There is, I think, something ethereal about i —the square root of minus one. I remember first hearing about it at school. It seemed an odd beast at that time—an intruder hovering on the edge of reality.

Usually familiarity dulls this sense of the bizarre, but in the case of i it was the reverse: over the years the sense of its surreal nature intensified. It seemed that it was impossible to write mathematics that described the real world in …

I and i

2 1 The innovative transport systems and the CityMobil project 10 1.1 The research questions 10 2 The state of art in the field of automatic transport systems 12 2.1 Case studies and demand studies for innovative transport systems 12 3 The design and implementation of surveys 14 3.1 Definition of experimental design 14 3.2 Questionnaire design and delivery 16 3.3 First analyses on the collected sample 18 4 Calibration of Logit Multionomial demand models 21 4.1 Methodology 21 4.2 Calibration of the “full” model. 22 4.3 Calibration of the “final” model 24 4.4 The demand analysis through the final Multinomial Logit model 25 5 The analysis of interaction between the demand and socioeconomic attributes 31 5.1 Methodology 31 5.2 Application of Mixed Logit models to the demand 31 5.3 Analysis of the interactions between demand and socioeconomic attributes through Mixed Logit models 32 5.4 Mixed Logit model and interaction between age and the demand for the CTS 38 5.5 Demand analysis with Mixed Logit model 39 6 Final analyses and conclusions 45 6.1 Comparison between the results of the analyses 45 6.2 Conclusions 48 6.3 Answers to the research questions and future developments 52

The European commission

We present Tor, a circuit-based low-latency anonymous communication service. This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points. Tor works on the real-world Internet, requires no special privileges or kernel modifications, requires little synchronization or coordination between nodes, and provides a reasonable tradeoff between anonymity, usability, and efficiency. We briefly describe our experiences with an international network of more than 30 nodes. We close with a list of open problems in anonymous communication.

/pdf/tor-the-second-generation-onion-router-2qfrg0ppqb.pdf

Tor: the second-generation onion router

Social Network Analysis

National Institute of Standards and Technology における超伝導研究及び生活

Peer discovery and route set-up are an integral part of the processes by which anonymizing peer-to-peer systems are made secure. When systems are large, and individual nodes only gain random knowledge of part of the network, their traffic can be detected by the uniqueness of the information they have learnt. We discuss this problem, which occurred in the initial design of Tarzan, and other related problems from the literature.

/pdf/route-fingerprinting-in-anonymous-communications-53m319briw.pdf

Route Fingerprinting in Anonymous Communications

This work casts the traffic analysis of anonymity systems, and in particular mix networks, in the context of Bayesian inference. A generative probabilistic model of mix network architectures is presented, that incorporates a number of attack techniques in the traffic analysis literature. We use the model to build an Markov Chain Monte Carlo inference engine, that calculates the probabilities of who is talking to whom given an observation of network traces. We provide a thorough evaluation of its correctness and performance, and confirm that mix networks with realistic parameters are secure. This approach enables us to apply established information theoretic anonymity metrics on complex mix networks, and extract information from anonymised traffic traces optimally.

/pdf/the-bayesian-traffic-analysis-of-mix-networks-3ge2gy30ro.pdf

The bayesian traffic analysis of mix networks

In the Second World War, traffic analysis was used by the British at Bletchley Park to assess the size of Germany’s air-force, and Japanese traffic analysis countermeasures contributed to the surprise of their 1941 attack on Pearl Harbour. Nowadays, Google uses the incidence of links to assess the relative importance of web pages, credit card companies examine transactions to spot fraudulent patterns of spending, and amateur plane-spotters revealed the CIA’s ‘extraordinary rendition’ programme. Diffie and Landau, in their book on wiretapping, went so far as to say that “traffic analysis, not cryptanalysis, is the backbone of communications intelligence” [1]. However, until recently the topic has been neglected by Computer Science academics. A rich literature discusses how to secure the confidentiality, integrity and availability of communication content, but very little work has considered the information leaked from communications ‘traffic data’ and how these compromises might be minimised. Traffic data records the time and duration of a communication, and traffic analysis examines this data to determine the detailed shape of the communication streams, the identities of the parties communicating, and what can be established about their locations. The data may even be sketchy or incomplete – simply knowing what ‘typical’ communication patterns look like can be used to infer information about a particular observed communication. Civilian infrastructures, on which state and economic actors are increasingly reliant, are ever more vulnerable to traffic analysis: wireless and GSM telephony are replacing traditional systems, routing is transparent and protocols are overlaid over others – giving plenty of opportunity to observe, and take advantage of the traffic data. Concretely, an attacker can make use of this

/pdf/introducing-traffic-analysis-478rjvc5xw.pdf

Introducing Traffic Analysis

Because it is difficult to predict access needs in advance and the limitations of formal policy languages it is difficult to completely define an access control policy ahead of the actual use. We suggest the use of an policy language which allows for override of denied access in some cases for increased flexibility. The overrides should be audited and we suggest that the access control policy can be used for finding the people who should perform the audit.

Towards a Mechanism for Discretionary Overriding of Access Control. Authors' reply

We present the Vida family of abstractions of anonymous communication systems, model them probabilistically and apply Bayesian inference to extract patterns of communications and user profiles. The first is a very generic Vida Black-box model that can be used to analyse information about all users in a system simultaneously, while the second is a simpler Vida Red-Blue model, that is very efficient when used to gain information about particular target senders and receivers. We evaluate the Red-Blue model to find that it is competitive with other established long-term traffic analysis attacks, while additionally providing reliable error estimates, and being more flexible and expressive. © 2009 Springer Berlin Heidelberg.

George Danezis

Papers

Route Fingerprinting in Anonymous Communications

The bayesian traffic analysis of mix networks

Introducing Traffic Analysis

Towards a Mechanism for Discretionary Overriding of Access Control. Authors' reply

Vida: How to use bayesian inference to de-anonymize persistent communications