On the Trade-Off between Relationship Anonymity and Communication Overhead in Anonymity Networks
Summary (1 min read)
Introduction
- Many communication systems, for example modern industrial networks [1], [2], require high availability between a fixed set of nodes on a pairwise basis.
- Due to the often long life-cycles of industrial systems software corruption is a threat, and the complexity of the code-base makes corruption hard to detect.
- Corrupted nodes that are part of the mix network can perform inside attacks to determine the senderreceiver pair for messages that are relayed through them.
- Anonymity networks can provide some level of relationship anonymity against inside attackers (e.g., [5], [6]) by hiding the sender or the receiver from the relay nodes.
III. MINSTRELS SYSTEM DESCRIPTION
- Minstrels, described below, uses nodes as message relays in the same way as Crowds [6] with the difference that the number of nodes visited by a message is bounded.
- The message, or part of it, is encrypted with the receiver’s public key.
- These initialized nodes are considered as visited so that the message can not be relayed to them.
- Fig. 1 shows another case when the list is initialized with the sender and node C, and the message is forwarded to node B. Node B adds itself to the list and decides to which of the remaining nodes (D,E) to forward the message.
B. Relationship Anonymity Against Inside Attackers
- The authors consider attackers without any a priori knowledge of the system traffic matrix.
- For a given attacker on the path, P(I|H1+) is the probability that the attacker’s predecessor is the sender.
- Let us now turn to the calculation of the probabilities that the attacker correctly identifies the sender-receiver pair (s,r) used in (7).
- The attacker can receive a message with only one node in the list of visited nodes (||L ||= 1), in which case the node in the list is the predecessor.
V. NUMERICAL RESULTS
- In the following the authors use the analytical models described above to get insight into the overhead-anonymity trade-off.
- Hence, for C = 3 the probability that the attacker can assign to the sender decreases faster than the probability P(H1+) of having an attacker on the path increases.
- Figs. 2, 3, 4, and 5 also show the lower bounds for the probabilities Prel(s,r) for Crowds and for Minstrels.
- In general, the best possible relationship anonymity might not be provided by the highest allowable overhead.
Did you find this useful? Give us your feedback
Citations
44 citations
2 citations
Cites background from "On the Trade-Off between Relationsh..."
...In this thesis, in Paper E which extends our earlier work [64], we study how anonymity networks could be used to improve the data availability if face of gray hole attacks....
[...]
1 citations
Cites background from "On the Trade-Off between Relationsh..."
...Minstrels, described in [6], uses nodes as message relays in the same way as Crowds with the difference that the number of nodes visited by a message is bounded....
[...]
...A detailed description of calculating Prel(s,r) can be found in [6]....
[...]
...Second, Minstrels, proposed in [6], which provides bounded message delivery delay by limiting the maximum number of visited nodes for each message, and hides the sender and the receiver among all anonymity network users....
[...]
References
69 citations
35 citations
32 citations
22 citations
"On the Trade-Off between Relationsh..." refers background in this paper
...Crowds was shown to provide optimal sender anonymity for given overhead [7], i....
[...]
Related Papers (5)
Frequently Asked Questions (15)
Q2. What future works have the authors mentioned in the paper "On the trade-off between relationship anonymity and communication overhead in anonymity networks" ?
It is subject of their future work to provide a more complete characterization of the overhead-anonymity trade-off for anonymity networks, including networks that provide probabilistic message delivery.
Q3. How does the sender control the maximum length of the message?
To control the maximum path length (i.e., delay) the sender can initialize the list of visited nodes with a number M ∈ {0, ...,N−1} of the nodes in the system.
Q4. What is the probability of a sender being selected as the receiver?
Since the traffic matrix is homogeneous and attackers are informed about each other, all trusted nodes are equally likely to be the sender, P(S(s)) = 1N−C , and any trusted node (except the sender) is equally likely to be chosen as the receiver, i.e., with probability P(R(r)|S(s)) = 1N−C−1 .
Q5. What is the reason for the probability of having an attacker on the path?
The reason is that as the number of relays increases the probability P(H1+) of having an attacker on the path increases faster than the certainty of the attacker about the identity of the sender-receiver pair decreases.
Q6. What is the probability of a relationship anonymity for a minstrel?
while for Minstrels the relationship anonymity decreases above a certain level of overhead, for Crowds the relationship anonymity improves monotonically.
Q7. How can an attacker reduce the anonymity of the relationship?
The attacker can only decrease the relationship anonymity by knowing the protocol and by observing traffic that goes over the nodes it controls.
Q8. Why does the attacker appear later on the path than for N = 10?
The reason is that for N = 50 the attacker appears later on the path than for N = 10 so the sender does not appear as predecessor that often.
Q9. What is the probability that the attacker assigns to a sender-receiver?
In Minstrels the probability that the attacker assigns to a sender-receiver pair does not only depend on the node that the message is received from, i.e., the predecessor p, but also on the contents of the list of visited nodes (L) that the message carries.
Q10. What is the relationship anonymity vs overhead for Crowds?
5. Relationship anonymity vs. overhead for N = 50, C = 5bounds converge to an asymptote, which corresponds to the case when there is always an attacker on the path (P(H1+) = 1), and the attacker assigns Prel(s,r) = 1(N−C)(N−C−1) to every possible sender-receiver pair.
Q11. What is the probability that a message is sent by an attacker?
Given a message received by an attacker that contains information (||L || = l, ωs ∈ Ωs, ωr ∈ Ωr, and MC = mC) the attacker would identify (s,r) as the sender-receiver pair with probabilityP(R̂(r), Ŝ(s)|ωr,ωs,mC,H1+, l) = P(ωr,ωs, l,mC,H1+|S(s),R(r)) ·P(R(r)|S(s)) ·P(S(s)) ∑(a,b) P(ωr,ωs, l,mC,H1+|S(a),R(b)) ·P(R(b)|S(a)) ·P(S(a)) (11)where the summation in the denominator is over all possible non-attacker sender-receiver pairs (a,b). P(S(s)) is the (a priory) probability that node s sends a message, and P(R(r)|S(s)) is the probability that node s selects node r as the destination of a message.
Q12. Why is the relationship anonymity provided by Crowds worse than the lower bound?
The relationship anonymity provided by Crowds is significantly worse than the lower bound, which is primarily due to the lack of receiver anonymity.
Q13. What is the probability of a node relaying a message?
The mean number of hops for Crowdsis the expected value of a geometric distribution with success probability 1− p f , i.e.,E[K] = p f1− p f +2 (2)where p f is the probability that a node will relay a message.
Q14. What is the probability that the sender is the predecessor of the receiver?
if the sender is the predecessor (s = p) then the receiver cannot be in the list of visited nodes (r ∈ L \\ {p}), because this could only happen if the sender had prefilled the list of visited nodes with the receiver, but then the receiver would never receive the message.
Q15. What is the probability that the first attacker is on position i?
Crowds: For Crowds the first attacker is on position i if the message is first relayed i−1 times through trusted nodes but the last hop is an attacker.