Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Computers and Intractability; A Guide to the Theory of NP-Completeness
Computers and Intractability; A Guide to the Theory of NP-Completeness
Probabilistic Treatment of MIXes to Hamper Traffic Analysis
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Fundamental Limits on the Anonymity Provided by the MIX Technique
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Perfect Matching Disclosure Attacks
PETS '08 Proceedings of the 8th international symposium on Privacy Enhancing Technologies
A Combinatorial Approach for an Anonymity Metric
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Vida: How to Use Bayesian Inference to De-anonymize Persistent Communications
PETS '09 Proceedings of the 9th International Symposium on Privacy Enhancing Technologies
The bayesian traffic analysis of mix networks
Proceedings of the 16th ACM conference on Computer and communications security
Towards an information theoretic metric for anonymity
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Dummy traffic against long term intersection attacks
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Two-sided statistical disclosure attack
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Statistical disclosure or intersection attacks on anonymity systems
IH'04 Proceedings of the 6th international conference on Information Hiding
The hitting set attack on anonymity protocols
IH'04 Proceedings of the 6th international conference on Information Hiding
Practical traffic analysis: extending and resisting statistical disclosure
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
Understanding statistical disclosure: a least squares approach
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
You cannot hide for long: de-anonymization of real-world dynamic behaviour
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society
Hi-index | 0.00 |
The Minimal-Hitting-Set attack (HS-attack) [10] is a well-known passive intersection attack againstMix-based anonymity systems, applicable in cases where communication behaviour is non-uniform and unknown. The attack allows an observer to identify uniquely the fixed set of communication partners of a particular user by observing the messages of all senders and receivers using a Mix. Whilst the attack makes use of a provably minimal number of observations, it also requires solving an NP-complete problem. No prior research, to our knowledge, analyses the average complexity of this attack as opposed to its worst case. We choose to explore the HS-attack, as opposed to statistical attacks, to provide a baseline metric and a practical attack for unambiguously identifying anonymous users. We show that the average complexity of the HS-attack can vary between a worst-case exponential complexity and a linear-time complexity according to the Mix parameters. We provide a closed formula for this relationship, giving a precise measure of the resistance of Mixes against the HS-attack in practice, and allowing adjustment of their parameters to reach a desired level of strength.