On traffic analysis in anonymous communication networks

Zhu, Ye

02 June 2009

In this dissertation, we address issues related to traffic analysis attacks and the engineering in anonymous communication networks. Mixes have been used in many anonymous communication systems and are supposed to provide countermeasures that can defeat various traffic analysis attacks. In this dissertation, we first focus on a particular class of traffic analysis attack, flow correlation attacks, by which an adversary attempts to analyze the network traffic and correlate the traffic of a flow over an input link at a mix with that over an output link of the same mix. Two classes of correlation methods are considered, namely time-domain methods and frequency-domain methods. We find that a mix with any known batching strategy may fail against flow correlation attacks in the sense that, for a given flow over an input link, the adversary can correctly determine which output link is used by the same flow. We theoretically analyze the effectiveness of a mix network under flow correlation attacks. We extend flow correlation attack to perform flow separation: The flow separation attack separates flow aggregates into either smaller aggregates or individual flows. We apply blind source separation techniques from statistical signal processing to separate the traffic in a mix network. Our experiments show that this attack is effective and scalable. By combining flow separation and frequency spectrum matching method, a passive attacker can get the traffic map of the mix network. We use a non-trivial network to show that the combined attack works. The second part of the dissertation focuses on engineering anonymous communication networks. Measures for anonymity in systems must be on one hand simple and concise, and on the other hand reflect the realities of real systems. We propose a new measure for the anonymity degree, which takes into account possible heterogeneity. We model the effectiveness of single mixes or of mix networks in terms of information leakage and measure it in terms of covert channel capacity. The relationship between the anonymity degree and information leakage is described, and an example is shown.

traffic analysis

anonymity

Measuring and circumventing Internet censorship

Winter, Philipp

January 2014

An ever increasing amount of governments, organisations, and companies employ Internet censorship in order to filter the free flow of information.  These efforts are supported by an equally increasing number of companies focusing on the development of filtering equipment. Only what these entities consider right can pass the filters. This practice constitutes a violation of the Universal Declaration of Human Rights and hampers progress.  This thesis contributes novel techniques to measure and to circumvent Internet censorship. In particular, we 1) analyse how the Great Firewall of China is blocking the Tor network by using active probing techniques as well as side channel measurements, we 2) propose a concept to involve users in the process of censorship analysis, we 3) discuss the aptitude of a globally-deployed network measurement platform for censorship analysis, and we 4) propose a novel circumvention protocol. We attach particular importance to practicality and usability. Most of the techniques proposed in this thesis were implemented and some of them are deployed and used on a daily basis.  We demonstrate that the measurement techniques proposed in this thesis are practical and useful by applying them in order to shed light on previously undocumented cases of Internet censorship. We employed our techniques in three countries and were able to expose previously unknown censorship techniques and cooperation between a corporation and a government for the sake of censorship. We also implemented a circumvention protocol which was subsequently deployed and is used to evade the Great Firewall of China.

tor

censorship

circumvention

anonymity

Anonymity and Linkability

January 2018

acase@tulane.edu / This thesis considers systems for anonymous communication between users of a cybersystem. Specifically, we consider the scenario where communications generated by the same user repeatedly over time can or must be linked. Linked user behavior can leak information, which adversaries can use to de-anonymize users. Analyzing linked behavior can also generate information about the use of anonymity protocols that can be valuable for research, leading to more effective protocols. But techniques to collect such data must include assurances that the methods and outputs do not compromise user privacy. A main result of this thesis is an anonymity protocol called Private Set-Union Cardinality, designed to aggregate linked private user data safely. We prove that Private Set-Union Cardinality securely calculates the noisy cardinality of the union of a collection of distributed private data sets. This protocol is intended to take measurements in real-world anonymity systems like Tor and we prove it is secure even if a majority of the participants are dishonest as well as under general concurrent composition. The remaining results analyze path selection in anonymous routing systems. To obtain our results, we develop a mathematical framework to measure information leakage during repeated linkable path selection and propose new metrics: a radius that measures worst-case behavior, and a neighborhood graph that visualizes degradation of the system over time as a whole. We use these metrics to derive theoretical upper bounds on an adversary's accuracy in de-anonymization. Finally, we investigate an attack where users can be de-anonymized due to the information an adversary learns when failing to observe some event. We call these occurrences non-observations and we develop a theory of non-observations in anonymous routing systems, deriving theoretical bounds on the information leakage due to this behavior in the general case and for Tor. / 1 / Ellis Fenske

Anonymity

Privacy

Cryptography

A Metric for Anonymity based on Subjective Logic

Bni, Asmae

January 2014

Anonymity metrics have been proposed to evaluate anonymity preserving systems by estimating the amount of information displayed by these systems due to vulnerabilities. A general metric for anonymity that assess the latter systems according to the mass and quality of information learned by an attacker or a collaboration of attackers is proposed here. The proposed metric is based on subjective logic, a generalization of evidence and probability theory. As a consequence, we proved based on defined scenarios that our metric provide a better interpretation of uncertainty in the measure and it is extended to combine various sources of information using subjective logic operators. Also, we demonstrate that two factors: trust between collaborating attackers and time can influence significantly the metric result when taking them into consideration.

Anonymity

subjective logic

trust

IDeM: an identity-driven middleware for interoperable and heterogeneous systems

FERRAZ, Felipe Silva

09 September 2016

Submitted by Rafael Santana (rafael.silvasantana@ufpe.br) on 2017-08-30T18:59:54Z No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) Thesis_final_v8_final.pdf: 3606329 bytes, checksum: 9eb076ad648eb48bf1a1cac89fb53d9b (MD5) / Made available in DSpace on 2017-08-30T18:59:54Z (GMT). No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) Thesis_final_v8_final.pdf: 3606329 bytes, checksum: 9eb076ad648eb48bf1a1cac89fb53d9b (MD5) Previous issue date: 2016-09-09 / In mid-2000s, for the first time in human history, urban cities started to harbor more than half of world's population. The concept of Smart Cities emerged in such context. Smart Cities can be defined as an urban environment where innovative services under an available infrastructure are provided to citizens with the use of information technology (IT). However, even though people use and take advantage of available information, there is a natural resistance to disclosure and expose personal data, which will get known by other citizens and businesses. This generates a sense of insecurity and privacy loss. This thesis explores information security issues related to identity and identifier management and proposes a solution that guarantees the privacy and anonymity of users within interoperable and heterogeneous environments. This thesis proposes a solution based on the creation of a multi identity environment, in which a user has different identities, for different systems using the same identifier, that way it is possible to connect with different services, solutions and others, using the same login but having different representations within each solution, that will guarantee privacy, different level of security and interoperability. The proposed solution is demonstrated through the creation of a middleware within the context of smart cities. Finally, this thesis presents a set of experiments that use the proposed middleware to protect citizens’ sensitive data. / Em meados dos anos 2000, pela primeira vez na história da humanidade, as grandes cidades começaram a abrigar mais da metade da população mundial. É no contexto dessa mudança que surge o conceito de Smart Cities, tal conceito pode ser definido como um ambiente urbano onde, com uso de tecnologia da informação, serviços inovadores e com infraestrutura disponível, são fornecidos para os cidadãos. Em contra ponto a essa dinâmica está o fato de que essas mesmas pessoas, que fazem uso das informações, tem uma resistência natural relacionada a divulgação de seus dados, e que estes sejam expostos e conhecidos por demais cidadões e empresas, gerando um cenário de insegurança e perda de privacidade. Este trabalho explora problemas de segurança da informação relacionados a gerenciamento de identidade e identificadores, propõe a criação de uma solução que permita manter a privacidade e o anonimato de usuários, ainda que anônimo, dentro de ambientes interoperáveis e heterogêneos. Essa tese propõe um solução baseada na creação de um ambiente multi identidade, no qual um usuário terá diferentes identidades, para diferentes sistemas, usando o mesmo identificador, dessa forma é possivel garantir a conexão com diferentes serviços, soluções e outros componentes, usando o mesmo login, por exemplo, porém tendo diferentes representações em cada solução, isso garantirá, entre outros, privacidade, diferentes niveis de segurança e interoperabilidade. Tal solução será descrita na forma de um middleware explorado dentro do contexto de cidades inteligente. Por fim, este trabalho apresentará um conjuntos de experimentos que utilizam o middleware, para proteger dados confidenciais dos cidadãos.

Anonymity and Anti-Gay Aggression in an Online Sample: The Effect of an Audience on Gender Role Enforcement

Goodnight, Bradley

09 May 2016

This study tested the hypotheses that 1) authoritarian and traditionally masculine men respond to depictions of male-male intimacy with anger, 2) this anger predicts aggression toward gay men, and 3) anonymity moderates this effect. Data from 978 men were collected from Amazon Mechanical Turk, an online participant pool and survey delivery mechanism. Results from SEM analyses confirmed hypotheses 1 and 2, indicating that traditionally masculine and authoritarian men experience anger in response to a video clip depicting male-male intimacy, b = .22, SE = .08, p < .01, and that this anger predicts greater aggression against a gay male target than a heterosexual target, b = .53, SE = .17, p < .01. The hypothesis that anonymity influences the link between anger and aggression was not supported.

Authoritarianism

Aggression

Masculinity

Anonymity

Homophobia

Anonimiškumas baudžiamajame procese: teorija ir praktika / Witness anonymity in criminal process: theory and practice

Česonytė, Milda

26 June 2013

Liudytojų anonimiškumas - procesinė apsaugos priemonė, kurią taikant siekiama apsaugoti liudytoją nuo nusikalstamo poveikio bei gauti teisingus parodymus, minimaliai ribojant fundamentalią kaltinamojo teisę į gynybą ir teisingą teismą. Tiek anonimiškumo taikymas, tiek jo modelio pasirinkimas turi būti atliekami laikantis konstitucinio proporcingumo principo. Liudytojui apsaugoti turi būti sudaryta procesinių apsaugos priemonių sistema, sudaryta iš anonimiškumo modelių bei formų, garantuojančių veiksmingą tiek liudytojo, tiek kaltinamojo teisių užtikrinimą. Lietuvos baudžiamajame procese įtvirtinta liudytojo apsaugos sistema susidedanti iš absoliutaus ir dalinio anonimiškumo taikymo. Absoliutaus anonimiškumo modelis taikomas vykstant baudžiamajam procesui dėl labai sunkių, sunkių ar apysunkių nusikaltimų, taikant turi būti įsitikinta liudytojo patikimumu. Dalinio anonimiškumo modelis, kurio metu įslaptinama tik dalis asmenį identifikuojančių duomenų, gali būti taikomas ir tiriant nesunkius nusikaltimus. Taikant šį anonimiškumo modelį yra mažiau ribojamos kaltinamojo teisės, racionaliau panaudojamas pareigūnų darbas, procesas yra operatyvesnis ir greitesnis nei absoliutaus anonimiškumo taikymo atveju. / Witness anonymity is a procedural safeguard. It‘s aim is to protect a witness from criminal influence and to get truthful testimony. The fundamental rights of the accused to defence and to fair trial must be minimally restricted when applying anonymity. The application of anonymity and the choice of anonymity model shall be made in accordance with constitutional principle of proportionality. There shall be a system of procedural safeguards containing models and forms of anonymity created for witness protection. The rights of both accused and of witness shall be ensured by this system. Witness protection system containing absolute and limited anonymity models is enshrined in the Lithuanian code of criminal proceedings. Absolute anonymity is applied when serious offences are investigated. Before applying absolute anonymity the credibility of a witness must be confirmed. Limited anonymity can be applied also when less serious offences are investigated; there is only a part of identifying data classified. When applying model of limited anonymity the rights of the accused are less restricted, the operation of officers is used more rationally, the criminal proceedings are faster than when absolute anonymity is used.

Law

Liudytojo anonimiškumas

Nukentėjusiojo anonimiškumas

Abosliutus anonimiškumas

Dalinis anonimiškumas

Witness anonymity

Victim anonymity

Absolute anonymity

Partial/limited anonymity

Completely Anonymous Buyer-Seller Watermarking Protocols

Chen, Ming-Te

25 July 2005

Digital watermarking is one of the most popular technologies for protecting the ownerships of digital contents or products. By embedding digital watermarks into digital contents, the owners of the contents can convince the judge or the trusted third party of their ownership of the contents. However, some attacks, such as the binding attacks and the men-in-the-middle attacks, are threatening the security of the watermarking mechanisms. Moreover, that the privacy of content buyers is not fully protected or the dispute between the buyers and the sellers cannot be fairly resolved also reduce the quality of the services. Although several buyer-seller watermarking protocols have been introduced in the literature, none can cope with all of the above problems. In this thesis, we will propose a novel buyer-seller watermarking protocol that can resolve the dispute between the buyers and the sellers fairly. Furthermore, not only is the proposed protocol immune to all of the known attacks, but it is truly buyer anonymous as well.

Anonymity

Digital signatures

Cryptography

Digital watermarking

Anonymity Protection and Access Control in Mobile Network Environment

January 2016

abstract: Wireless communication technologies have been playing an important role in modern society. Due to its inherent mobility property, wireless networks are more vulnerable to passive attacks than traditional wired networks. Anonymity, as an important issue in mobile network environment, serves as the first topic that leads to all the research work presented in this manuscript. Specifically, anonymity issue in Mobile Ad hoc Networks (MANETs) is discussed with details as the first section of research. To thoroughly study on this topic, the presented work approaches it from an attacker's perspective. Under a perfect scenario, all the traffic in a targeted MANET exhibits the communication relations to a passive attacker. However, localization errors pose a significant influence on the accuracy of the derived communication patterns. To handle such issue, a new scheme is proposed to generate super nodes, which represent the activities of user groups in the target MANET. This scheme also helps reduce the scale of monitoring work by grouping users based on their behaviors. The first part of work on anonymity in MANET leads to the thought on its major cause. The link-based communication pattern is a key contributor to the success of the traffic analysis attack. A natural way to circumvent such issue is to use link-less approaches. Information Centric Networking (ICN) is a typical instance of such kind. Its communication pattern is able to overcome the anonymity issue with MANET. However, it also comes with its own shortcomings. One of them is access control enforcement. To tackle this issue, a new naming scheme for contents transmitted in ICN networks is presented. This scheme is based on a new Attribute-Based Encryption (ABE) algorithm. It enforces access control in ICN with minimum requirements on additional network components. Following the research work on ABE, an important function, delegation, exhibits a potential security issue. In traditional ABE schemes, Ciphertext-Policy ABE (CP-ABE), a user is able to generate a subset of authentic attribute key components for other users using delegation function. This capability is not monitored or controlled by the trusted third party (TTP) in the cryptosystem. A direct threat caused from this issue is that any user may intentionally or unintentionally lower the standards for attribute assignments. Unauthorized users/attackers may be able to obtain their desired attributes through a delegation party instead of directly from the TTP. As the third part of work presented in this manuscript, a three-level delegation restriction architecture is proposed. Furthermore, a delegation restriction scheme following this architecture is also presented. This scheme allows the TTP to have full control on the delegation function of all its direct users. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2016

Computer science

Access Control

Anonymity

Mobile Network

Enhancing Censorship Resistance in the Tor Anonymity Network

Winter, Philipp

January 2014

Baksidestext The Tor network was originally designed as low-latency anonymity network.However, as the years progressed, Tor earned a reputation as also being a useful tool to circumvent Internet censorship. At times, the network counted 30,000 users only from China. Censors reacted by tightening their grip on the national communication infrastructure. In particular, they developed techniques to prevent people from being able to access the Tor network. This arms race now counts several iterations and no end is in sight. This thesis contributes to a censorship-resistant Tor network in two ways. First, it analyses how existing censorship systems work. In particular, the Great Firewall of China is analysed in order to obtain an understanding of its capabilities as well as to explore circumvention opportunities. Second, this thesis proposes practical countermeasures to circumvent Internet censorship. In particular, it presents a novel network protocol which is resistant to the Great Firewall's active probing attacks.

tor

censorship

anonymity

network

Computer Systems

Datorsystem