160 likes | 271 Views
Dynamic Anonymity. Emin İ slam Tatl ı , Dirk Stegemann, Stefan Lucks University of Mannheim, Germany. Overview. Mobile Business Research Group Anonymity & Unlinkability Dynamic Anonymity The Framework The Algorithm Future Work. Mobile Business Research Group.
E N D
Dynamic Anonymity Emin İslam Tatlı, Dirk Stegemann, Stefan Lucks University of Mannheim, Germany
Overview • Mobile Business Research Group • Anonymity & Unlinkability • Dynamic Anonymity • The Framework • The Algorithm • Future Work
Mobile Business Research Group Generic platform for context-aware and location-aware mobile business applications • Joint project of 7 research groups at the University of Mannheim • Web: http://www.m-business.uni-mannheim.de/
Context-aware Applications • A Context-aware application considers context when providing its service • Examples • Find a pizza delivery service that can deliver my favourite pizza for less than 8 EUR within 15 minutes to my current location • Locating moving objects (e.g. fleet management) • Locating kids • Indoor navigation in fairs • Panic alarms • Location-based chat/games
Anonymity • Mobile users require to hide their real identity • Anonymity ensures that a user may use a resource or service without disclosing the user's identity • Service providers require a unique representation of users • (partial) Solution • Pseudonymity • Pseudonyms are faked names (e.g. nicknames)
Unlinkability of Pseudonyms • Linkability of pseudonyms may break anonymity • „unlinkability requires that users and/or subjects are unable to determine whether the same user caused certain specific operations in the system“ • Main existing solutions for unlinkability: • Proxies • Mix-net • Peer-to-peer networks
KSP(M) KMix1(KMix2(KMix3(KSP(M)))) SP MC incoming outgoing Mix 3 Mix-Net • Mix: • Computer between sender and receiver • Decrypts messages and forwards to other mix/receiver MIX-NET Mix 1 Mix 2 Mix n
Dynamic Anonymity • Different applications require different anonymity levels • finding the nearest shop vs. mobile dating • Different users require different anonymity levels • Celebrity v.s. a normal person • Performance problems of Mix-net
Configuration Parameters • 6 parameters defined affecting the anonymity level: • encryption type • mix number • path picker • message threshold • dummy message • time delay • Configuration parameters are encoded within policies
Configuration Parameters (cont.) • A sample policy: <policies> <policy id="1" belongsto="app_1"><configuration><encryptionType>symmetric</encryptionType><mixNumber>3</mixNumber><pathPicker>sender</pathPicker><messageThreshold>5</messageThreshold><timeDelay>10</timeDelay><dummyMessage>send</dummyMessage></configuration> </policy></policies>
Future Work • We are currently implementing the anonymity and policy components • Empricial-test for specifying the optimum configurations for individual users and applications • Integrating the anonymity framework within the application framework
References • Jap: Anonymity and privacy tool for internet. URL: http://anon.inf.tu-dresden.de. • The mobile business research group.URL: http://www.m-business.uni-mannheim.de. • Smtp remailers.URL:http://www.freehaven.net/related-comm.html. • The Anonymizer. URL: http://anonymizer.com. • David L. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24(2):84–90, 1981. • Andreas Pfitzmann et al. Anonymity, unobservability, and pseudonymity: A proposal for terminology, July 2000. • Michael Reiter and Aviel Rubin. Crowds: Anonymity for web trans-actions. ACM Transactions on Information and System Security, 1(1), June 1998. • Emin Islam Tatlı, Dirk Stegemann, and Stefan Lucks: Security Challenges of location-aware mobile business, In Proceedings of the 2nd International Workshop on Mobile Commerce and Services, München, 2005. IEEE Computer Society.
Dynamic Anonymity Emin İslam Tatlı, Dirk Stegemann, Stefan Lucks University of Mannheim, Germany