Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking
Proceedings of the 11th USENIX Security Symposium
Limits of Anonymity in Open Environments
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Mixminion: Design of a Type III Anonymous Remailer Protocol
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Information hiding, anonymity and privacy: a modular approach
Journal of Computer Security - Special issue on WITS'02
Measuring Anonymity: The Disclosure Attack
IEEE Security and Privacy
Two-sided statistical disclosure attack
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Practical traffic analysis: extending and resisting statistical disclosure
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
Vida: How to Use Bayesian Inference to De-anonymize Persistent Communications
PETS '09 Proceedings of the 9th International Symposium on Privacy Enhancing Technologies
The reverse statistical disclosure attack
IH'10 Proceedings of the 12th international conference on Information hiding
Quantifying location privacy: the case of sporadic location exposure
PETS'11 Proceedings of the 11th international conference on Privacy enhancing technologies
A practical complexity-theoretic analysis of mix systems
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Understanding statistical disclosure: a least squares approach
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
You cannot hide for long: de-anonymization of real-world dynamic behaviour
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Hi-index | 0.00 |
Traffic analysis is the best known approach to uncover relationships amongst users of anonymous communication systems, such as mix networks. Surprisingly, all previously published techniques require very specific user behavior to break the anonymity provided by mixes. At the same time, it is also well known that none of the considered user models reflects realistic behavior which casts some doubt on previous work with respect to real-life scenarios. We first present a user behavior model that, to the best of our knowledge, is the least restrictive scheme considered so far. Second, we develop the Perfect Matching Disclosure Attack, an efficient attack based on graph theory that operates without any assumption on user behavior. The attack is highly effective when de-anonymizing mixing rounds because it considers all users in a round at once, rather than single users iteratively. Furthermore, the extracted sender-receiver relationships can be used to enhance user profile estimations. We extensively study the effectiveness and efficiency of our attack and previous work when de-anonymizing users communicating through a threshold mix. Empirical results show the advantage of our proposal. We also show how the attack can be refined and adapted to different scenarios including pool mixes, and how precision can be traded in for speed, which might be desirable in certain cases.