190 likes | 461 Views
Anonymity. Joint work with: Dalia Malkhi, Ofer Margoniski, Ezra Hoch at various points. What is anonymity. Anonymity is the ability to do something without being caught. Anonymity is per action Anonymity is always defined by an adversary model. Related concepts.
E N D
Anonymity Joint work with: Dalia Malkhi, Ofer Margoniski, Ezra Hoch at various points.
What is anonymity • Anonymity is the ability to do something without being caught. • Anonymity is per action • Anonymity is always defined by an adversary model.
Related concepts • Pseudo-anonymity – the ability to do something without being discovered (but the adversary by detect repetition of actions)
Type of anonymity • Sender • Receiver • Publisher (broadcast model) • Unlinkability • Unobservability
How to achieve it • Third party. • DC • Mix-nets • Onion • AMPC • Crowds • New stuff
Third party • Use a trusted third party to send things forward. • Advantages – cheap and easy. • Disadvantages – who to trust A paranoid is a man who know a little of what is going on (William S. Burroughs)
DC nets • Optional
Mix-nets • Basic idea – use a server to mix a set of messages. Each message is encrypted via a PKI so that only its recipient can read it. • In order to avoid traffic analysis it is encrypted in addition with the servers PKI. • Use a series of n servers to achieve anonymity (up to n-1 colluding servers)
AMPC • AMPC can be seen as a variant of mixnets in which crypto is done via distribution (Markus Jakobsson)
Onion Mixs • In order to avoid having to go through all of the mixes onion-mixes were developed. • In an onion-mix the first server who recieves a set of messages builds a random path through a set of mixs to the final mix who distributes the messages.
Problems • Traffic analysis. • Sets of messages move through the system together allowing an adversaryu to connect them. • If the first onion is corrupt the system is compromised.
Our protocl • Allow the users to choose paths. • Let n be the number of servers in the system of which b<n/2 are corrupt and m the number of messages. • Each user choose a random path of length logn. The message is encrypted so that each server can only tell the next server what the message is.
Our protocol (cont) • Each time two messages meet in a good server they get mixed up (in a good way). Since there are an expected O(logn) good servers in the chain and each time a message is in a good server its anonymity set doubles the size of the anonymity set is an expected m messages.
Variants • If the chain is chosen to be length log^2 (or larger by an o(n) factor) the anonymity set is O(m) whp. • If the chain is chosen to be shorter we get an anonymity set of a constant fraction of m.
Analysis Advantages: • Uses a small set of servers thereby having less overhead for the servers. • Users can control level of anonymity. • A corrupt (first) server is not harmful. Drawbacks • There is a non-zero probability that the anonymity is compromised.
Threshold cryptography • Threshold cryptography allows one to share the power of a cryptosystem. Threshold cryptography distinguishes itself from secure distributed computation by being non-interactive. • In threshold cryptography we can require that a group of any size act in order to encrypt/decrypt.
Why is this interesting? (for anonymity) • Using notation as before we can use a threshold scheme such that b+lgn users need to decrypt the message. A user encrypts the message using this scheme and sends it to a random server. The server forwards the message to a random server ala crowds.
Variants • The logn factor in the b+logn can be played with to get a smaller anonymity set.
Analysis • The scheme guarantees anonymity. Drawbacks • The scheme utilizes a complex primitive of threshold cryptography.