BackRef: Accountability in Anonymous Communication Networks

  • Michael Backes
  • Jeremy Clark
  • Aniket Kate
  • Milivoj Simeonovski
  • Peter Druschel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8479)


Many anonymous communication networks (ACNs) rely on routing traffic through a sequence of proxy nodes to obfuscate the originator of the traffic. Without an accountability mechanism, exit proxy nodes may become embroiled in a criminal investigation if originators commit criminal actions through the ACN. We present BackRef, a generic mechanism for ACNs that provides practical repudiation for the proxy nodes by tracing back the selected outbound traffic to the predecessor node (but not in the forward direction) through a cryptographically verifiable chain. It also provides an option for full (or partial) traceability back to the entry node or even to the corresponding originator when all intermediate nodes are cooperating. Moreover, to maintain a good balance between anonymity and accountability, the protocol incorporates whitelist directories at exit proxy nodes. BackRef offers improved deployability over the related work, and introduces a novel concept of pseudonymous signatures that may be of independent interest.

We exemplify the utility of BackRef by integrating it into the onion routing (OR) protocol, and examine its deployability by considering several system-level aspects. We also present the security definitions for the BackRef system (namely, anonymity, backward traceability, no forward traceability, and no false accusation) and conduct a formal security analysis of the OR protocol with BackRef using ProVerif, an automated cryptographic protocol verifier, establishing the aforementioned security properties against a strong adversarial model.


anonymity malicious users accountability repudiation traceability formal verification 


  1. 1.
    Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. J. Cryptology 1(1) (1988)Google Scholar
  2. 2.
    Corrigan-Gibbs, H., Ford, B.: Dissent: accountable anonymous group messaging. In: CCS, pp. 340–350 (2010)Google Scholar
  3. 3.
    Syverson, P.F., Goldschlag, D.M., Reed, M.G.: Anonymous connections and onion routing. In: IEEE Symposium on Security and Privacy (1997)Google Scholar
  4. 4.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. CACM 24(2) (1981)Google Scholar
  5. 5.
    Mittal, P., Borisov, N.: Shadowwalker: peer-to-peer anonymous communication using redundant structured topologies. In: CCS, pp. 161–172 (2009)Google Scholar
  6. 6.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: USENIX Security (2004)Google Scholar
  7. 7.
    Möller, U., Cottrell, L., Palfrader, P., Sassaman, L.: Mixmaster Protocol— Version 2. IETF Internet Draft (2003),
  8. 8.
    Janssen, A.W.: Tor madness reloaded (2007), (accessed January 2014)
  9. 9.
    AccusedOperator: Raided for operating a Tor exit node (2012),
  10. 10.
    Köpsell, S., Wendolsky, R., Federrath, H.: Revocable anonymity. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 206–220. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    von Ahn, L., Bortz, A., Hopper, N.J., O’Neill, K.: Selectively traceable anonymity. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 208–222. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Diaz, C., Preneel, B.: Accountable anonymous communication. In: Security, Privacy, and Trust in Modern Data Management (2007)Google Scholar
  13. 13.
    Golle, P.: Reputable mix networks. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 51–62. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Clark, J., Gauvin, P., Adams, C.: Exit node repudiation for anonymity networks. In: On the Identity Trail: Privacy, Anonymity and Identity in a Networked Society. Oxford University Press (2009)Google Scholar
  15. 15.
    Johnson, P.C., Kapadia, A., Tsang, P.P., Smith, S.W.: Nymble: Anonymous IP-address blocking. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 113–133. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Henry, R., Goldberg, I.: Formalizing anonymous blacklisting systems. In: IEEE Symposium on Security and Privacy, pp. 81–95 (2011)Google Scholar
  17. 17.
    Goldberg, I., Wagner, D., Brewer, E.: Privacy-enhancing technologies for the internet. In: IEEE Compcon. (1997)Google Scholar
  18. 18.
    Goldberg, I., Shostack, A.: Freedom network 1.0 architecture and protocols. Technical report, Zero-Knowledge Systems (2001)Google Scholar
  19. 19.
    Kate, A., Zaverucha, G.M., Goldberg, I.: Pairing-based onion routing with improved forward secrecy. ACM Trans. Inf. Syst. Secur. 13(4) (2010)Google Scholar
  20. 20.
    Danezis, G., Goldberg, I.: Sphinx: A compact and provably secure mix format. In: IEEE Symposium on Security and Privacy (2009)Google Scholar
  21. 21.
    Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: design of a type iii anonymous remailer protocol. In: IEEE Symposium on Security and Privacy (2003)Google Scholar
  22. 22.
    Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization v0.34, (August 2010)
  23. 23.
    Wolinsky, D.I., Corrigan-Gibbs, H., Ford, B., Johnson, A.: Dissent in numbers: making strong anonymity scale. In: OSDI (2012)Google Scholar
  24. 24.
    Corrigan-Gibbs, H., Wolinsky, D.I., Ford, B.: Proactively accountable anonymous messaging in verdict. In: USENIX Security (2013)Google Scholar
  25. 25.
    Danezis, G., Sassaman, L.: How to bypass two anonymity revocation schemes. In: Borisov, N., Goldberg, I. (eds.) PETS 2008. LNCS, vol. 5134, pp. 187–201. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  26. 26.
    TorProject: Exonerator Service (2012), (accessed January 2014)
  27. 27.
    Øverlier, L., Syverson, P.F.: Improving efficiency and simplicity of tor circuit establishment and hidden services. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 134–152. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  28. 28.
    Kate, A., Goldberg, I.: Using sphinx to improve onion routing circuit construction. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 359–366. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  29. 29.
    Backes, M., Kate, A., Mohammadi, E.: Ace: an efficient key-exchange protocol for onion routing. In: WPES (2012)Google Scholar
  30. 30.
    Catalano, D., Fiore, D., Gennaro, R.: Certificateless onion routing. In: CCS (2009)Google Scholar
  31. 31.
    Goldberg, I., Stebila, D., Ustaoglu, B.: Anonymity and one-way authentication in key exchange protocols. Designs, Codes and Cryptography (2012)Google Scholar
  32. 32.
    Camenisch, J.L., Lysyanskaya, A.: A formal treatment of onion routing. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 169–187. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  33. 33.
    Danezis, G., Diaz, C., Troncoso, C., Laurie, B.: Drac: An architecture for anonymous low-volume communications. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 202–219. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  34. 34.
    Shimshock, E., Staats, M., Hopper, N.: Breaking and provably fixing minx. In: Borisov, N., Goldberg, I. (eds.) PETS 2008. LNCS, vol. 5134, pp. 99–114. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  35. 35.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)CrossRefzbMATHMathSciNetGoogle Scholar
  36. 36.
    Haeberlen, A., Fonseca, P., Rodrigues, R., Druschel, P.: Fighting cybercrime with packet attestation. Technical report, MPI-SWS (2011)Google Scholar
  37. 37.
    Dingledine, R., Mathewson, N.: Tor Protocol Specification (2008), (accessed January 2014)
  38. 38.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, p. 514. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  39. 39.
    Blake, I., Seroussi, G., Smart, N., Cassels, J.W.S.: Advances in Elliptic Curve Cryptography. Cambridge University Press (2005)Google Scholar
  40. 40.
    Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 124–142. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  41. 41.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: POPL (2001)Google Scholar
  42. 42.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: CSFW (2001)Google Scholar
  43. 43.
    BackRef: Introducing accountability to anonymity networks (proverif scripts),
  44. 44.
    Backes, M., Clark, J., Kate, A., Simeonovski, M., Druschel, P.: Backref: Introducing accountability to anonymity networks,
  45. 45.
    Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols, 435–487 (2009)Google Scholar
  46. 46.
    Chothia, T.: Analysing the MUTE anonymous file-sharing system using the pi-calculus. In: Najm, E., Pradat-Peyre, J.-F., Donzeau-Gouge, V.V. (eds.) FORTE 2006. LNCS, vol. 4229, pp. 115–130. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Michael Backes
    • 1
    • 3
  • Jeremy Clark
    • 2
  • Aniket Kate
    • 1
  • Milivoj Simeonovski
    • 1
  • Peter Druschel
    • 3
  1. 1.Saarland UniversityGermany
  2. 2.Concordia UniversityCanada
  3. 3.Max Planck Institute for Software Systems (MPI-SWS)Germany

Personalised recommendations