Introducing the gMix Open Source Framework for Mix Implementations

Abstract. In this paper we introduce the open source software framework gMix which aims to simplify the implementation and evaluation of mix-based systems. gMix is targeted at researchers who want to evaluate new ideas and developers interested in building practical mix systems. The framework consists of a generic architecture structured in logical layers with a clear separation of concerns. Implementations of mix variants and supportive components are organized as plug-ins that can easily be exchanged and extended. We provide reference implementations for several well-known mix concepts

Analysis of randomized security protocols

Formal analysis has a long and successful track record in the automated verification of security protocols. Techniques in this domain have converged around modeling protocols as non-deterministic processes that interact asynchronously through an adversarial environment controlled by a Dolev-Yao attacker. There are, however, a large class of protocols whose correctness relies on an explicit ability to model and reason about randomness. Lying at the heart of many widely adopted systems for anonymous communication, these protocols have so-far eluded automated verification techniques. The present work overcomes this long standing obstacle, providing the first framework analyzing randomized security protocols against Dolev-Yao attackers. In this formalism, we present algorithms for model checking safety and indistinguishability properties of randomized security protocols. Our techniques are implemented in the Stochastic Protocol ANalyzer (SPAN) and evaluated on a new suite of benchmarks. Our benchmark examples include a brand new class of protocols that have never been subject of formal (symbolic) verification, including: mix-networks, dinning cryptographers networks, and several electronic voting protocols. During our analysis, we uncover previously unknown vulnerabilities in two popular electronic voting protocols from the literature. The high overhead associated with verifying security protocols, in conjunction with the fact that protocols are rarely run in isolation, has created a demand for modular verification techniques. In our protocol analysis framework, we give a series of composition results for safety and indistinguishability properties of randomized security protocols. Finally, we study the model checking problem for the probabilistic objects that lie at the heart of our protocol semantics. In particular, we present a novel technique that allows for the precise verification of probabilistic computation tree logic (PCTL) properties of discrete time Markov chains (DTMCs) and Markov decision processes (MDPs) at scale. Although our motivation comes from protocol analysis, the techniques further verification capabilities in many application areas

Improving security and efficiency of mix-based anonymous communication systems

The communication layer leaks important private information even in the presence of encryption, which makes anonymous communication a fundamental element of systems that protect the privacy of users. Traffic mixers have long been used to achieve communication anonymity, but the security challenges and the resulted inefficiencies hinder the path to a wide adoption of these systems. In this thesis, we take a step towards improving the security of traffic mixers and building a platform for efficient anonymous communication. We begin by revisiting Binomial Mix, which is one of the most effective designs for traffic mixing proposed to date, and the one that introduced randomness to the behaviour of traffic mixers. When thoroughly examined in different traffic conditions, Binomial Mix proved to be significantly more resilient against attacks than previously believed. We then build on the design of Binomial Mix and propose two new designs for traffic mixers. The first design, Multi-Binomial Shared-Pool Mix (MBSP Mix), employs multiple sources of randomness which results in a behaviour less predictable by the attacker and thus provides a higher degree of anonymity. The second design, Multi-Binomial Independent-Pool Mix (MBIP Mix), enables a single traffic mixer to anonymise multiple communication channels with potentially differing latencies. This additional property significantly improves the security and efficiency of the mix. Moving beyond the design of traffic mixers in isolation, we propose the architecture and details of a generic framework for anonymous communication. The proposed framework consists of various parts designed to enable the integration of various Anonymous Communication Systems as plug-in components into a shared and unified system. In addition to achieving a larger user-base and enjoying its associated security benefits, this approach enables the reusability of components across multiple communication systems. Finally, we also present techniques to make the circuit establishment facility of the framework resistant towards Denial-of-Service attacks. We believe that our work is one step towards building a fully developed generic framework for anonymous communication and our results can inspire and be used for the design of a robust generic framework

Entwicklung und Betrieb eines Anonymisierungsdienstes für das WWW

Die Dissertation erläutert, wie ein Anonymisierungsdienst zu gestalten ist, so daß er für den durchschnittlichen Internetnutzer benutzbar ist. Ein Schwerpunkt dabei war die Berücksichtigung einer möglichst holistischen Sichtweise auf das Gesamtsystem "Anonymisierungsdienst". Es geht daher um die ingenieurmäßige Berücksichtigung der vielschichtigen Anforderungen der einzelnen Interessengruppen. Einige dieser Anforderungen ergeben sich aus einem der zentralen Widersprüche: auf der einen Seite die Notwendigkeit von Datenschutz und Privatheit für den Einzelnen, auf der anderen Seite die ebenso notwendige Überwachbarkeit und Zurechenbarkeit, etwa für die Strafverfolgung. Die Dissertation beschäftigt sich mit dem Aufzeigen und Entwickeln von technischen Möglichkeiten, die zur Lösung dieses Widerspruches herangezogen werden können