Fundamentals of Physical Layer Anonymous Communications: Sender Detection and Anonymous Precoding

In the era of big data, anonymity is recognized as an important attribute in privacy-preserving communications. The existing anonymous authentication and routing designs are applied at higher layers of networks, ignoring the fact that physical layer (PHY) also contains privacy-critical information. In this paper, we introduce the concept of PHY anonymity, and reveal that the receiver can unmask the sender’s identity by only analyzing the PHY information, i.e., the signaling patterns and the characteristics of the channel. We investigate two scenarios, where the receiver has more antennas than the sender in the strong receiver case, and vice versa in the strong sender case. For each scenario, we first investigate sender detection strategies at the receiver, and then we develop anonymous precoding to address anonymity while guaranteeing high signal-to-interference-plus-noise-ratio (SINR) for communications. In particular, an interference suppression anonymous precoder is first proposed, assisted by a dedicated transmitter-side phase equalizer for removing phase ambiguity. Afterwards, a constructive interference anonymous precoder is investigated to utilize inter-antenna interference as a beneficial element without loss of the sender’s anonymity. Simulations demonstrate that the anonymous precoders are able to preserve the sender’s anonymity and simultaneously guarantee high SINR, opening a new dimension on PHY anonymous designs

Hang With Your Buddies to Resist Intersection Attacks

Some anonymity schemes might in principle protect users from pervasive network surveillance - but only if all messages are independent and unlinkable. Users in practice often need pseudonymity - sending messages intentionally linkable to each other but not to the sender - but pseudonymity in dynamic networks exposes users to intersection attacks. We present Buddies, the first systematic design for intersection attack resistance in practical anonymity systems. Buddies groups users dynamically into buddy sets, controlling message transmission to make buddies within a set behaviorally indistinguishable under traffic analysis. To manage the inevitable tradeoffs between anonymity guarantees and communication responsiveness, Buddies enables users to select independent attack mitigation policies for each pseudonym. Using trace-based simulations and a working prototype, we find that Buddies can guarantee non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for both short-lived and long-lived pseudonyms.Comment: 15 pages, 8 figure

Anonymous quantum communication

We present the first protocol for the anonymous transmission of a quantum state that is information-theoretically secure against an active adversary, without any assumption on the number of corrupt participants. The anonymity of the sender and receiver is perfectly preserved, and the privacy of the quantum state is protected except with exponentially small probability. Even though a single corrupt participant can cause the protocol to abort, the quantum state can only be destroyed with exponentially small probability: if the protocol succeeds, the state is transferred to the receiver and otherwise it remains in the hands of the sender (provided the receiver is honest).Comment: 11 pages, to appear in Proceedings of ASIACRYPT, 200

Anonymity for practical quantum networks

Quantum communication networks have the potential to revolutionise information and communication technologies. Here we are interested in a fundamental property and formidable challenge for any communication network, that of guaranteeing the anonymity of a sender and a receiver when a message is transmitted through the network, even in the presence of malicious parties. We provide the first practical protocol for anonymous communication in realistic quantum networks.Comment: 5 pages, published versio

Orca: Blocklisting in Sender-Anonymous Messaging

Sender-anonymous end-to-end encrypted messaging allows sending messages to a recipient without revealing the sender’s identity to the messaging platform. Signal recently introduced a sender anonymity feature that includes an abuse mitigation mechanism meant to allow the platform to block malicious senders on behalf of a recipient. We explore the tension between sender anonymity and abuse mitigation. We start by showing limitations of Signal’s deployed mechanism, observing that it results in relatively weak anonymity properties and showing a new griefing attack that allows a malicious sender to drain a victim’s battery. We therefore design a new protocol, called Orca, that allows recipients to register a privacy-preserving blocklist with the platform. Without learning the sender’s identity, the platform can check that the sender is not on the blocklist and that the sender can be identified by the recipient. We construct Orca using a new type of group signature scheme, for which we give formal security notions. Our prototype implementation showcases Orca’s practicality

A Secure and Useful 'Keyless Cryptosystem'

Keyless cryptography is a technique in which the basis of security is the anonymity of the sender. We describe a protocol which fits the technique to realistic communication environments, and extend the security and the range of applications of the technique

Herbivore: A Scalable and Efficient Protocol for Anonymous Communication

Anonymity is increasingly important for networked applications amidst concerns over censorship and privacy. In this paper, we describe Herbivore, a peer-to-peer, scalable, tamper-resilient communication system that provides provable anonymity and privacy. Building on dining cryptographer networks, Herbivore scales by partitioning the network into anonymizing cliques. Adversaries able to monitor all network traffic cannot deduce the identity of a sender or receiver beyond an anonymizing clique. In addition to strong anonymity, Herbivore simultaneously provides high efficiency and scalability, distinguishing it from other anonymous communication protocols. Performance measurements from a prototype implementation show that the system can achieve high bandwidths and low latencies when deployed over the Internet

Toward Anonymity in Delay Tolerant Networks: Threshold Pivot Scheme

Proceedings of the Military Communications Conference (MILCOM 2010), San Jose, CA, October 2010.Delay Tolerant Networks (DTNs) remove traditional assumptions of end-to-end connectivity, extending network communication to intermittently connected mobile, ad-hoc, and vehicular environments. This work considers anonymity as a vital security primitive for viable military and civilian DTNs. DTNs present new and unique anonymity challenges since we must protect physical location information as mobile nodes with limited topology knowledge naturally mix. We develop a novel Threshold Pivot Scheme (TPS) for DTNs to address these challenges and provide resistance to traffic analysis, source anonymity, and sender-receiver unlinkability. Reply techniques adapted from mix-nets allow for anonymous DTN communication, while secret sharing provides a configurable level of anonymity that enables a balance between security and efficiency. We evaluate TPS via simulation on real-world DTN scenarios to understand its feasibility, performance, and overhead while comparing the provided anonymity against an analytically optimal model