1. Ways to reduce the risks of Crowds and further study of web anonymity By: Manasi N Pradhan

2. We have seen the paper ‘Crowds: Anonymity for web transactions’ by Michael K. Reiter and Aviel Rubin. Problem trying to solve: We will see particular limitations of crowds and try to propose an effective way to reduce the probability of these limitations being exploited by the attackers. We ll also look briefly at some other methods in use that provide anonymity over the web. Approach: As mentioned in the proposal, I am mainly researching paper related to crowds. Finding if other methods to counter these limitations are proposed and study them. Making a unifying report of the crowds and related works, and suggesting different ways to increase the anonymity provided by the crowds. Also, papers related to Anonymizer, TOR, Tarzan are taken into consideration.

3. CROWD SECURITY- ATTACKS Local Eavesdropper: With local eavesdropper, the sender anonymity is exposed as message in is not equal to message out. If the local eavesdropper collaborated with other jondos, tracking a particular message will be easy. If the attacker is lucky enough, even the receiver web server will be known. Suggested solution: If the senders send dummy messages in a random manner, the local eavesdroppers while collaborating with the other jondos, can be thrown off their trail. (the local eavesdropper will still sense that the message is sent). Maybe the dummy messages will not be directed to the web servers at all, merely the address of some other jondo is given in the destination address. As a result, the message will go in a loop to some intermediate jondo. This can also confuse the global passive adversary. (But paths are not dynamic. What to do?)

4. CROWD SECURITY- ATTACKS Collaborating jondos: With collaborating jondos, the main goal is to expose the sender, but they can only suspect the previous jondo, unless the sender is explicitly mentioned in the plain text. Also, as the address of the end server is known to the jondos, the end server is exposed to the attacker. Suggested solution: There can be one more layer of protection before the web servers, called as end jondos. Instead of writing the address of the end servers, the address of these jondos are mentioned in the destination addresses. The address of the end server is also added, but is encrypted by the end jondo’s public key. This jondo can decrypt the address of the end server and can forward the message. (The anonymity of end server is still threatened by local eavesdropper attacking the end jondo as it will forward the message with probability of 1 and not flip the coin)

5. CROWD SECURITY- ATTACKS Other types of attacks: Active attacks by collaborating jondos like changing the requests to the web server Denial of service attacks But these attacks do not affect the anonymity directly. Firewalls too pose a problem. Brief Review of improves on this related research: Anonymizer LPWA- Lucent Personalized Web Assistant TOR- The Onion Routing Tarzan : A peer to peer approach to web anonymity

6. http://avirubin.com/crowds.pdf http://www.csl.mtu.edu/cs6461/www/Slide/Crowds.pdf http://people.cs.vt.edu/~kafura/cs6204/Presentations/Slides/Crowds.pdf https://en.wikipedia.org/wiki/Anonymizer http://theory.stanford.edu/~matias/papers/lpwa-cacm.pdf Michael J. Freedman, Robert Morris. Tarzan: A Peer-to-Peer Anonymizing Network Layer. http://freehaven.net/anonbib/cache/tarzan:ccs02.pdf RESOURCES AND REFERENCES: