THE UNIVERSITY OF CALGARY A Practical Buses Protocol for Anonymous Network Communication

THE UNIVERSITY OF CALGARY A Practical Buses Protocol for Anonymous Network Communication (2004)

Cached

Download Links

by Andreas Hirt , C Andreas Hirt

BibTeX

@MISC{Hirt04theuniversity,
    author = {Andreas Hirt and C Andreas Hirt},
    title = {THE UNIVERSITY OF CALGARY A Practical Buses Protocol for Anonymous Network Communication},
    year = {2004}
}

Bookmark

OpenURL

Abstract

The need to communicate anonymously over the Internet has increased with the proliferation of networked computers. Applications such as military communications, Web browsing, e-voting, and e-counseling for victims of abuse all require anonymous communication. Without anonymity, individuals may refrain from communicating for fear of retribution, potentially resulting in social, psychological, or financial losses, or even the loss of life. This thesis contains a comprehensive survey and analysis of anonymous commu-nication schemes. Analysis of the prior literature shows that there is no secure and scalable anonymous communication scheme. Previous literature has only analyzed each scheme for a subset of the known attacks. In this thesis, the analysis is extended to assess the anonymity capabilities of these schemes with respect to all known at-tacks. It is shown that none of the scalable anonymous communication schemes are secure. The thesis contains a description of the design, implementation, and evaluation

Citations

2762	Handbook of Applied Cryptography - Menezes, Oorschot, et al. - 1996 (Show Context) Citation Context ...or it or place messages on the bus to be delivered to another node. By encrypting the messages, only the intended recipient can recover messages intended for it. If a semantically secure cryptosystem =-=[26]-=- is used, then an adversary cannot distinguish in polynomial time whether data on the bus is the encryption of a valid message or random data, and thus cannot even determine whether communication is t...
1692	Distributed Algorithms - Lynch - 1996 (Show Context) Citation Context ...ns. If a bus already exists, then it sends the 2-tuple reply {public key, IP} to the sender. If a bus does not exist, in addition to sending the 2-tuple reply the node initiates a leadership election =-=[25]-=-; a broadcast77sconvergecast of public keys. The leader is the node who has the largest public key and once elected creates a bus and forwards it. In order to determine if a bus exists, each node incl...
1317	Untraceable electronic mail, return addresses, and digital pseudonyms - Chaum - 1981 (Show Context) Citation Context ...response, and the identity of the party to whom the student is communicating could be authenticated. The need for anonymity has motivated many different anonymous communication schemes: Chaum’s Mixes =-=[7]-=-, Onion routing [34, 41, 42, 43], Crowds [35], Hordes [38], Lucent Personalized Web Assistant (LPWA) [15], Anonymizer [2], Remailer [10] (types 0,1, and 2), Babel [18], Buses [4], DC-Net [8], Xor-tree...
725	Crowds: Anonymity for web transactions - Reiter, Rubin - 1998 (Show Context) Citation Context ...hom the student is communicating could be authenticated. The need for anonymity has motivated many different anonymous communication schemes: Chaum’s Mixes [7], Onion routing [34, 41, 42, 43], Crowds =-=[35]-=-, Hordes [38], Lucent Personalized Web Assistant (LPWA) [15], Anonymizer [2], Remailer [10] (types 0,1, and 2), Babel [18], Buses [4], DC-Net [8], Xor-trees [13], Peer-to-peer Personal Privacy Protoco...
475	The dining cryptographers problem: Unconditional sender and recipient untraceability - Chaum - 1988
296	Anonymous Connections and Onion Routing - Reed, Syverson, et al. - 1998 (Show Context) Citation Context ...dentity of the party to whom the student is communicating could be authenticated. The need for anonymity has motivated many different anonymous communication schemes: Chaum’s Mixes [7], Onion routing =-=[34, 41, 42, 43]-=-, Crowds [35], Hordes [38], Lucent Personalized Web Assistant (LPWA) [15], Anonymizer [2], Remailer [10] (types 0,1, and 2), Babel [18], Buses [4], DC-Net [8], Xor-trees [13], Peer-to-peer Personal Pr...
249	Anonymous connections and onion routing - Goldschlag, Reed - 1997 (Show Context) Citation Context ...dentity of the party to whom the student is communicating could be authenticated. The need for anonymity has motivated many different anonymous communication schemes: Chaum’s Mixes [7], Onion routing =-=[34, 41, 42, 43]-=-, Crowds [35], Hordes [38], Lucent Personalized Web Assistant (LPWA) [15], Anonymizer [2], Remailer [10] (types 0,1, and 2), Babel [18], Buses [4], DC-Net [8], Xor-trees [13], Peer-to-peer Personal Pr...
215	The security of the cipher block chaining message authentication code - Bellare, Kilian, et al. - 2000 (Show Context) Citation Context ...ges per minute with random sizes from 1 to 2048 bytes, arriving according to a Poisson arrival process. The individual mean for each node when N ∈ [2, 4] is 30/N messages per minute. However, for N ∈ =-=[5, 14]-=- two heavy traffic nodes (elephants) node1 and node⌊N/2+1⌋ average 7.5 messages per minute each and the other nodes average 30/(2 ∗ N) messages per minute. The number of indirection layers for each me...
176	Random walks, universal traversal sequences, and the complexity of maze problems - Aleliunas, Karp, et al. - 1979 (Show Context) Citation Context ... an anonymous message to another random node to perform the multicast or broadcast on behalf of the anonymous sender. For an unknown topology, the bus can perform a random walk in expected time O(nm) =-=[1]-=-, where n is the number of nodes in the graph and m is 39sthe number of edges. An active adversary can add, delete, or modify messages and anonymous communication still succeeds. In order for the anon...
170	Mixing E-mail with Babel - Gulcu, Tsudik - 1996
114	PGP user's guide - Zimmerman - 1992 (Show Context) Citation Context ... that is needed as a secret key is stored in plaintext. When using the proxy mode of operation, the user’s password is sent to the proxy mix in plaintext. In proxy mode, it is recommended that 30sPGP =-=[47]-=- be used in conjunction with Babel to protect the password. In addition, it is recommended to use PGP for the original message that is sent to the receiver to hide the message contents during the firs...
103	A Protocol for Anonymous Communication over the Internet - Shields, Levine - 2000 (Show Context) Citation Context ...ze. This attack is not applicable to broadcast techniques that send messages directly to the receiver because there is no message size to trace as it is routed through the network. • Time correlation =-=[7, 9, 10, 18, 37, 38, 41]-=-. If no mixing techniques are enforced, a global eavesdropper can trace a packet from sender to receiver. This defeats all types of anonymity. The attack is stopped by using mixing techniques. This at...
57	Multithreaded Programming With PThreads - Lewis, Berg - 1997 (Show Context) Citation Context ...t combinations are reserved for future developments. • number of seats — This field informs a node receiving a bus of the bus size. 5.3 Multi-threading The bus server is multi-threaded using Pthreads =-=[23]-=-, a multi-threaded library that is simultaneously an IEEE Standard, an ISO/IEC Standard, and an Open Group Technical Standard [32]. Pthreads was chosen because it is supported by most hardware vendors...
50	Networks without user observability - Pfitzmann, Waidner - 1986 (Show Context) Citation Context ...ion patterns. In this thesis, we are only concerned with connection anonymity. There are four types of connection anonymity, each of which may be required for various applications. • Sender anonymity =-=[29]-=- keeps the identity of the sender anonymous. Sender anonymity is required for applications such as anonymous e-mail, e-voting, anonymous web-surfing, and e-counseling for victims of abuse. • Receiver ...
33	Onion Routing access configurations - Syverson, Reed, et al. - 2000
31	Buses for anonymous message delivery - Beimel, Dolev - 2001 (Show Context) Citation Context ...chemes: Chaum’s Mixes [7], Onion routing [34, 41, 42, 43], Crowds [35], Hordes [38], Lucent Personalized Web Assistant (LPWA) [15], Anonymizer [2], Remailer [10] (types 0,1, and 2), Babel [18], Buses =-=[4]-=-, DC-Net [8], Xor-trees [13], Peer-to-peer Personal Privacy Protocol (P 5 ) [37], Pipenet [30] and Freedom [14], some of which are surveyed in [6, 9, 17]. These anonymous communication schemes provide...
23	An optimal strategy for anonymous communication protocols - Guan, Fu, et al. - 2002 (Show Context) Citation Context ..., Remailer [10] (types 0,1, and 2), Babel [18], Buses [4], DC-Net [8], Xor-trees [13], Peer-to-peer Personal Privacy Protocol (P 5 ) [37], Pipenet [30] and Freedom [14], some of which are surveyed in =-=[6, 9, 17]-=-. These anonymous communication schemes provide different 2skinds of anonymity, are meant for different application domains, utilize different techniques to provide anonymity, and have different stren...
22	XOR-trees for Efficient Anonymous Multicast and Reception - Dolev, Ostrovsky (Show Context) Citation Context ...Onion routing [34, 41, 42, 43], Crowds [35], Hordes [38], Lucent Personalized Web Assistant (LPWA) [15], Anonymizer [2], Remailer [10] (types 0,1, and 2), Babel [18], Buses [4], DC-Net [8], Xor-trees =-=[13]-=-, Peer-to-peer Personal Privacy Protocol (P 5 ) [37], Pipenet [30] and Freedom [14], some of which are surveyed in [6, 9, 17]. These anonymous communication schemes provide different 2skinds of anonym...
17	A Protocol for Scalable Anonymous Communication - Sherwood, Bhattacharjee, et al. - 2002 (Show Context) Citation Context ...[38], Lucent Personalized Web Assistant (LPWA) [15], Anonymizer [2], Remailer [10] (types 0,1, and 2), Babel [18], Buses [4], DC-Net [8], Xor-trees [13], Peer-to-peer Personal Privacy Protocol (P 5 ) =-=[37]-=-, Pipenet [30] and Freedom [14], some of which are surveyed in [6, 9, 17]. These anonymous communication schemes provide different 2skinds of anonymity, are meant for different application domains, ut...
15	Mixmaster and remailer attacks - Cottrell - 1994 (Show Context) Citation Context ...are no input/output times at intermediate proxies to correlate. Also, the attack does not apply to Buses because time correlations only reveal bus route(s), not message patterns. 52s• Low load attack =-=[4, 10, 18]-=- (also similar to Volume attack [41]). If the anonymous communication scheme does not enforce a minimum level of traffic via dummy messages, then under low load conditions all anonymity types are stat...
15	Receiver anonymity via incomparable public keys - Waters, Felten, et al. (Show Context) Citation Context ...cannot be achieved together. Anonymity revocation requires centralized trusted parties. Performance Improvements to the protocol’s performance are also possible. For example, incomparable public keys =-=[46]-=- could obviate the need for a receiver to decrypt all bus seats with both its private key and anonymous private key. Instead, a single private key could be used decrypt ciphertexts that are produced w...
12	Solutions for anonymous communication on the Internet - Claessens, Preneel, et al. - 1999 (Show Context) Citation Context ..., Remailer [10] (types 0,1, and 2), Babel [18], Buses [4], DC-Net [8], Xor-trees [13], Peer-to-peer Personal Privacy Protocol (P 5 ) [37], Pipenet [30] and Freedom [14], some of which are surveyed in =-=[6, 9, 17]-=-. These anonymous communication schemes provide different 2skinds of anonymity, are meant for different application domains, utilize different techniques to provide anonymity, and have different stren...
11	On secure and pseudonymous client-relationships with multiple servers - Gabber, Gibbons, et al. - 1999
10	editors. Privacy Enhancing Technologies - Dingledine, Syverson - 2002 (Show Context) Citation Context ...dentity of the party to whom the student is communicating could be authenticated. The need for anonymity has motivated many different anonymous communication schemes: Chaum’s Mixes [7], Onion routing =-=[34, 41, 42, 43]-=-, Crowds [35], Hordes [38], Lucent Personalized Web Assistant (LPWA) [15], Anonymizer [2], Remailer [10] (types 0,1, and 2), Babel [18], Buses [4], DC-Net [8], Xor-trees [13], Peer-to-peer Personal Pr...
3	Randomness Testing of the Advanced Encryption Standard Finalist Candidates - Sotto, Bassaham - 2000 (Show Context) Citation Context ... is unknown how to distinguish symmetric ciphertexts such as AES encryptions from random data in polynomial time, largely because ciphertexts produced by the AES block cipher are statistically random =-=[39]-=-. For clarity, even though the hybrid encryption scheme is modular, for the rest of the thesis assume that the hybrid encryption scheme consists of RSA-OAEP/CBC-AES. 1024-bit keys are used for RSA-OAE...
2	Survey and analysis of anonymous communication schemes - Hirt, Jacobson, et al. - 2003 (Show Context) Citation Context ...e, and has manageable overhead. 1.4 Thesis Contributions There are four main contributions in this thesis: • The thesis contains a comprehensive survey and analysis of anonymous communication schemes =-=[19]-=-. Analysis shows that all of the schemes except DCNet are vulnerable to at least one attack. Several attack susceptibilities not previously published in the literature are found. In addition, a reposi...
2	RSA-OAEP Encryption Scheme — Algorithm Specification and Supporting Documentation - Laboratories - 2000 (Show Context) Citation Context ...yer of the indirected encrypted message in our protocol consists of a session key encrypted using an asymmetric cipher with Optimal Asymmetric Encryption Padding (OAEP), such as the 1024-bit RSA-OAEP =-=[21]-=- public-key encryption scheme, followed by the inner layer encrypted using the session key with a symmetric cipher, such as 128-bit AES [27]. The salt field at the beginning of each encryption layer d...
2	RSA Signature Scheme with Appendix — Probabilistic Signature Scheme - Laboratories - 2000 (Show Context) Citation Context ...ons to the contents of a seat, malicious or otherwise, the entire contents of each seat are digitally signed with a signature scheme with appendix such as RSA-SSA (RSA Signature Scheme with Appendix) =-=[22]-=-. 76s4.4 Fault Tolerance The Practical Buses protocol should be able to handle lost or corrupted seats/buses, whether the losses or corruptions are intentional or not. To handle lost or corrupted seat...
1	Anonymizing the net - Berghel, Womack (Show Context) Citation Context ..., Remailer [10] (types 0,1, and 2), Babel [18], Buses [4], DC-Net [8], Xor-trees [13], Peer-to-peer Personal Privacy Protocol (P 5 ) [37], Pipenet [30] and Freedom [14], some of which are surveyed in =-=[6, 9, 17]-=-. These anonymous communication schemes provide different 2skinds of anonymity, are meant for different application domains, utilize different techniques to provide anonymity, and have different stren...
1	An Improved Buses Protocol for Anonymous Communication - Hirt, Jr, et al. - 2004 (Show Context) Citation Context ...ends, dynamic bus size, seat expiration, and reduced seat decryptions are all added to improve performance. • A proof-of-concept prototype of the Practical Buses protocol is implemented and evaluated =-=[20]-=-. To the best of the author’s knowledge, this is the first implementation of any Buses protocol. Experimental analysis of the Practical 6sBuses protocol confirms that the protocol is scalable, and dem...
1	AES implementation - Stefanek - 2000 (Show Context) Citation Context ...1] and [22], respectively. For SHA-1, a subcomponent of RSA-SSA and RSA-OAEP, public-domain software was used from RFC 3174 [36]. The CBC-AES component uses public-domain software written by Stefanek =-=[40]-=-. The GNU Multiple Precision arithmetic library (GMP) version 4.1.1 [16] is used by the encryption components for multi-precision arithmetic. GMP was chosen because of its emphasis on fast implementat...