Benelux meeting on systems and control, 23rd, March 17-19, 2004, Helvoirt, The Netherlands

Book of abstract

New statistical disclosure attacks on anonymous communications networks

Tesis inédita de la Universidad Complutense de Madrid, Facultad de Informática, Departamento de Ingeniería del Software e Inteligencia Artificial, leída el 5-02-2016.El anonimato es una dimensi on de la privacidad en la que una persona se reserva su identidad en las relaciones sociales que mantiene. Desde el punto de vista del area de las comunicaciones electr onicas, el anonimato posibilita mantener oculta la informaci on que pueda conducir a la identi caci on de las partes involucradas en una transacci on. Actualmente, conservar el anonimato en las transacciones de informaci on en red representa uno de los aspectos m as importantes. Con este n se han desarrollado diversas tecnolog as, com unmente denominadas tecnolog as para la mejora de la privacidad. Una de las formas m as populares y sencillas de proteger el anonimato en las comunicaciones entre usuarios son los sistemas de comunicaci on an onima de baja latencia basados en redes de mezcladores. Estos sistemas est an expuestos a una serie de ataques basados en an alisis de tr a co que comprometen la privacidad de las relaciones entre los usuarios participantes en la comunicaci on, esto es, que determinan, en mayor o menor medida, las identidades de emisores y receptores. Entre los diferentes tipos de ataques destacan los basados en la inundaci on de la red con informaci on falsa para obtener patrones en la red de mezcladores, los basados en el control del tiempo, los basados en el contenido de los mensajes, y los conocidos como ataques de intersecci on, que pretenden inferir, a trav es de razonamientos probabil sticos o de optimizaci on, patrones de relaciones entre usuarios a partir de la informaci on recabada en lotes o durante un per odo de tiempo por parte del atacante. Este ultimo tipo de ataque es el objeto de la presente tesis...Anonymity is a privacy dimension related to people's interest in preserving their identity in social relationships. In network communications, anonymity makes it possible to hide information that could compromise the identity of parties involved in transactions. Nowadays, anonymity preservation in network information transactions represents a crucial research eld. In order to address this issue, a number of Privacy Enhancing Technologies have been developed. Low latency communications systems based on networks of mixes are very popular and simple measures to protect anonymity in users communications. These systems are exposed to a series of attacks based on tra c analysis that compromise the privacy of relationships between user participating in communications, leading to determine the identity of sender and receiver in a particular information transaction. Some of the leading attacks types are attacks based on sending dummy tra c to the network, attacks based on time control, attacks that take into account the textual information within the messages, and intersections attacks, that pretend to derive patterns of communications between users using probabilistic reasoning or optimization algorithms. This last type of attack is the subject of the present work. Intersection attacks lead to derive statistical estimations of the communications patterns (mean number of sent messages between a pair of users, probability of relationship between users, etc). These models were named Statistical Disclosure Attacks, and were soon considered able to compromise seriously the anonymity of networks based on mixes. Nevertheless, the hypotheses assumed in the rst publications for the concrete development of the attacks were excessively demanding and unreal. It was common to suppose that messages were sent with uniform probability to the receivers, to assume the knowledge of the number of friends an user has or the knowledge a priori of some network parameters, supposing similar behavior between users, etc...Depto. de Ingeniería de Software e Inteligencia Artificial (ISIA)Fac. de InformáticaTRUEunpu

Joined-Up ICT Innovation in Government: An analysis of the creation of eIDM systems from an Advocacy Coalition and social capital perspective

This chapter introduces the subject of this thesis – joined-up ICT innovation in the public sector. The first section demonstrates that scientists and policy makers fully agree that ICT innovation should be a joint effort involving multiple public sector actors. To solve today’s urgent social problems, specific government agencies have to jointly rethink and improve practices – including their ICTs. However, as section two demonstrates, there are some severe barriers to joined-up ICT innovation. Evaluation studies consistently show that government agencies often fail to realize cooperative change. The third section provides a review of literature that attempts to explain the difficulties. The conclusion is that current public administration theories merely provide a fragmented picture of determining variables. The Advocacy Coalition Framework is introduced as it aims to overcome this theoretical fragmentation. The framework offers a broad overview of all kinds of factors that determine policy change. A confrontation between the variables of the model and innovation literature reveals strong similarities, which indicate that the model can also be applied to ‘innovation’. The fourth section identifies a critique of the social subsystem of the model. Social capital theory is introduced in order to address this critique as it can contribute to the operationalisation of the Advocacy Coalition Framework and hence strengthen its explanatory value. In section five, the unit of analysis is confined to a specific joined-up ICT innovation, namely the joint development of electronic identification systems. Section six defines the central research question, which combines the key elements: (a) the difficulties of joined-up ICT innovations, (b) the use of the Advocacy Coalition Framework to explain those difficulties and (c) social capital theory to enhance the framework. The chapter concludes with the theoretical and social relevance of the study