Crowds: anonymity for Web transactions
ACM Transactions on Information and System Security (TISSEC)
A protocol for anonymous communication over the Internet
Proceedings of the 7th ACM conference on Computer and communications security
Anonymity, unobservability, and pseudeonymity — a proposal for terminology
International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability
ISDN-MIXes: Untraceable Communication with Small Bandwidth Overhead
Kommunikation in Verteilten Systemen, Grundlagen, Anwendungen, Betrieb, GI/ITG-Fachtagung
Limits of Anonymity in Open Environments
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
ANODR: anonymous on demand routing with untraceable routes for mobile ad-hoc networks
Proceedings of the 4th ACM international symposium on Mobile ad hoc networking & computing
Probabilistic Analysis of Anonymity
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Mixminion: Design of a Type III Anonymous Remailer Protocol
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
The predecessor attack: An analysis of a threat to anonymous communications systems
ACM Transactions on Information and System Security (TISSEC)
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Denial of service or denial of security?
Proceedings of the 14th ACM conference on Computer and communications security
Sphinx: A Compact and Provably Secure Mix Format
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
The bayesian traffic analysis of mix networks
Proceedings of the 16th ACM conference on Computer and communications security
Sampled traffic analysis by internet-exchange-level adversaries
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
The wisdom of crowds: attacks and optimal constructions
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Providing mobile users' anonymity in hybrid networks
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Breaking four mix-related schemes based on universal re-encryption
ISC'06 Proceedings of the 9th international conference on Information Security
Malice versus AN.ON: possible risks of missing replay and integrity protection
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Hi-index | 0.00 |
We present traffic analyses of two anonymous communications schemes that build on the classic Crowds/Hordes protocols. The AJSS10 [1] scheme combines multiple Crowds-like forward channels with a Hordes reply channel in an attempt to offer robustness in a mobile environment. We show that the resulting scheme fails to guarantee the claimed k-anonymity, and is in fact more vulnerable to malicious peers than Hordes, while suffering from higher latency. Similarly, the RWS11 [15] scheme invokes multiple instances of Crowds to provide receiver anonymity. We demonstrate that the sender anonymity of the scheme is susceptible to a variant of the predecessor attack [21], while receiver anonymity is fully compromised with an active attack. We conclude that the heuristic security claims of AJSS10 and RWS11 do not hold, and argue that composition of multiple anonymity channels can in fact weaken overall security. In contrast, we provide a rigorous security analysis of Hordes under the same threat model, and reflect on design principles for future anonymous channels to make them amenable to such security analysis.