Anonymous Communication -- a brief survey Pan Wang North Carolina State University 1 Outline • • • • Why anonymous communication Definitions of anonymities Traffic analysis attacks Some anonymous communication protocols for Internet • Some anonymous communication schemes for MANET and sensor networks • Potential research problems 2 Why Anonymous Communication • Privacy issue • Some covert missions may require anonymous communication • In hostile environments, end-hosts may need hidden their communications to against being captured 3 Anonymity in terms of unlinkability* • Sender anonymity – A particular message is not linkable to any sender and that to a particular sender, no message is linkable • Recipient anonymity – A particular message cannot be linked to any recipient and that to a particular recipient, no message is linkable • Relationship anonymity – The sender and the recipient cannot be identified as communicating with each other, even though each of them can be identified as participating in some communication. • A. Pfizmann and M. Waidner, Networks without User Observability. Computers & Security 6/2 (1987) 158-166 4 Traffic Analysis Attacks against an Anonymous Communication System • Contextual attacks – Communication pattern attacks – Packet counting attacks – Intersection attack • • • • • Brute force attack Node flushing attack Timing attacks Massage tagging attack On flow marking attack 5 Some Anonymous Communication Protocols for Internet • Mix-NET – Feb 1981, D. Chaum • Crowd – June 1997, Michael K. Reiter and Aviel D. Rubin • Tarzan – Nov 2002, Michael J. Freedman and Robert Morris • K-Anonymous Message Transmission – Oct, 2003, Luis von Ahn, Andrew Bortz and Nicholas J. Hopper 6 Mix-NET* • Basic idea: – Traffic sent from sender to destination should pass one or more Mixes – Mix relays data from different end-to-end connections, reorder and re-encrypt the data – So, incoming and outgoing traffic cannot be related • *D. Chaum, Untraceable Electric Mail, Return Address and Digital Pseudonyms, Communication of A.C.M 24.2 (Feb 1981), 84-88 7 Mix-NET (cont-1) 8 Mix-NET (cont-2) •MIX1 •MIX2 •MIX3 Trust one mix server: the entire Mix-NET provides anonymity 9 Crowds* • P2P anonymizer network for Web Transactions • Uses a trusted third party (TTP) as centralized crowd membership server (“blender”) • Provides sender anonymity and relationship anonymity *M. Reiter and A. Rubin, Crowd: Anonymity for Web Transactions. ACM Transactions on Information and System Security, 1(1) June 1998 10 Crowd (cont) A nodes decide randomly whether to forward the request to another node or to send it to the server Webserver 11 Tarzan* • All nodes act as relays, Mix-net encoding • Each node selects a set of mimics • Tunneling data traffic through mimics • Exchanging cover traffic with mimics – Constant packet sending rate and uniformed packet size • Network address translator • Anonymity against corrupt relays and global eavesdropping M. Freedman and R. Morris, Tarzan: A Peer-to-Peer Anonymizing Network Layer, CCS 2002, Washington DC 12 Tarzan (cont-1) PNAT User 13 Tarzan (Cont-2) PNAT User Real IP Address Tunnel Private Address Public Alias Address 14 k-Anonymous Message Transmission* • Based on secure multiparty sum protocol • Local group broadcast • The adversaries, trying to determine the sender/receiver of a particular message, cannot narrow down its search to a set of k suspects • Robust against selective non-participations • L.Ahn, A.Bortz and N.Hopper, k-Anonymous Message Transmission, CCS 2003, Washington DC 15 k-Anonymous Message Transmission (cont) •Group-D •Group-S 16 Some anonymous communication schemes for MANET and sensor networks • Anonymous on demand routing (ANODR) – Jun 2003, Jiejun Kong and Xiaoyan Hong • Phantom flooding protocol – Jun 2005, Pandurang Kamat, Yanyong Zhang, Wade Trappe and Celal Ozturk 17 ANODR* • Assuming salient adversaries • Broadcast with trapdoor • Route pseudonym • J.Kong and X.Hong, ANODR: Anonymous On Demand Routing with Untraceable for Mobile Ad-hoc Networks, MobiHoc, 2003, Annapolis, MD 18 ANODR (cont) 19 Source-Location Privacy in Sensor network • Network model: – A sensor reports its measurement to a centralized base station (sink) • Attack model: – Adversaries may use RF localization to hop-byhop traceback to the source’s location • Why location privacy 20 Phantom Flooding Protocol* • Random work plus local broadcast P. Kamat, et. al., Enhancing Source-Location Privacy in Sensor Network Routing, ICDCS 2005, Columbus, OH 21 Potential Research Problems • Anonymity vs accountability • Detect malicious users • Efficiency vs anonymity • More? 22 Questions? 23