How to Bypass Two Anonymity Revocation Schemes

Danezis, George; Sassaman, Len

doi:10.1007/978-3-540-70630-4_12

Cited by 6 publications

(3 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The system also introduces an external proxy to inspect all outbound traffic for correct signatures and protocol compliance. The inspector has been criticized for centralizing traffic flows, which enables DOS, censorship, and increases observability [29].…”

Section: A Accountable Anonymity Mechanismsmentioning

confidence: 99%

“…It is tailored to highlatency mix networks and requires a trusted authority to issue credentials-both impede deployability. Danezis and Sassaman [29] demonstrate a bypass attack on this and the Kopsell et al scheme [11]. The attack is based on the protocols' assumption that there can be no leakage of information from inside the channel to the world unless it passes through the verification step.…”

Section: A Accountable Anonymity Mechanismsmentioning

confidence: 99%

See 1 more Smart Citation

Introducing Accountability to Anonymity Networks

Backes,

Clark,

Druschel

et al. 2013

Preprint

View full text Add to dashboard Cite

Many anonymous communication (AC) networks rely on routing traffic through proxy nodes to obfuscate the originator of the traffic. Without an accountability mechanism, exit proxy nodes risk sanctions by law enforcement if users commit illegal actions through the AC network. We present BACKREF, a generic mechanism for AC networks that provides practical repudiation for the proxy nodes by tracing back the selected outbound traffic to the predecessor node (but not in the forward direction) through a cryptographically verifiable chain. It also provides an option for full (or partial) traceability back to the entry node or even to the corresponding user when all intermediate nodes are cooperating. Moreover, to maintain a good balance between anonymity and accountability, the protocol incorporates whitelist directories at exit proxy nodes. BACKREF offers improved deployability over the related work, and introduces a novel concept of pseudonymous signatures that may be of independent interest.We exemplify the utility of BACKREF by integrating it into the onion routing (OR) protocol, and examine its deployability by considering several system-level aspects. We also present the security definitions for the BACKREF system (namely, anonymity, backward traceability, no forward traceability, and no false accusation) and conduct a formal security analysis of the OR protocol with BACKREF using ProVerif, an automated cryptographic protocol verifier, establishing the aforementioned security properties against a strong adversarial model.

show abstract

Section: A Accountable Anonymity Mechanismsmentioning

confidence: 99%

Section: A Accountable Anonymity Mechanismsmentioning

confidence: 99%

Introducing Accountability to Anonymity Networks

Backes,

Clark,

Druschel

et al. 2013

Preprint

View full text Add to dashboard Cite

show abstract

“…Since Chaum's seminal work, many researchers have developed re-routing based anonymity systems, including Crowds [26], Freedom [34], Tor [7], Tarzan [10], GAP/GNUnet [2], Herbivore [30], P5 [28], Hordes [16], Slicing [13], and JAP [12]. Over time, researchers have developed attacks of ever-increasing sophistication, involving techniques such as timing analysis [15,27,29] and broad spectrum traffic analysis [22,25], and have found weaknesses in systems designed to enable forensic support [5]. From a design perspective, AHP bears closest resemblance to CPP, a system that hierarchically encrypts IPv6 addresses to obtain privacy [32], and Anonymizer [1] and Proxify [24], which provide commercial application-level anonymization proxying.…”

Section: Related Workmentioning

confidence: 99%

Enlisting ISPs to Improve Online Privacy: IP Address Mixing by Default

Raghavan

Kohno

Snoeren

et al. 2009

Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract. Today's Internet architecture makes no deliberate attempt to provide identity privacy-IP addresses are, for example, often static and the consistent use of a single IP address can leak private information to a remote party. Existing approaches for rectifying this situation and improving identity privacy fall into one of two broad classes: (1) building a privacy-enhancing overlay layer (like Tor) that can run on top of the existing Internet or (2) research into principled but often fundamentally different new architectures. We suggest a middle-ground: enlisting ISPs to assist in improving the identity privacy of users in a manner compatible with the existing Internet architecture, ISP best practices, and potential legal requirements 1 .

show abstract