1 / 36

Free-route Mixes vs. Cascades

Free-route Mixes vs. Cascades. R. Newman. Topics. Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity Applications of anonymity technology. Free-Route Mix Network. Sender picks route Mix only sees predecessor, successor

lgrissom
Download Presentation

Free-route Mixes vs. Cascades

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Free-route Mixes vs. Cascades R. Newman

  2. Topics • Defining anonymity • Need for anonymity • Defining privacy • Threats to anonymity and privacy • Mechanisms to provide anonymity • Applications of anonymity technology

  3. Free-Route Mix Network • Sender picks route • Mix only sees predecessor, successor • Attacker – global adversary • Passive – eavesdrop only • Active – delay, delete, modify, fabricate msgs • Claim: One honest Mix gives anonymity • Anonymity measure: Anonymity set size • Measure used is log2 (AS(m)) • AS(m) is Anonymity Set for message m

  4. Free-Route Mix Network • OK, One honest Mix works... When? • For passive global adversary • Sort of.... What does attacker still know? • What about participants? • Suppose attacker controls all but one sender... • No anonymity!!! • Unless.... • How do dummy messages help? • Big challenge to prevent n-1 attack • Seems to require registration....

  5. Free-Route Mix Network • Suppose threshold is N = 2 M2 M4 M1 M3

  6. Free-Route Mix Network • Attacker controls n-1 of n senders M2 M4 M1 M3

  7. Free-Route Mix Network • Attacker controls n-1 of n senders • Attacker knows routes it selected! M2 M4 M1 M3

  8. Mix Cascade • Single chain of Mixes for a sender group • All traffic enters first Mix M1 in cascade • All traffic is shuffled and re-encrypted • All traffic is sent from Mi to Mi+1 in cascade • All traffic exits last Mix to destinations M1 M2 M3 M4

  9. Anonymity Set • Relative to a message m • All possible senders of m • If Mix M that forwards m is honest • AS(m) = Union of AS(m’) for all m’ input to M • If Mix that forwards m is corrupt • AS(m) = AS(m’) for input message m’ linked to m

  10. Anonymity Set • Suppose threshold is N = 3 M1 |AS| = 3 |AS| = 9 = 3 + 3+ 3 M2 M4 |AS| = 3 |AS| = 3 M3

  11. Anonymity Set • Suppose threshold is N = 3 M1 |AS| = 3 |AS| = 9 = 3 + 3+ 3 m = msg of interest M2 M4 |AS| = 3 |AS| = 3 M3

  12. Anonymity Set • Suppose threshold is N = 3 • And suppose M3 is corrupt M1 |AS| = 3 |AS| = 7 = 3 + 3+ 1 M2 M4 |AS| = 3 |AS| = 1 M3

  13. Mix Cascade AS • Anonymity Set for cascade is all senders M1 M2 M3 M4

  14. Mix Cascade AS • Anonymity Set for cascade is all senders • Even if all but one Mix is corrupt M1 M2 M3 M4

  15. Intersection Attack • If sequence of messages <mi> = m1, m2,... mn are linked • All go to same destination in short time period • Each message has an associated anonymity set ASi =AS(mi) • The sender of the messages must be in ASi for all i • Hence, AS(<mi>) = intersection(ASi) • If for some i <> j, ASi <> ASi then AS shrinks

  16. Intersection Attack • Suppose threshold is N = 2 M2 M4 M1 M3

  17. Intersection Attack • Suppose threshold is N = 2 M2 M4 M1 M3

  18. Intersection Attack • Suppose threshold is N = 2 M2 M4 M1 M3

  19. Intersection Attack • Suppose threshold is N = 2 M2 M4 M1 M3

  20. Intersection Attack • Some senders are NOT possible! M2 M4 M1 M3

  21. Intersection Attack • Suppose later, link another message to first M2 M4 M1 M3

  22. Intersection Attack • Suppose later, link another message to first M2 M4 M1 M3

  23. Intersection Attack • Suppose later, link another message to first M2 M4 M1 M3

  24. Intersection Attack • Now even fewer senders are possible! M2 M4 M1 M3

  25. Intersection Attack • Suppose yet another message is linked M2 M4 M1 M3

  26. Intersection Attack • Suppose yet another message is linked M2 M4 M1 M3

  27. Intersection Attack • Suppose yet another message is linked M2 M4 M1 M3

  28. Intersection Attack • Suppose yet another message is linked M2 M4 M1 M3

  29. Intersection Attack • Now the AS size is one – no anonymity! M2 M4 M1 M3

  30. Path Length • In a free-route mix network, routing information must be included in the messages • Not so in cascade – all take same route • This limits the maximum path length • If the senders all use the maximum path length allowed, then for a given message m, ... • Senders for shorter paths are excluded • Senders for longer paths are excluded • This reduces the AS size for that message

  31. Free-Route Mix Network • Suppose path length = 2 M2 M4 M1 M3

  32. Free-Route Mix Network • Suppose path length = 2 M2 M4 M1 M3

  33. Free-Route Mix Network • Suppose path length = 2 M2 M4 M1 M3

  34. Free-Route Mix Network • This message can’t be the one – path would be too long! M2 M4 M1 M3

  35. Free-Route Mix Network • This message can’t be the one – path would be too long! • So a sender is eliminated from AS(m) M2 M4 M1 M3

  36. Honest Mix Position • If attacker controls all but one Mix • Attacker can tell where honest Mix is on route • Can then reduce possible sources or destinations based on route length • What is probability that honest Mix is even selected at all for a message’s route? • If multiple messages are sent, do they follow same route or different routes? • If same => more powerful intersection attack? • If different => less likely to always pick honest Mix

More Related