Abstract
This work presents a cryptographic analysis of AN.ON’s anonymization protocols. We have discovered three flaws of differing severity. The first is caused by the fact that the freshness of the session key was not checked by the mix. This flaw leads to a situation where an external attacker is able to perform a replay attack against AN.ON. A second, more severe, error was found in the encryption scheme of AN.ON. An internal attacker controlling the first mix in a cascade of length two is able to de-anonymize users with high probability. The third flaw results from the lack of checks to ensure that a message belongs to the current session. This enables an attacker to impersonate the last mix in a cascade.
The flaws we discovered represent errors that, unfortunately, still occur quite often and show the importance of either using standardized crytpographic protocols or performing detailed security analyses.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Freedman, M.J., Morris, R.: Tarzan: a peer-to-peer anonymizing network layer. In: Atluri, V. (ed.) ACM Conference on Computer and Communications Security, pp. 193–206. ACM, New York (2002)
Rennhard, M., Plattner, B.: Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2002), Washington, DC, USA (November 2002)
Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: The second-generation onion router. In: USENIX Security Symposium, pp. 303–320. USENIX (2004)
Berthold, O., Federrath, H., Köpsell, S.: Web MIXes: A system for anonymous and unobservable Internet access. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 115–129. Springer, Heidelberg (2001)
Pfitzmann, A., Hansen, M.: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management - a consolidated proposal for terminology, vol. 0.31 (February 2008)
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4(2), 84–88 (1981)
Kesdogan, D., Agrawal, D., Pham, V., Rautenbach, D.: Fundamental limits on the anonymity provided by the mix technique. In: SP 2006: Proceedings of the 2006 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 86–99. IEEE Computer Society, Los Alamitos (2006)
Berthold, S., Böhme, R., Köpsell, S.: Data retention and anonymity services - introducing a new class of realistic adversary models. In: The Future of Identity in the Information Society. IFIP Advances in Information and Communication Technology, vol. 298, pp. 92–106 (2009)
Köpsell, S.: AnonDienst - Design und Implementierung. Technical report, TU Dresden University (2004)
Köpsell, S.: Vergleich der Verfahren zur Verhinderung von Replay-angriffen der Anonymisierungsdienste AN.ON und Tor. In: Dittmann, J. (ed.) Sicherheit. LNI, vol. 77, pp. 183–187, GI (2006)
Köpsell, S.: Private discussion with the developer (May 2009)
Common Vulnerability and Exposure: CVE-2008-0166 (2008), http://www.cve.mitre.org (last visited: 15.12.2009)
ISO/IEC 11770-3:2008: Information technology – Security techniques – Key management – Part 3: Mechanisms using asymmetric techniques. ISO, Geneva, Switzerland
Westermann, B.: Security analysis of AN.ON’s payment scheme. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds.) NordSec 2009. LNCS, vol. 5838, pp. 255–270. Springer, Heidelberg (2009)
Meadows, C.: The NRL protocol analyzer: An overview. The Journal of Logic Programming 26(2), 113–131 (1996)
Goldberg, I.: On the security of the Tor authentication protocol. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 316–331. Springer, Heidelberg (2006)
Dingledine, R.: Security and Anonymity Vulnerabilities in Tor: Past, Present, and Future. Talk at DefCon 16 (August 2008)
Øverlier, L., Syverson, P.: Improving efficiency and simplicity of Tor circuit establishment and hidden services. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 134–152. Springer, Heidelberg (2007)
Panchenko, A., Westermann, B., Pimenidis, L., Andersson, C.: Shalon: Lightweight anonymization based on open standards. In: Proceedings of 18th Internatonal Conference on Computer Communications and Networks, San Francisco, CA, USA (August 2009)
Simmons, G.J.: Cryptanalysis and protocol failures. Communications of the ACM 37(11), 56–65 (1994)
Gligoroski, D., Andova, S., Knapskog, S.J.: On the importance of the key separation principle for different modes of operation. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 404–418. Springer, Heidelberg (2008)
Danezis, G., Goldberg, I.: Sphinx: A compact and provably secure mix format. In: IEEE Symposium on Security and Privacy, pp. 269–282. IEEE Computer Society, Los Alamitos (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Westermann, B., Wendolsky, R., Pimenidis, L., Kesdogan, D. (2010). Cryptographic Protocol Analysis of AN.ON. In: Sion, R. (eds) Financial Cryptography and Data Security. FC 2010. Lecture Notes in Computer Science, vol 6052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14577-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-14577-3_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14576-6
Online ISBN: 978-3-642-14577-3
eBook Packages: Computer ScienceComputer Science (R0)