Advertisement

Why I’m Not an Entropist

  • Paul Syverson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7028)

Abstract

What does it mean to be anonymous in network communications? Our central thesis is that both the theoretical literature and the deployed systems have gotten the answer essentially wrong. The answers have been wrong because they apply the wrong metric to the wrong adversary model. I indicate problems in the established adversary models and metrics for anonymity as well as implications for the design and analysis of anonymous communication systems.

Keywords

Adversary Model Exit Node Entry Node Anonymous Communication Entropist Conception 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Acquisti, A., Dingledine, R., Syverson, P.: On the Economics of Anonymity. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 84–102. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    The Anonymizer (2009), http://www.anonymizer.com/; Homepage of the company that offers the Anonymizer Proxy Service. Original Anonymizer first described in [5]
  3. 3.
    Berthold, O., Federrath, H., Köpsell, S.: Web MIXes: A System for Anonymous and Unobservable Internet Access. In: Federrath, H. (ed.) Anonymity 2000. LNCS, vol. 2009, pp. 115–129. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Borisov, N., Danezis, G., Mittal, P., Tabriz, P.: Denial of service or denial of security? How attacks on reliability can compromise anonymity. In: De Capitani di Vimercati, S., Syverson, P., Evans, D. (eds.) CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 92–102. ACM Press (2007)Google Scholar
  5. 5.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4(2), 84–88 (1981)CrossRefGoogle Scholar
  6. 6.
    Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4(2), 84–88 (1981)CrossRefGoogle Scholar
  7. 7.
    Clauß, S., Schiffner, S.: Structuring anonymity networks. In: Goto, A. (ed.) DIM 2006: Proceedings of the 2006 ACM Workshop on Digital Identity Management, Alexandria, VA, USA, pp. 55–62. ACM Press (2006)Google Scholar
  8. 8.
    Danezis, G., Clayton, R.: Route fingerprinting in anonymous communications. In: Sixth IEEE International Conference on Peer-to-Peer Computing, P2P 2006, pp. 69–72. IEEE Computer Society Press (2006)Google Scholar
  9. 9.
    Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a type III anonymous remailer protocol. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy, Berkeley, CA, pp. 2–15. IEEE Computer Society (May 2003)Google Scholar
  10. 10.
    Danezis, G., Serjantov, A.: Statistical Disclosure or Intersection Attacks on Anonymity Systems. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 293–308. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Danezis, G., Syverson, P.: Bridging and Fingerprinting: Epistemic Attacks on Route Selection. In: Borisov, N., Goldberg, I. (eds.) PETS 2008. LNCS, vol. 5134, pp. 151–166. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Danezis, G., Wittneben, B.: The economics of mass surveillance and the questionable value of anonymous communications. In: Anderson, R. (ed.) Fifth Workshop on the Economics of Information Security, WEIS 2006 (June 2006)Google Scholar
  13. 13.
    Dingledine, R., Mathewson, N.: Anonymity loves company: Usability and the network effect. In: Anderson, R. (ed.) Fifth Workshop on the Economics of Information Security, WEIS 2006 (June 2006)Google Scholar
  14. 14.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium, pp. 303–319. USENIX Association (August 2004)Google Scholar
  15. 15.
    Dingledine, R., Mathewson, N., Syverson, P.: Deploying low-latency anonymity: Design challenges and social factors. IEEE Security & Privacy 5(5), 83–87 (2007)CrossRefGoogle Scholar
  16. 16.
    Dingledine, R., Syverson, P.: Synchronous Batching: From Cascades to Free Routes. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 186–206. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Dolev, D., Yao, A.C.: On the security of public-key protocols. IEEE Transactions on Information Theory 2(29), 198–208 (1983)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Evans, N.S., Dingledine, R., Grothoff, C.: A practical congestion attack on Tor using long paths. In: Proceedings of the 18th USENIX Security Symposium, Montreal, Canada, pp. 33–50. USENIX Association (August 2009)Google Scholar
  19. 19.
    Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding Routing Information. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  20. 20.
    Goldschlag, D.M., Stubblebine, S.G., Syverson, P.F.: Temporarily hidden bit commitment and lottery applications. International Journal of Information Security 9(1), 33–50 (2010)CrossRefGoogle Scholar
  21. 21.
    Helmers, S.: A brief history of anon.penet.fi - the legendary anonymous remailer. CMC Magazine (September 1997)Google Scholar
  22. 22.
    Hintz, A.: Fingerprinting Websites Using Traffic Analysis. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 171–178. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Hopper, N., Vasserman, E.Y., Chan-Tin, E.: How much anonymity does network latency leak? In: De Capitani di Vimercati, S., Syverson, P., Evans, D. (eds.) CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 82–91. ACM Press (2007); Expanded and revised version in [24]Google Scholar
  24. 24.
    Johnson, A., Syverson, P., Dingledine, R., Mathewson, N.: Trustbased anonymous communication: Adversary models and routing algorithms. In: CCS 2011: Proceedings of the 18th ACM Conference on Computer and Communications Security, ACM Press (October 2011)Google Scholar
  25. 25.
    Johnson, A., Syverson, P.: More anonymous onion routing through trust. In: 22nd IEEE Computer Security Foundations Symposium, CSF 2009, Port Jefferson, New York, USA, pp. 3–12. IEEE Computer Society (July 2009)Google Scholar
  26. 26.
    Johnson, A., Syverson, P., Dingledine, R., Mathewson, N.: Trust-based anonymous communication: Adversary models and routing algorithms. In: CCS 2011: Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM Press (October 2011)Google Scholar
  27. 27.
    JonDonym – the internet anonymisation service (2008), https://www.jondos.de/en/; Commercial version of the Java Anon Proxy (JAP). Initially published description in [3]
  28. 28.
    Liberatore, M., Levine, B.N.: Inferring the source of encrypted HTTP connections. In: Wright, R.N., De Capitani di Vimercati, S., Shmatikov, V. (eds.) CCS 2006: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 255–263. ACM Press (2006)Google Scholar
  29. 29.
    Mathewson, N., Dingledine, R.: Practical Traffic Analysis: Extending and Resisting Statistical Disclosure. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 17–34. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  30. 30.
    Möller, U., Cottrell, L., Palfrader, P., Sassaman, L.: Mixmaster protocol - version 3. IETF Internet Draft (2003)Google Scholar
  31. 31.
    Murdoch, S.J.: Hot or not: Revealing hidden services by their clock skew. In: Wright, R.N., De Capitani di Vimercati, S., Shmatikov, V. (eds.) CCS 2006: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 27–36. ACM Press (2006)Google Scholar
  32. 32.
    Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of Tor. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, IEEE S&P 2005, pp. 183–195. IEEE CS (May 2005)Google Scholar
  33. 33.
    Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks. In: Proceedings of the Tenth ACM Symposium on Principles of Distributed Computing, PODC 1991, pp. 51–59. ACM Press (1991)Google Scholar
  34. 34.
    Øverlier, L., Syverson, P.: Locating hidden servers. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, S&P 2006, pp. 100–114. IEEE CS (May 2006)Google Scholar
  35. 35.
    Parekh, S.: Prospects for remailers: where is anonymity heading on the internet? First Monday 1(2) (August 5, 1996), http://www.firstmonday.dk/issues/issue2/remailers/
  36. 36.
    Serjantov, A., Dingledine, R., Syverson, P.: From a Trickle to a Flood: Active Attacks on Several Mix Types. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 36–52. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  37. 37.
    Pfitzmann, A., Köhntopp, M.: A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management, version v0.32 (December 2009), http://dud.inf.tu-dresden.de/Anon_Terminology.shtml, Regularly revised and updated version of [36]
  38. 38.
    Reed, M.G., Syverson, P.F., Goldschlag, D.M.: Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communications 16(4), 482–494 (1998)CrossRefGoogle Scholar
  39. 39.
    Serjantov, A., Dingledine, R., Syverson, P.: From a Trickle to a Flood: Active Attacks on Several Mix Types. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 36–52. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  40. 40.
    Simmons, G.J.: The history of subliminal channels. IEEE Journal on Selected Areas in Communications 16(4), 452–462 (1998)MathSciNetCrossRefGoogle Scholar
  41. 41.
    Syverson, P., Reed, M., Goldschlag, D.: Onion Routing access configurations. In: Proceedings DARPA Information Survivability Conference & Exposition, DISCEX 2000, vol. 1, pp. 34–40. IEEE CS Press (1999)Google Scholar
  42. 42.
    Syverson, P., Tsudik, G., Reed, M., Landwehr, C.: Towards an Analysis of Onion Routing Security. In: Federrath, H. (ed.) Anonymity 2000. LNCS, vol. 2009, pp. 96–114. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  43. 43.
    Tang, C., Goldberg, I.: An improved algorithm for Tor circuit scheduling. Technical Report CACR 2010-06, University of Waterloo, Center for Applied Cryptography Research (2010), http://www.cacr.math.uwaterloo.ca/techreports/2010/cacr2010-06.pdf
  44. 44.
    The Tor Project (2009), https://www.torproject.org/; Homepage of the non-profit organization that maintains and develops the Tor network. Original Tor design first published in [14]

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Paul Syverson
    • 1
  1. 1.Naval Research LaboratoryUSA

Personalised recommendations