Statistical Disclosure or Intersection Attacks on Anonymity Systems

“…7 We simulate a population of N users users with f contacts each, to whom they send messages with equal probability (i.e., p j,i = 1/f if i is friends with j, zero otherwise). In order to easily study the influence of the system parameters on the success of the attack, in our simulations we further fix the senders that send messages to each receiver to be f j = f .…”

“…The attack estimates user profiles by solving a Least Squares problem, ensuring that the mean squared error between the real and estimated profiles is minimized. We empirically show that our attack indeed minimizes the mean squared error with respect to heuristic disclosure attack variants [3,7,21], although it performs slightly worse than the Bayesian approach [8] in the scenarios considered in this paper.…”

“…Danezis considers that in each round where Alice sends a message, the recipient anonymity set of this message is uniform over the receivers present in the round (and zero for the rest of users). The SDA was subsequently extended to more complex mixing algorithms [7], to traffic containing replies [5], to consider other users in order to improve the identification of Alice's contacts [14], and to evaluate more complex user models [15].…”

“…A variety of Disclosure or Intersection Attacks [1,3,7,8,11,12,18,19,21] have been proposed to uncover persistent and repeated patterns of communication taking place through a mix. In a nutshell, these attacks find a target user's likely set of friends, also known as user profile, by intersecting the recipient anonymity sets of the messages this user sends.…”

“…Statistical variants [3,7,21] rely on heuristics to operate, while the Bayesian inference-based method by Danezis and Troncoso [8] use Bayesian sampling techniques to recover accurately users' profiles in more complex systems than its predecessors. For any of these attacks it is difficult to obtain analytic results that characterize the dependence of their effectiveness on the parameters of the system, and hence they (as well as their sequels [5,14,15,18]) have been mostly evaluated through simulation.…”

Understanding Statistical Disclosure: A Least Squares Approach

“…7 We simulate a population of N users users with f contacts each, to whom they send messages with equal probability (i.e., p j,i = 1/f if i is friends with j, zero otherwise). In order to easily study the influence of the system parameters on the success of the attack, in our simulations we further fix the senders that send messages to each receiver to be f j = f .…”

“…The attack estimates user profiles by solving a Least Squares problem, ensuring that the mean squared error between the real and estimated profiles is minimized. We empirically show that our attack indeed minimizes the mean squared error with respect to heuristic disclosure attack variants [3,7,21], although it performs slightly worse than the Bayesian approach [8] in the scenarios considered in this paper.…”

“…Danezis considers that in each round where Alice sends a message, the recipient anonymity set of this message is uniform over the receivers present in the round (and zero for the rest of users). The SDA was subsequently extended to more complex mixing algorithms [7], to traffic containing replies [5], to consider other users in order to improve the identification of Alice's contacts [14], and to evaluate more complex user models [15].…”

“…A variety of Disclosure or Intersection Attacks [1,3,7,8,11,12,18,19,21] have been proposed to uncover persistent and repeated patterns of communication taking place through a mix. In a nutshell, these attacks find a target user's likely set of friends, also known as user profile, by intersecting the recipient anonymity sets of the messages this user sends.…”

“…Statistical variants [3,7,21] rely on heuristics to operate, while the Bayesian inference-based method by Danezis and Troncoso [8] use Bayesian sampling techniques to recover accurately users' profiles in more complex systems than its predecessors. For any of these attacks it is difficult to obtain analytic results that characterize the dependence of their effectiveness on the parameters of the system, and hence they (as well as their sequels [5,14,15,18]) have been mostly evaluated through simulation.…”

Understanding Statistical Disclosure: A Least Squares Approach

Anti‐virus in‐the‐cloud service: are we ready for the security evolution?

Anonymity and Covert Channels in Simple Timed Mix-Firewalls