Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
From a Trickle to a Flood: Active Attacks on Several Mix Types
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Covert channels and anonymizing networks
Proceedings of the 2003 ACM workshop on Privacy in the electronic society
Statistical disclosure or intersection attacks on anonymity systems
IH'04 Proceedings of the 6th international conference on Information Hiding
Timing channels, anonymity, mixes, and spikes
ACST'06 Proceedings of the 2nd IASTED international conference on Advances in computer science and technology
Hot or not: revealing hidden services by their clock skew
Proceedings of the 13th ACM conference on Computer and communications security
Measuring anonymity with relative entropy
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Anonymity attacks on mix systems: a formal analysis
IH'11 Proceedings of the 13th international conference on Information hiding
Hi-index | 0.00 |
Traditional methods for evaluating the amount of anonymity afforded by various Mix configurations have depended on either measuring the size of the set of possible senders of a particular message (the anonymity set size), or by measuring the entropy associated with the probability distribution of the messages possible senders. This paper explores further an alternative way of assessing the anonymity of a Mix system by considering the capacity of a covert channel from a sender behind the Mix to an observer of the Mix's output. Initial work considered a simple model, with an observer (Eve) restricted to counting the number of messages leaving a Mix configured as a firewall guarding an enclave with one malicious sender (Alice) and some other naive senders (Cluelessi's). Here, we consider the case where Eve can distinguish between multiple destinations, and the senders can select to which destination their message (if any) is sent each clock tick.