Anonymity Attacks on Mix Systems: A Formal Analysis

  • Sami Zhioua
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6958)


Information theory turned out to be very useful in analyzing anonymity attacks in general. The concept of channel information leak is a good indicator of how successful an attack can be. While different information leak measures exist in the literature, the problem of representing anonymity systems using noisy channels has not been well studied. The main goal of this paper is to show how anonymity attacks on mix systems can be formally represented as noisy channels in the information-theoretic sense. This formal representation provides a deeper understanding of mix systems and prepares the field for a more rigorous and accurate analysis of possible attacks. We performed empirical analysis using three information leak measures (mutual information, KLSD, and Min-entropy) which revealed interesting findings about some mix variants. This paper tries to bridge the gap between theory and practice in the field of anonymous communication systems.


Mutual Information Busy Period Information Leak Secret Information Noisy Channel 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–90 (1981)CrossRefGoogle Scholar
  2. 2.
    Möller, U., Cottrell, L., Palfrader, P., Sassaman, L.: Mixmaster Protocol — Version 2. IETF Internet Draft (July 2003)Google Scholar
  3. 3.
    Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy, pp. 2–15 (May 2003)Google Scholar
  4. 4.
    Berthold, O., Federrath, H., Köpsell, S.: Web MIXes: A System for Anonymous and Unobservable Internet Access. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 115–129. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th Usenix Security Symposium (August 2004)Google Scholar
  6. 6.
    Diaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: Anonymity protocols as noisy channels. Information and Computation 206(2-4), 378–401 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Zhu, Y., Bettati, R.: Anonymity vs. information leakage in anonymity systems. In: Proceedings of ICDCS 2005, Columbus, Ohio, pp. 514–524 (2005)Google Scholar
  9. 9.
    Chatzikokolakis, K., Chothia, T., Guha, A.: Statistical measurement of information leakage. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 390–404. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Smith, G.: On the foundations of quantitative information flow. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 288–302. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Zhioua, S.: A new information leakage measure for anonymity protocols. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 50, pp. 398–414. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Chatzikokolakis, K.: Probabilistic and Information-Theoretic Approaches to Anonymity. PhD thesis, Laboratoire d’Informatique (LIX), École Polytechnique, Paris (October 2007)Google Scholar
  13. 13.
    Newman, R.E., Nalla, V.R., Moskowitz, I.S.: Anonymity and covert channels in simple timed mix-firewalls. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 1–16. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Chen, H., Malacaria, P.: Quantifying maximal loss of anonymity in protocols. In: Proceedings of ASIACCS 2009, pp. 206–217. ACM, New York (2009)Google Scholar
  15. 15.
    Chatzikokolakis, K., Palamidessi, C., Panangaden, P.: On the bayes risk in information-hiding protocols. Journal of Computer Security 16(5), 531–571 (2008)CrossRefGoogle Scholar
  16. 16.
    Reiter, M., Rubin, A.: Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)CrossRefGoogle Scholar
  17. 17.
    DeGroot, M.: Optimal Statistical Decisions. McGraw-Hill, New York (1970)zbMATHGoogle Scholar
  18. 18.
    Díaz, C., Preneel, B.: Reasoning about the anonymity provided by pool mixes that generate dummy traffic. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 535–543. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Serjantov, A., Dingledine, R., Syverson, P.: From a trickle to a flood: Active attacks on several mix types. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 36–52. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    Díaz, C., Serjantov, A.: Generalising mixes. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 18–31. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Kesdogan, D., Egner, J., Büschkes, R.: Stop-and-go-mIXes providing probabilistic anonymity in an open system. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 83–98. Springer, Heidelberg (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Sami Zhioua
    • 1
  1. 1.Information and Computer Science DepartmentKing Fahd University of Petroleum and MineralsDhahranSaudi Arabia

Personalised recommendations