Presentation is loading. Please wait.

Presentation is loading. Please wait.

Definition of the Anonymity of Mix Network Runs Andrei Serjantov University of Cambridge Computer Laboratory.

Published byHelena Maines Modified over 9 years ago

Similar presentations

Presentation on theme: "Definition of the Anonymity of Mix Network Runs Andrei Serjantov University of Cambridge Computer Laboratory."— Presentation transcript:

1 Definition of the Anonymity of Mix Network Runs Andrei Serjantov University of Cambridge Computer Laboratory

2 Metric in Mix Networks (PET 2002) Metric also useful in mix networks Q R D B {(A,0.125), (B,0.125), (C,0.25), (D,0.5)} A C

3 Route Length (Sets) (PET 2002) Q R D B {A,B,C,D} A C Now we look at how information can change APD, but not the underlying set Mix systems, often have a maximum route length (eg Mixmaster)

4 Route Length (probabilities) (PET 2002) Max route length = 2. A"1,3,2"Q cannot happen C"3,2" {Q or R}. S has the anonymity set {A,B} Q,R still have the anonymity set {A,B,C} but a different anonymity probability distribution (with a lower entropy) 12 3 A B C S R Q

5 Hence we need a principled way of calculating the anonymity of a message as seen by the attacker!

6 A Formal Model of a Mix Network Given a set of input messages, our model can tell us what the mix network will do → (a real trace of events which happen in the network) M2 M1 Sender2 Sender1 Sender3 R2 R1 R3 {(Sender1,[M1,M2],R1) (Sender2,[M1],R2) (Sender3,[M2],R3)}

7 Generating a Real Trace M2 M1 Sender 2 Sender 1 Sender3 R2 R1 R3 [(Sender 1,M 1,MixRecv,C 1),(Sender 2,M 1,MixRecv,C 2),(Mix 1,Recv (R 2),RecvRecv,C 2),(Mix 1,M 2,MixRecv,C 1),(Sender 3,M 2,MixRecv,C 3),(Mix 2,Recv (R 3),RecvRecv,C 3),(Mix 2,Recv (R 1),RecvRecv,C 1)] {(Sender1,[M1,M2],R1,C1) (Sender2,[M1],R2,C2) (Sender3,[M2],R3,C3)}

8 Erasing the Real Trace (1) From this, we can work out what the attacker will observe –(the real get erased to remove the information the attacker cannot see) –We get an erased trace M2 M1 Sender 2 Sender 1 Sender3 R2 R1 R3 M2 M1 Sender 2 Sender 1 Sender3 R2 R1 R3

9 Erasing the Real Trace (2) Real trace: [(Sender 1,M 1,MixRecv,C 1),(Sender 2,M 1,MixRecv,C 2),(Mix 1,Recv (R 2),RecvRecv,C 2),(Mix 1,M 2,MixRecv,C 1),(Sender 3,M 2,MixRecv,C 3),(Mix 2,Recv (R 3),RecvRecv,C 3),(Mix 2,Recv (R 1),RecvRecv,C 1)] Erased trace: [(Sender 1,M 1),(Sender 2,M 1),(Mix 1,Recv (R 2)), (Mix 1,M 2),(Sender 3,M 2),(Mix 2,Recv (R 3)),(Mix 2,Recv (R1))] M2 M1 Sender 2 Sender 1 Sender3 R2 R1 R3 M2 M1 Sender 2 Sender 1 Sender3 R2 R1 R3

10 From the Attacker’s Point of View The attacker has an observation (an erased trace Obs) He now uses the model to find all the real traces which erase to Obs → Call these All Obs = [(Sender 1,M 1),(Sender 2,M 1),(Mix 1,Recv (R 2)), (Mix 1,M 2),(Sender 3,M 2),(Mix 2,Recv (R 3)), (Mix 2,Recv (R1))] M2 M1 Sender 2 Sender 1 Sender3 R2 R1 R3

11 Finding All Scenarios M2 M1 Sender 2 Sender 1 Sender3 R2 R1 R3 M2 M1 Sender 2 Sender 1 Sender3 R2 R1 R3 M2 M1 Sender 2 Sender 1 Sender3 R2 R1 R3 M2 M1 Sender 2 Sender 1 Sender3 R2 R1 R3 I II III IV In 2 out of the 4 scenarios Sender 3 sent the message to R1

12 (In ASCII!) [[(Sender 1,M 1,MixRecv,C 1),(Sender 2,M 1,MixRecv,C 2),(Mix 1,Recv (R 2),RecvRecv,C 2),(Mix 1,M 2,MixRecv,C 1),(Sender 3,M 2,MixRecv,C 3),(Mix 2,Recv (R 3),RecvRecv,C 3),(Mix 2,Recv (R 1),RecvRecv,C 1)], [(Sender 1,M 1,MixRecv,C 1),(Sender 2,M 1,MixRecv,C 2),(Mix 1,Recv (R 2),RecvRecv,C 2),(Mix 1,M 2,MixRecv,C 1),(Sender 3,M 2,MixRecv,C 3),(Mix 2,Recv (R 3),RecvRecv,C 1),(Mix 2,Recv (R 1),RecvRecv,C 3)], [(Sender 1,M 1,MixRecv,C 1),(Sender 2,M 1,MixRecv,C 2),(Mix 1,Recv (R 2),RecvRecv,C 1),(Mix 1,M 2,MixRecv,C 2),(Sender 3,M 2,MixRecv,C 3),(Mix 2,Recv (R 3),RecvRecv,C 3),(Mix 2,Recv (R 1),RecvRecv,C 2)], [(Sender 1,M 1,MixRecv,C 1),(Sender 2,M 1,MixRecv,C 2),(Mix 1,Recv (R 2),RecvRecv,C 1),(Mix 1,M 2,MixRecv,C 2),(Sender 3,M 2,MixRecv,C 3),(Mix 2,Recv (R 3),RecvRecv,C 2),(Mix 2,Recv (R 1),RecvRecv,C 3)]]

13 Probabilities Suppose: –All senders equally likely to send to all receivers –All routes equally likely to be chosen →All scenarios are equiprobable For the message which arrives at R1, the anonymity probability distribution is: {(Sender 1,0.25), (Sender 2, 0.25), (Sender 3,0.5)} (Glossing over the exact details)

14 See my PhD Thesis for this and lots of other cool things…

Download ppt "Definition of the Anonymity of Mix Network Runs Andrei Serjantov University of Cambridge Computer Laboratory."

Similar presentations

A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.

A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.
A Formal Analysis of Onion Routing 10/26/2007 Aaron Johnson (Yale) with Joan Feigenbaum (Yale) Paul Syverson (NRL)

A Formal Analysis of Onion Routing 10/26/2007 Aaron Johnson (Yale) with Joan Feigenbaum (Yale) Paul Syverson (NRL)
Causal Delivery (Thomas) Matt Guinn CS523, Spring 2006.

Causal Delivery (Thomas) Matt Guinn CS523, Spring 2006.
Timed Distributed System Models  A. Mok 2014 CS 386C.

Timed Distributed System Models  A. Mok 2014 CS 386C.
1 EP2210 Fairness Lecture material: –Bertsekas, Gallager, Data networks, 6.5 –L. Massoulie, J. Roberts, Bandwidth sharing: objectives and algorithms,“

1 EP2210 Fairness Lecture material: –Bertsekas, Gallager, Data networks, 6.5 –L. Massoulie, J. Roberts, "Bandwidth sharing: objectives and algorithms,“
1 Maximal Independent Set. 2 Independent Set (IS): In a graph G=(V,E), |V|=n, |E|=m, any set of nodes that are not adjacent.

1 Maximal Independent Set. 2 Independent Set (IS): In a graph G=(V,E), |V|=n, |E|=m, any set of nodes that are not adjacent.
Fast, Memory-Efficient Traffic Estimation by Coincidence Counting Fang Hao 1, Murali Kodialam 1, T. V. Lakshman 1, Hui Zhang 2, 1 Bell Labs, Lucent Technologies.

Fast, Memory-Efficient Traffic Estimation by Coincidence Counting Fang Hao 1, Murali Kodialam 1, T. V. Lakshman 1, Hui Zhang 2, 1 Bell Labs, Lucent Technologies.
Computer Science 1 CSC 774 Advanced Network Security Enhancing Source-Location Privacy in Sensor Network Routing (ICDCS ’05) Brian Rogers Nov. 21, 2005.

Computer Science 1 CSC 774 Advanced Network Security Enhancing Source-Location Privacy in Sensor Network Routing (ICDCS ’05) Brian Rogers Nov. 21, 2005.
Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.

Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Ordering and Consistent Cuts Presented By Biswanath Panda.

Ordering and Consistent Cuts Presented By Biswanath Panda.
1 Modeling and Analysis of Anonymous-Communication Systems Joan Feigenbaum WITS’08; Princeton NJ; June 18, 2008 Acknowledgement:

1 Modeling and Analysis of Anonymous-Communication Systems Joan Feigenbaum WITS’08; Princeton NJ; June 18, 2008 Acknowledgement:
Chapter 6 Section 1 Introduction. Probability of an Event The probability of an event is a number that expresses the long run likelihood that an event.

Chapter 6 Section 1 Introduction. Probability of an Event The probability of an event is a number that expresses the long run likelihood that an event.
Statistics & Modeling By Yan Gao. Terms of measured data Terms used in describing data –For example: “mean of a dataset” –An objectively measurable quantity.

Statistics & Modeling By Yan Gao. Terms of measured data Terms used in describing data –For example: “mean of a dataset” –An objectively measurable quantity.
A Look at Byzantine Generals Problem R J Walters.

A Look at Byzantine Generals Problem R J Walters.
I NTERNET A NONYMITY By Esra Erdin. Introduction Types of Anonymity Systems TOR Overview Working Mechanism of TOR I2P Overview Working Mechanism of I2P.

I NTERNET A NONYMITY By Esra Erdin. Introduction Types of Anonymity Systems TOR Overview Working Mechanism of TOR I2P Overview Working Mechanism of I2P.
I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=

I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=
I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=

I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=
Impact of Different Mobility Models on Connectivity Probability of a Wireless Ad Hoc Network Tatiana K. Madsen, Frank H.P. Fitzek, Ramjee Prasad [tatiana.

Impact of Different Mobility Models on Connectivity Probability of a Wireless Ad Hoc Network Tatiana K. Madsen, Frank H.P. Fitzek, Ramjee Prasad [tatiana.
Information Theory and Security

Information Theory and Security

Similar presentations

Ads by Google