Blond, S., Choffnes, D., Zhou, W., Druschel, P., Ballani, H., Francis, P.: Towards efficient traffic-analysis resistant anonymity networks. In: Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM, pp. 303–314. ACM (2013)
von Ahn, L., Bortz, A., Hopper, N.J.: K-anonymous message transmission. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 122–130. ACM (2003)
van den Hooff, J., Lazar, D., Zaharia, M., Zeldovich, N.: Vuvuzela: scalable private messaging resistant to traffic analysis. In: SOSP, pp. 137–152. ACM (2015)
Gelernter, N., Herzberg, A.: AnonPoP old anonymous technical report (before the system implementation). Anonymised Technical report, August 2014. https://sites.google.com/site/anonymoustechreports/home
Gelernter, N., Herzberg, A.: Hide from the NSA: achieving strong anonymity against strong adversaries. In: 2014 IEEE International Conference on Software Science, Technology and Engineering (SWSTE), Doctoral Symposium (2014)
Wolinsky, D.I., Syta, E., Ford, B.: Hang with your buddies to resist intersection attacks. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS 2013, pp. 1153–1166. ACM, New York (2013)
Herzberg, A., Leibowitz, H.: Can Johnny finally encrypt? Evaluating E2E encryption in popular IM applications. In: ACM Workshop on Socio-Technical Aspects in Security and Trust (STAST) (2016)
Leibowitz, H., Piotrowska, A., Danezis, G., Herzberg, A.: No right to remain silent: isolating malicious mixes. Cryptology ePrint Archive, Report 2017/1000 (2017). http://eprint.iacr.org/2017/1000
Acknowledgments
We are grateful to George Danezis, Yossi Gilad, Hezi Moriel, Roee Shlomo, Bogdan Carbunar and the anonymous reviewers for their helpful and constructive feedback. This work was supported by the Israeli Ministry of Science and Technology.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix
A Probability of Compromised Channel
When the PO is corrupt, AnonPoP’s sender (recipient) anonymity may fail, if all mixes in the push (resp., pull) channel are malicious (1). We now show that, under the reasonable assumption that \(f<<n\), the probability of such ‘all bad’ channel is small.
To increase the probability of ‘all bad’ channel, the attacker may decrease the number of possible channels where at least one mix is honest, by disconnecting up to \(f\) honest servers from each malicious mix, abusing the ‘bad server isolation’ mechanism. However, as we show, this abuse does not significantly improve the probability of ‘all bad’ channel. Assume, for simplicity, that the attacker can cancel every connection between malicious and honest mixes; for simplicity, assume three mixes in a channel. Hence, there are \(3! \cdot {f\atopwithdelims ()3}\) ‘all bad’ channels, and \(3! \cdot {{n - f} \atopwithdelims ()3}\) ‘all honest’ channels. The probability of choosing an ‘all bad’ channel is therefore only: \(\frac{{f\atopwithdelims ()3}}{{f\atopwithdelims ()3} + {{n - f} \atopwithdelims ()3}}\).
B AnonPoP and Vuvuzela
In this appendix, we briefly discuss some of the differences between AnonPoP and Vuvuzela.
Vuvuzela allows communication only between connected (online) users, where AnonPoP aims to provide defense to users who may disconnect. AnonPoP’s motivation for this decision is to provide protection for its users from attacks that takes advantage of disconnections to infer information about the users. Furthermore, AnonPoP also aims to have a built-in support for mobile users, and mobile users sometimes disconnect.
AnonPoP’s goal to provide support for mobile users is also exhibited in its attempt to minimize the communication overhead requirements to be suitable for the low energy and low bandwidth requirements of usable mobile environments. In Vuvuzela, at each ‘dial round’ (currently set at 10 min), every Vuvuzela user downloads and decrypts all ‘invitations’ sent to her invitation dead drop, shared with many other users and determined as the hash of the user’s public key. Even with only three servers, this is 7MB per (10-min) dialing round.
AnonPoP presents the bad-server isolation mechanism, which actively takes measures against misbehaving servers, to deter rogue servers from performing active attacks against AnonPoP users.
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Gelernter, N., Herzberg, A., Leibowitz, H. (2018). Two Cents for Strong Anonymity: The Anonymous Post-office Protocol. In: Capkun, S., Chow, S. (eds) Cryptology and Network Security. CANS 2017. Lecture Notes in Computer Science(), vol 11261. Springer, Cham. https://doi.org/10.1007/978-3-030-02641-7_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-02641-7_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02640-0
Online ISBN: 978-3-030-02641-7
eBook Packages: Computer ScienceComputer Science (R0)