Security Analysis of AN.ON's Payment Scheme

Authors:
Benedikt Westermann
Affiliations:
Center for Quantifiable Quality of Service, Norwegian University of Science and Technology,
Venue:
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Year:
2009

Citing 4
Cited 1

A logic of authentication

ACM Transactions on Computer Systems (TOCS)
Untraceable electronic mail, return addresses, and digital pseudonyms

Communications of the ACM
Tor: the second-generation onion router

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
PAR: Payment for Anonymous Routing

PETS '08 Proceedings of the 8th international symposium on Privacy Enhancing Technologies

Cryptographic protocol analysis of AN.ON

FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security

Quantified Score

Hi-index	0.01

Visualization

Abstract

In recent years several payment schemes have emerged for anonymous communication systems such as AN.ON and Tor. In this paper we briefly present a payment scheme that is deployed and currently used by AN.ON. The main contribution of this paper is a security analysis of the most important cryptographic protocols involved in the payment process. The analysis of the protocols shows that they contain several weaknesses that need to be addressed to provide a fair service. We show how an attacker can use the weaknesses to surf on other's credits. Finally, we propose a fix for the protocols in order to withstand the encountered attacks.