Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity and Identity Management – A Consolidated Proposal for Terminology Authors: Andreas.

Published byNoah Preston Modified over 5 years ago

Similar presentations

Presentation on theme: "Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity and Identity Management – A Consolidated Proposal for Terminology Authors: Andreas."— Presentation transcript:

1 Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity and Identity Management – A Consolidated Proposal for Terminology Authors: Andreas Pfitzmann and Marit Hansen Presented by: Murtuza Jadliwala

2 CS 898AB - Privacy Terminology
Goals of this work Unambiguously define the important terminology used in privacy literature Anonymity Unlinkability Undetectability Unobservability Pseudonymity Other Goals: Give a rationale for their definition (why they are defined the way they are?) Relationship between these terms Main mechanisms to provide these properties 11/13/2018 CS 898AB - Privacy Terminology

3 Setting – Where does this Terminology Apply?
Universe Outsiders System Insiders 11/13/2018 CS 898AB - Privacy Terminology

4 Adversary? Attacker? Bad Guys?
Interested in “Items of Interest (IOI)” in the system: What communications is happening (passive) Who is sending, who is receiving… (passive) Manipulate the communications (active) All definitions are based on the “perspective” of the attacker Perspective defines the set of all possible observations Attacker may also have limited computation capabilities Both the above define the information available to the attacker 11/13/2018 CS 898AB - Privacy Terminology

5 Attacker Scope: Insider
Universe System 11/13/2018 CS 898AB - Privacy Terminology

6 Attacker Scope: Outsider
Universe System 11/13/2018 CS 898AB - Privacy Terminology

7 CS 898AB - Privacy Terminology
Implicit Assumptions Adversary never has access to message content to get information about senders/receivers Why is this a reasonable assumption? It is unreasonable to assume that an adversary “forgets” any information Information once known cannot be assumed to be suddenly lost! If anything, knowledge only increases! 11/13/2018 CS 898AB - Privacy Terminology

8 CS 898AB - Privacy Terminology
1. Anonymity Anonymity: Subject is not identifiable within a set of subjects, the anonymity set Anonymity Set: Set of similar subjects or subjects with similar attributes, for example, Set of senders Set of receivers A sender can be anonymous only within an anonymity set of senders! Anonymity of a set of subjects within an (potentially larger) anonymity set means that all these individual subjects are not identifiable within this anonymity set 11/13/2018 CS 898AB - Privacy Terminology

9 CS 898AB - Privacy Terminology
1. Anonymity 11/13/2018 CS 898AB - Privacy Terminology

10 CS 898AB - Privacy Terminology
1. Anonymity Anonymity: Subject is not identifiable within a set of subjects, the anonymity set What is the problem with this definition? Attacker perspective or knowledge not considered at all! Anonymity of a subject from an attacker’s perspective: Means that the attacker cannot “sufficiently” identify the subject within a set of subjects, the anonymity set “Sufficiently” over here needs to be quantified! Individual anonymity, group anonymity Note: Anonymity set cannot increase w.r.t. a particular IOI Why? Remember: We cannot assume that attacker forgets something he already knows! 11/13/2018 CS 898AB - Privacy Terminology

11 CS 898AB - Privacy Terminology
1. Anonymity 11/13/2018 CS 898AB - Privacy Terminology

12 1. Anonymity - Properties
Quantification of Anonymity Detailed description of the system needed? May always not be possible Robustness of Anonymity How stable the quantification is with changes, e.g., change in adversary strength Quality of Anonymity = Quantification + Robustness 11/13/2018 CS 898AB - Privacy Terminology

13 1. Anonymity - Properties
An anonymity delta (regarding a subject's anonymity) from an attacker's perspective: Specifies the difference between the subject's anonymity taking into account the attacker's observations (i.e., the attacker’s a-posteriori knowledge) and the subject's anonymity given the attacker's a-priori knowledge only If we can quantify anonymity in concrete situations, we can quantify the anonymity delta Note: If attacker has no a-priori knowledge about the particular subject, having no anonymity delta implies anonymity If attacker has an a-priori knowledge covering all actions of the particular subject, having no anonymity delta does not imply any anonymity at all 11/13/2018 CS 898AB - Privacy Terminology

14 CS 898AB - Privacy Terminology
2. Unlinkability Unlinkability: Unlinkability of two or more items of interest (IOIs, e.g., subjects, messages, actions) from an attacker’s perspective means that within the system, the attacker cannot sufficiently distinguish whether these IOIs are related or not Can you defined Linkability? Linkability: Linkability of two or more items of interest (IOIs, e.g., subjects, messages, actions) from an attacker’s perspective means that within the system, the attacker can sufficiently distinguish whether these IOIs are related or not 11/13/2018 CS 898AB - Privacy Terminology

15 2. Unlinkability - Example
Example: If the probability that these two messages are sent by the same sender is sufficiently close to 1/5. Size of sender anonymity set = 5 11/13/2018 CS 898AB - Privacy Terminology

16 CS 898AB - Privacy Terminology
2. Unlinkability change Unlinkability delta: An unlinkability delta of two or more items of interest (IOIs, e.g., subjects, messages, actions, ...) from an attacker’s perspective specifies the difference between the unlinkability of these IOIs taking into account the attacker’s observations and the unlinkability of these IOIs given the attacker’s a-priori knowledge only. Perfect Unlinkability delta: Unlinkability delta is zero Remember the knowledge of the attacker never decreases (attacker never forgets)! So unlinkability just based on a-priori knowledge never increases 11/13/2018 CS 898AB - Privacy Terminology

17 2. Anonymity in terms of Unlinkability
Subject is not identifiable within a set of subjects, the anonymity set A sender s sends a message m anonymously, iff s is anonymous within the set of potential senders of m, the sender anonymity set of m. A message m is sent anonymously, iff m can have been sent by each potential sender, i.e., by any subject within the sender anonymity set of m. Anonymity in terms of Unlinkability: Sender anonymity of a subject means that to this potentially sending subject, each message is unlinkable. Recipient anonymity of a subject means that to this potentially receiving subject, each message is unlinkable. Relationship anonymity of a pair of subjects, the potentially sending subject and the potentially receiving subject, means that to this potentially communicating pair of subjects, each message is unlinkable 11/13/2018 CS 898AB - Privacy Terminology

18 2. Anonymity in terms of Unlinkability
Unlinkability sufficient condition for anonymity, but not necessary! Failing unlinkability w.r.t some attributes does not necessarily affect anonymity! Relationship anonymity is a weaker property than each of Sender anonymity and Recipient anonymity! Why? Sender anonymity  Relationship anonymity, Receiver anonymity  Relationship anonymity Relationship anonymity  ? Sender anonymity, Receiver anonymity 11/13/2018 CS 898AB - Privacy Terminology

19 CS 898AB - Privacy Terminology
3. Undetectability Undetectability: Undetectability of an IOI from an attacker’s perspective means that the attacker cannot sufficiently distinguish whether it exists or not For example, if the IOI under consideration is a message, then it means that a message is not sufficiently distinguishable from random noise Perfect or Maximal Undetectability: If the attacker can never distinguish (or distinguish with zero probability) whether an IOI exists or not. In some applications (e.g. steganography), it might be useful to quantify undetectability to have some measure how much uncertainty about an IOI remains after the attacker’s observations. 11/13/2018 CS 898AB - Privacy Terminology

20 3. Undetectability change
Undetectability delta: An undetectability delta of an IOI from an attacker’s perspective specifies the difference between the undetectability of the IOI taking into account the attacker’s observations and the undetectability of the IOI given the attacker’s a-priori knowledge only. Perfect Preservation of Undetectability: Undetectability delta is zero Important! Undetectability of an IOI clearly is only possible w.r.t. subjects not involved in the IOI For a sender of a message, the sent message is always detectable! Question: Is undetectability related to anonymity? With the above definition, No! But it can be combined with anonymity to define a new property. 11/13/2018 CS 898AB - Privacy Terminology

21 CS 898AB - Privacy Terminology
4. Unobservability Unobservability of an IOI: means undetectability of the IOI against all subjects uninvolved in it, and anonymity of the subject(s) involved in the IOI Sender unobservability: means that it is sufficiently undetectable whether any sender within the unobservability set sends Sender unobservability is perfect: iff it is completely undetectable whether any sender within the unobservability set sends Similarly, Recipient unobservability and Relationship unobservability are defined! 11/13/2018 CS 898AB - Privacy Terminology

22 4. Unobservability change
Unobservability delta of an IOI: means undetectability delta of the IOI against all subjects uninvolved in it, and anonymity delta of the subject(s) involved in the IOI even against the other subject(s) involved in that IOI Perfect preservation of unobservability: Unobservability delta is zero Undetectability delta is zero Anonymity delta is zero 11/13/2018 CS 898AB - Privacy Terminology

23 CS 898AB - Privacy Terminology
Relationships Unobservability  Anonymity Sender Unobservability  Sender Anonymity Recipient Unobservability  Recipient Anonymity Relationship Unobservability  Relationship Anonymity Sender anonymity  Relationship anonymity Recipient anonymity  Relationship anonymity Sender unobservability  Relationship unobservability Recipient unobservability  Relationship unobservability Unobservability  Undetectability 11/13/2018 CS 898AB - Privacy Terminology

24 CS 898AB - Privacy Terminology
Mechanisms Sender anonymity, Relationship anonymity can be achieved by MIX-net [Chau81]* How to provide unobservability in addition to anonymity? Add dummy traffic A mechanism to achieve some kind of anonymity appropriately combined with dummy traffic yields the corresponding kind of unobservability! Undetectability can be achieved using Steganography or Spread Spectrum! 11/13/2018 CS 898AB - Privacy Terminology

25 CS 898AB - Privacy Terminology
5. Pseudonymity Any two-way communication still requires appropriate identifiers! Pseudonym: An identifier of a subject other than one of the subject’s real name(s) Holder: The subject to which the pseudonym belongs to The subject is pseudonymous if a pseudonym is used instead of the real name(s) Pseudonymity: Use of pseudonyms as identifiers in communications 11/13/2018 CS 898AB - Privacy Terminology

26 CS 898AB - Privacy Terminology
5. Pseudonymity 11/13/2018 CS 898AB - Privacy Terminology

27 5. Pseudonymity – Relationship with Anonymity
Group Pseudonyms: A group pseudonym refers to a set of holders, i.e., it may refer to multiple holders Transferable Pseudonym: A transferable pseudonym can be transferred from one holder to another subject becoming its holder Group pseudonyms and Transferable pseudonyms induce anonymity! Digital pseudonym: Bit string which is Unique as identifier (at least with very high probability) and Suitable to be used to authenticate the holder’s messages (IOIs) sent E.g., IP addresses, usernames, etc. 11/13/2018 CS 898AB - Privacy Terminology

28 5. Can Holders of Digital Pseudonyms held Accountable?
Authenticating IOIs (or messages) relative to pseudonyms usually is not enough for accountability! Why? Digital pseudonyms (at least, with the current definition) are not tied to the civil identities of the holders (people, computers, etc.) How to overcome this problem? Attach funds to digital pseudonyms to cover claims Let identity brokers authenticate digital pseudonyms (i.e., check the civil identity of the holder and then issue a digitally signed statement that this particular identity broker has proof of the identity of the holder of this digital pseudonym and is willing to divulge that proof under well-defined circumstances) Both the above 11/13/2018 CS 898AB - Privacy Terminology

29 5.Relationship between Pseudonymity and Linkability
Linkability: Linking a message (from its pseudonym) to the subject or holder that sent it Anonymity Pseudonymity Accountability 11/13/2018 CS 898AB - Privacy Terminology

30 5.Relationship between Pseudonymity and Linkability
Based on knowledge of linking, three kinds of pseudonyms Public pseudonym: The linking between a public pseudonym and its holder may be publicly known even from the very beginning (e.g., telephone numbers) Initially non-public pseudonym: The linking between an initially non-public pseudonym and its holder may be known by certain parties, but is not public at least initially (e.g., bank account number ) Initially unlinked psuedonym: The linking between an initially unlinked pseudonym and its holder is – at least initially – not known to anybody with the possible exception of the holder himself/herself (e.g., biometrics like DNA, fingerprint) Knowledge of linking cannot decrease! 11/13/2018 CS 898AB - Privacy Terminology

31 5.Relationship between Pseudonymity and Linkability
11/13/2018 CS 898AB - Privacy Terminology

32 CS 898AB - Privacy Terminology
Overview 11/13/2018 CS 898AB - Privacy Terminology

Download ppt "Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity and Identity Management – A Consolidated Proposal for Terminology Authors: Andreas."

Similar presentations

Lucienne Blessing Université du Luxembourg Autumn Lecture-Workshop series University of Bath, 19 November 2009 Developing a Reference Model: the line of.

Lucienne Blessing Université du Luxembourg Autumn Lecture-Workshop series University of Bath, 19 November 2009 Developing a Reference Model: the line of.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.

Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.
Privacy Terminology draft-hansen-privacy-terminology-03.txt Hannes Tschofenig.

Privacy Terminology draft-hansen-privacy-terminology-03.txt Hannes Tschofenig.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.

Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Who am I? Mats Ohlin Swedish Defence Materiel Administration (FMV) IT Security area –International Standardisation: ISO/IEC JTC 1/SC 27/WG 3 (Security.

Who am I? Mats Ohlin Swedish Defence Materiel Administration (FMV) IT Security area –International Standardisation: ISO/IEC JTC 1/SC 27/WG 3 (Security.
1 CIS 5371 Cryptography 3. Private-Key Encryption and Pseudorandomness B ased on: Jonathan Katz and Yehuda Lindel Introduction to Modern Cryptography.

1 CIS 5371 Cryptography 3. Private-Key Encryption and Pseudorandomness B ased on: Jonathan Katz and Yehuda Lindel Introduction to Modern Cryptography.
1 Today Null and alternative hypotheses 1- and 2-tailed tests Regions of rejection Sampling distributions The Central Limit Theorem Standard errors z-tests.

1 Today Null and alternative hypotheses 1- and 2-tailed tests Regions of rejection Sampling distributions The Central Limit Theorem Standard errors z-tests.
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms David Chaum CACM Vol. 24 No. 2 February 1981 Presented by: Adam Lee 1/24/2006 David.

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms David Chaum CACM Vol. 24 No. 2 February 1981 Presented by: Adam Lee 1/24/2006 David.
Fall 2002CS 395: Computer Security1 Chapter 11: Message Authentication and Hash Functions.

Fall 2002CS 395: Computer Security1 Chapter 11: Message Authentication and Hash Functions.
Privacy Enhancing Technologies Spring 2012. What is Privacy? “The right to be let alone” Confidentiality Anonymity Access Control Most privacy technologies.

Privacy Enhancing Technologies Spring What is Privacy? “The right to be let alone” Confidentiality Anonymity Access Control Most privacy technologies.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.

Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
R. Newman Anonymity - Background. Defining anonymity Defining anonymity Need for anonymity Need for anonymity Defining privacy Defining privacy Threats.

R. Newman Anonymity - Background. Defining anonymity Defining anonymity Need for anonymity Need for anonymity Defining privacy Defining privacy Threats.
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.

11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.

CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.
CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 26 Review of Some Mid-Term Problems.

CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 26 Review of Some Mid-Term Problems.

Similar presentations

Ads by Google