1 / 14

Definition of the Anonymity of Mix Network Runs

This article discusses the anonymity of mix networks and the calculation of anonymity probabilities using a formal model. It explores how information can change while preserving anonymity, and provides insights into generating and erasing real traces to protect against attackers.

barbaradixon
Download Presentation

Definition of the Anonymity of Mix Network Runs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Definition of the Anonymity of Mix Network Runs Andrei Serjantov University of Cambridge Computer Laboratory

  2. B Q R D Metric in Mix Networks (PET 2002) • Metric also useful in mix networks A {(A,0.125), (B,0.125), (C,0.25), (D,0.5)} C

  3. A B C {A,B,C,D} Q R D Route Length (Sets) (PET 2002) • Now we look at how information can change APD, but not the • underlying set • Mix systems, often have a maximum route length (eg Mixmaster)

  4. A Q 1 2 R B 3 S C Route Length (probabilities) (PET 2002) • Max route length = 2. A"1,3,2"Q cannot happen • C"3,2" {Q or R}. S has the anonymity set {A,B} • Q,R still have the anonymity set {A,B,C} but a different anonymity probability distribution (with a lower entropy)

  5. Hence we need a principled way of calculating the anonymity of a message as seen by the attacker!

  6. R2 Sender1 M1 R3 Sender2 M2 Sender3 R1 A Formal Model of a Mix Network • Given a set of input messages, our model can tell us what the mix network will do • (a real trace of events which happen in the network) {(Sender1,[M1,M2],R1) (Sender2,[M1],R2) (Sender3,[M2],R3)}

  7. R2 Sender 1 M1 R3 Sender 2 M2 Sender3 R1 Generating a Real Trace {(Sender1,[M1,M2],R1,C1) (Sender2,[M1],R2,C2) (Sender3,[M2],R3,C3)} [(Sender 1,M 1,MixRecv,C 1),(Sender 2,M 1,MixRecv,C 2) ,(Mix 1,Recv (R 2),RecvRecv,C 2),(Mix 1,M 2,MixRecv,C 1) ,(Sender 3,M 2,MixRecv,C 3) ,(Mix 2,Recv (R 3),RecvRecv,C 3) ,(Mix 2,Recv (R 1),RecvRecv,C 1)]

  8. R2 R2 Sender 1 Sender 1 M1 M1 R3 R3 Sender 2 Sender 2 M2 M2 Sender3 Sender3 R1 R1 Erasing the Real Trace (1) • From this, we can work out what the attacker will observe • (the real get erased to remove the information the attacker cannot see) • We get an erased trace

  9. R2 R2 Sender 1 Sender 1 M1 M1 R3 R3 Sender 2 Sender 2 M2 M2 Sender3 Sender3 R1 R1 Erasing the Real Trace (2) Real trace: [(Sender 1,M 1,MixRecv,C 1),(Sender 2,M 1,MixRecv,C 2) ,(Mix 1,Recv (R 2),RecvRecv,C 2),(Mix 1,M 2,MixRecv,C 1) ,(Sender 3,M 2,MixRecv,C 3),(Mix 2,Recv (R 3),RecvRecv,C 3) ,(Mix 2,Recv (R 1),RecvRecv,C 1)] Erased trace: [(Sender 1,M 1),(Sender 2,M 1),(Mix 1,Recv (R 2)), (Mix 1,M 2),(Sender 3,M 2),(Mix 2,Recv (R 3)),(Mix 2,Recv (R1))]

  10. R2 Sender 1 M1 R3 Sender 2 M2 Sender3 R1 From the Attacker’s Point of View • The attacker has an observation (an erased trace Obs) • He now uses the model to find all the real traces which erase to Obs • Call these All Obs =[(Sender 1,M 1),(Sender 2,M 1),(Mix 1,Recv (R 2)), (Mix 1,M 2),(Sender 3,M 2),(Mix 2,Recv (R 3)), (Mix 2,Recv (R1))]

  11. R2 R2 R2 R2 Sender 1 Sender 1 Sender 1 Sender 1 M1 M1 M1 M1 R3 R3 R3 R3 Sender 2 Sender 2 Sender 2 Sender 2 M2 M2 M2 M2 Sender3 Sender3 Sender3 Sender3 R1 R1 R1 R1 Finding All Scenarios I II IV III In 2 out of the 4 scenarios Sender 3 sent the message to R1

  12. (In ASCII!) [[(Sender 1,M 1,MixRecv,C 1),(Sender 2,M 1,MixRecv,C 2),(Mix 1,Recv (R 2),RecvRecv,C 2),(Mix 1,M 2,MixRecv,C 1),(Sender 3,M 2,MixRecv,C 3),(Mix 2,Recv (R 3),RecvRecv,C 3),(Mix 2,Recv (R 1),RecvRecv,C 1)], [(Sender 1,M 1,MixRecv,C 1),(Sender 2,M 1,MixRecv,C 2),(Mix 1,Recv (R 2),RecvRecv,C 2),(Mix 1,M 2,MixRecv,C 1),(Sender 3,M 2,MixRecv,C 3),(Mix 2,Recv (R 3),RecvRecv,C 1),(Mix 2,Recv (R 1),RecvRecv,C 3)], [(Sender 1,M 1,MixRecv,C 1),(Sender 2,M 1,MixRecv,C 2),(Mix 1,Recv (R 2),RecvRecv,C 1),(Mix 1,M 2,MixRecv,C 2),(Sender 3,M 2,MixRecv,C 3),(Mix 2,Recv (R 3),RecvRecv,C 3),(Mix 2,Recv (R 1),RecvRecv,C 2)], [(Sender 1,M 1,MixRecv,C 1),(Sender 2,M 1,MixRecv,C 2),(Mix 1,Recv (R 2),RecvRecv,C 1),(Mix 1,M 2,MixRecv,C 2),(Sender 3,M 2,MixRecv,C 3),(Mix 2,Recv (R 3),RecvRecv,C 2),(Mix 2,Recv (R 1),RecvRecv,C 3)]]

  13. Probabilities • Suppose: • All senders equally likely to send to all receivers • All routes equally likely to be chosen • All scenarios are equiprobable • For the message which arrives at R1, the anonymity probability distribution is: • {(Sender 1,0.25), (Sender 2, 0.25), (Sender 3,0.5)} • (Glossing over the exact details)

  14. See my PhD Thesis for this and lots of other cool things…

More Related