Cryptanalysis and protocol failures
Communications of the ACM
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Web MIXes: a system for anonymous and unobservable Internet access
International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability
Tarzan: a peer-to-peer anonymizing network layer
Proceedings of the 9th ACM conference on Computer and communications security
Introducing MorphMix: peer-to-peer based anonymous Internet usage with collusion detection
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Fundamental Limits on the Anonymity Provided by the MIX Technique
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Sphinx: A Compact and Provably Secure Mix Format
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
SHALON: Lightweight Anonymization Based on Open Standards
ICCCN '09 Proceedings of the 2009 Proceedings of 18th International Conference on Computer Communications and Networks
Security Analysis of AN.ON's Payment Scheme
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Improving efficiency and simplicity of Tor circuit establishment and hidden services
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
On the importance of the key separation principle for different modes of operation
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
On the security of the tor authentication protocol
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
Introducing perfect forward secrecy for AN.ON
EUNICE'10 Proceedings of the 16th EUNICE/IFIP WG 6.6 conference on Networked services and applications: engineering, control and management
Malice versus AN.ON: possible risks of missing replay and integrity protection
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Review: A survey on solutions and main free tools for privacy enhancing Web communications
Journal of Network and Computer Applications
| Hi-index | 0.00 |
This work presents a cryptographic analysis of AN.ON’s anonymization protocols. We have discovered three flaws of differing severity. The first is caused by the fact that the freshness of the session key was not checked by the mix. This flaw leads to a situation where an external attacker is able to perform a replay attack against AN.ON. A second, more severe, error was found in the encryption scheme of AN.ON. An internal attacker controlling the first mix in a cascade of length two is able to de-anonymize users with high probability. The third flaw results from the lack of checks to ensure that a message belongs to the current session. This enables an attacker to impersonate the last mix in a cascade. The flaws we discovered represent errors that, unfortunately, still occur quite often and show the importance of either using standardized crytpographic protocols or performing detailed security analyses.