5,458 research outputs found
Security Analysis of Accountable Anonymity in Dissent
Users often wish to communicate anonymously on the Internet, for example in group discussion or instant messaging forums. Existing solutions are vulnerable to misbehaving users, however, who may abuse their anonymity to disrupt communication. Dining Cryptographers Networks (DC-nets) leave groups vulnerable to denial-of-service and Sybil attacks, mix networks are difficult to protect against traffic analysis, and accountable voting schemes are unsuited to general anonymous messaging. DISSENT is the first general protocol offering provable anonymity and accountability for moderate-size groups, while efficiently handling unbalanced communication demands among users. We present an improved and hardened DISSENT protocol, define its precise security properties, and offer rigorous proofs of these properties. The improved protocol systematically addresses the delicate balance between provably hiding the identities of well-behaved users, while provably revealing the identities of disruptive users, a challenging task because many forms of misbehavior are inherently undetectable. The new protocol also addresses several non-trivial attacks on the original DISSENT protocol stemming from subtle design flaws
Accountable Anonymous Group Messaging
Users often wish to participate in online groups anonymously, but misbehaving
users may abuse this anonymity to spam or disrupt the group. Messaging
protocols such as Mix-nets and DC-nets leave online groups vulnerable to
denial-of-service and Sybil attacks, while accountable voting protocols are
unusable or inefficient for general anonymous messaging.
We present the first general messaging protocol that offers provable
anonymity with accountability for moderate-size groups, and efficiently handles
unbalanced loads where few members have much data to transmit in a given round.
The N group members first cooperatively shuffle an NxN matrix of pseudorandom
seeds, then use these seeds in N "pre-planned" DC-nets protocol runs. Each
DC-nets run transmits the variable-length bulk data comprising one member's
message, using the minimum number of bits required for anonymity under our
attack model. The protocol preserves message integrity and one-to-one
correspondence between members and messages, makes denial-of-service attacks by
members traceable to the culprit, and efficiently handles large and unbalanced
message loads. A working prototype demonstrates the protocol's practicality for
anonymous messaging in groups of 40+ member nodes.Comment: 12 pages, 5 figure
An Accountable Anonymous Data Aggregation Scheme for Internet of Things
The Internet of Things (IoT) has become increasingly popular in people's
daily lives. The pervasive IoT devices are encouraged to share data with each
other in order to better serve the users. However, users are reluctant to share
sensitive data due to privacy concerns. In this paper, we study the anonymous
data aggregation for the IoT system, in which the IoT company servers, though
not fully trustworthy, are used to assist the aggregation. We propose an
efficient and accountable aggregation scheme that can preserve the data
anonymity. We analyze the communication and computation overheads of the
proposed scheme, and evaluate the total execution time and the per-user
communication overhead with extensive simulations. The results show that our
scheme is more efficient than the previous peer-shuffle protocol, especially
for data aggregation from multiple providers
Seeking Anonymity in an Internet Panopticon
Obtaining and maintaining anonymity on the Internet is challenging. The state
of the art in deployed tools, such as Tor, uses onion routing (OR) to relay
encrypted connections on a detour passing through randomly chosen relays
scattered around the Internet. Unfortunately, OR is known to be vulnerable at
least in principle to several classes of attacks for which no solution is known
or believed to be forthcoming soon. Current approaches to anonymity also appear
unable to offer accurate, principled measurement of the level or quality of
anonymity a user might obtain.
Toward this end, we offer a high-level view of the Dissent project, the first
systematic effort to build a practical anonymity system based purely on
foundations that offer measurable and formally provable anonymity properties.
Dissent builds on two key pre-existing primitives - verifiable shuffles and
dining cryptographers - but for the first time shows how to scale such
techniques to offer measurable anonymity guarantees to thousands of
participants. Further, Dissent represents the first anonymity system designed
from the ground up to incorporate some systematic countermeasure for each of
the major classes of known vulnerabilities in existing approaches, including
global traffic analysis, active attacks, and intersection attacks. Finally,
because no anonymity protocol alone can address risks such as software exploits
or accidental self-identification, we introduce WiNon, an experimental
operating system architecture to harden the uses of anonymity tools such as Tor
and Dissent against such attacks.Comment: 8 pages, 10 figure
Hang With Your Buddies to Resist Intersection Attacks
Some anonymity schemes might in principle protect users from pervasive
network surveillance - but only if all messages are independent and unlinkable.
Users in practice often need pseudonymity - sending messages intentionally
linkable to each other but not to the sender - but pseudonymity in dynamic
networks exposes users to intersection attacks. We present Buddies, the first
systematic design for intersection attack resistance in practical anonymity
systems. Buddies groups users dynamically into buddy sets, controlling message
transmission to make buddies within a set behaviorally indistinguishable under
traffic analysis. To manage the inevitable tradeoffs between anonymity
guarantees and communication responsiveness, Buddies enables users to select
independent attack mitigation policies for each pseudonym. Using trace-based
simulations and a working prototype, we find that Buddies can guarantee
non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for
both short-lived and long-lived pseudonyms.Comment: 15 pages, 8 figure
Introducing Accountability to Anonymity Networks
Many anonymous communication (AC) networks rely on routing traffic through
proxy nodes to obfuscate the originator of the traffic. Without an
accountability mechanism, exit proxy nodes risk sanctions by law enforcement if
users commit illegal actions through the AC network. We present BackRef, a
generic mechanism for AC networks that provides practical repudiation for the
proxy nodes by tracing back the selected outbound traffic to the predecessor
node (but not in the forward direction) through a cryptographically verifiable
chain. It also provides an option for full (or partial) traceability back to
the entry node or even to the corresponding user when all intermediate nodes
are cooperating. Moreover, to maintain a good balance between anonymity and
accountability, the protocol incorporates whitelist directories at exit proxy
nodes. BackRef offers improved deployability over the related work, and
introduces a novel concept of pseudonymous signatures that may be of
independent interest.
We exemplify the utility of BackRef by integrating it into the onion routing
(OR) protocol, and examine its deployability by considering several
system-level aspects. We also present the security definitions for the BackRef
system (namely, anonymity, backward traceability, no forward traceability, and
no false accusation) and conduct a formal security analysis of the OR protocol
with BackRef using ProVerif, an automated cryptographic protocol verifier,
establishing the aforementioned security properties against a strong
adversarial model
A Flexible Network Approach to Privacy of Blockchain Transactions
For preserving privacy, blockchains can be equipped with dedicated mechanisms
to anonymize participants. However, these mechanism often take only the
abstraction layer of blockchains into account whereas observations of the
underlying network traffic can reveal the originator of a transaction request.
Previous solutions either provide topological privacy that can be broken by
attackers controlling a large number of nodes, or offer strong and
cryptographic privacy but are inefficient up to practical unusability. Further,
there is no flexible way to trade privacy against efficiency to adjust to
practical needs. We propose a novel approach that combines existing mechanisms
to have quantifiable and adjustable cryptographic privacy which is further
improved by augmented statistical measures that prevent frequent attacks with
lower resources. This approach achieves flexibility for privacy and efficency
requirements of different blockchain use cases.Comment: 6 pages, 2018 IEEE 38th International Conference on Distributed
Computing Systems (ICDCS
Symmetric Disclosure: a Fresh Look at k-Anonymity
We analyze how the sparsity of a typical aggregate social relation impacts
the network overhead of online communication systems designed to provide
k-anonymity. Once users are grouped in anonymity sets there will likely be few
related pairs of users between any two particular sets, and so the sets need to
be large in order to provide cover traffic between them. We can reduce the
associated overhead by having both parties in a communication specify both the
origin and the target sets of the communication. We propose to call this
communication primitive "symmetric disclosure." If in order to retrieve
messages a user specifies a group from which he expects to receive them, the
negative impact of the sparsity is offset
Secure Anonymous Broadcast
In anonymous broadcast, one or more parties want to anonymously send messages
to all parties. This problem is increasingly important as a black-box in many
privacy-preserving applications such as anonymous communication, distributed
auctions, and multi-party computation. In this paper, we design decentralized
protocols for anonymous broadcast that require each party to send (and compute)
a polylogarithmic number of bits (and operations) per anonymous bit delivered
with rounds of communication. Our protocol is provably secure
against traffic analysis, does not require any trusted party, and is completely
load-balanced. The protocol tolerates up to statically-scheduled
Byzantine parties that are controlled by a computationally unbounded adversary.
Our main strategy for achieving scalability is to perform local communications
(and computations) among a logarithmic number of parties. We provide simulation
results to show that our protocol improves significantly over previous work. We
finally show that using a common cryptographic tool in our protocol one can
achieve practical results for anonymous broadcast.Comment: 18 Pages, 1 figur
Arbitrary Length k-Anonymous Dining-Cryptographers Communication
Dining-cryptographers networks (DCN) can achieve information-theoretical
privacy. Unfortunately, they are not well suited for peer-to-peer networks as
they are used in blockchain applications to disseminate transactions and blocks
among participants. In previous but preliminary work, we proposed a threephase
approach with an initial phase based on a DCN with a group size of k while
later phases take care of the actual broadcast within a peer-to-peer network.
This paper describes our DCN protocol in detail and adds a performance
evaluation powered by our proof-of-concept implementation. Our contributions
are (i) an extension of the DCN protocol by von Ahn for fair delivery of
arbitrarily long messages sent by potentially multiple senders, (ii) a privacy
and security analysis of this extension, (iii) various performance optimisation
especially for best-case operation, and (iv) a performance evaluation. The
latter uses a latency of 100 ms and a bandwidth limit of 50 Mbit/s between
participants. The interquartile range of the largest test of the highly secured
version took 35s+-1.25s for a full run. All tests of the optimized common-case
mode show the dissemination of a message within 0.5s+-0.1s. These results
compare favourably to previously established protocols for k-anonymous
transmission of fixed size messages, outperforming the original protocol for
messages as small as 2 KiB.Comment: 11 pages, 7 figure
- …