Trust in Crowds: probabilistic behaviour in anonymity protocols

The existing analysis of the Crowds anonymity protocol assumes that a participating member is either ‘honest’ or ‘corrupted’. This paper generalises this analysis so that each member is assumed to maliciously disclose the identity of other nodes with a probability determined by her vulnerability to corruption. Within this model, the trust in a principal is defined to be the probability that she behaves honestly. We investigate the effect of such a probabilistic behaviour on the anonymity of the principals participating in the protocol, and formulate the necessary conditions to achieve ‘probable innocence’. Using these conditions, we propose a generalised Crowds-Trust protocol which uses trust information to achieves ‘probable innocence’ for principals exhibiting probabilistic behaviour

Enhancing Crowds to Support Truly Anonymous FTP Transactions

Ensuring privacy on the Internet is one of the most daunting challenges that we presently face. Crowds is the implementation of an approach to provide privacy to web transactions. The system\u27s strategy is to seek concealment through numbers. A crowd consists of a collection of users that intend to participate in web exchanges; each user being represented by a process on their machine called a jondo. The jondo either submits the request to the server or forwards it to another jondo. The randomly achieved sequence of jondos that traverse the distance from the initiator to the server provides degrees of anonymity. The present version of Crowds employs HTTP as its sole protocol to secure anonymity with the exception of embedded protocols. It is the intention of this thesis to extend this system\u27s capability by adding the FTP protocol to its cache of viable protocols traversing the Crowd\u27s implementation

Counterexample Generation in Probabilistic Model Checking

Providing evidence for the refutation of a property is an essential, if not the most important, feature of model checking. This paper considers algorithms for counterexample generation for probabilistic CTL formulae in discrete-time Markov chains. Finding the strongest evidence (i.e., the most probable path) violating a (bounded) until-formula is shown to be reducible to a single-source (hop-constrained) shortest path problem. Counterexamples of smallest size that deviate most from the required probability bound can be obtained by applying (small amendments to) k-shortest (hop-constrained) paths algorithms. These results can be extended to Markov chains with rewards, to LTL model checking, and are useful for Markov decision processes. Experimental results show that typically the size of a counterexample is excessive. To obtain much more compact representations, we present a simple algorithm to generate (minimal) regular expressions that can act as counterexamples. The feasibility of our approach is illustrated by means of two communication protocols: leader election in an anonymous ring network and the Crowds protocol

Privacy-preserving Transactions on the Web

There is a rapid growth in the number of applications using sensitive and personal information on the World Wide Web. This growth creates an urgent need to maintain the anonymity of the participants in many web transactions and to preserve the privacy of their sensitive data during data dissemination over the web. First, maintaining the anonymity of users on the World Wide Web is essential for a number of web applications. Anonymity cannot be assured by single interested individuals or an organization but requires participation from other web nodes owned by other entities. Second, preserving the privacy of sensitive data is another very important issue in web transactions. Today, exchanging and sharing personal data between various participants in web transactions endangers privacy. In this article, we discuss various research directions and challenges that need to be addressed while trying to accomplish our goal of maintaining the anonymity of participants and preserving the privacy of sensitive data in web transactions. To maintain anonymity of participants in a web transaction, we propose a method based on the modi fied form of the club mechanism with economic incentives, a solution which rests upon the Prisoner’s Dilemma approach. We compare our approach to other well-known dat a-sharing approaches such as Crowds, Tor, Tarzan and LPWA. To maintain the privacy of sensitive data, we propose a solution based on privacy-preserving data dissemination (P2D2). We also present a solution to implement our approach using Semantic Web Rule Languages and Jena—a Java-based inference engine

Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview of key systems, as well as key insights for designers of future systems. We show that decentralized designs can enhance privacy, integrity, and availability but also require careful trade-offs in terms of system complexity, properties provided, and degree of decentralization. These trade-offs need to be understood and navigated by designers. We argue that a combination of insights from cryptography, distributed systems, and mechanism design, aligned with the development of adequate incentives, are necessary to build scalable and successful privacy-preserving decentralized systems