research-article

The bayesian traffic analysis of mix networks

Authors:

Carmela Troncoso,

George DanezisAuthors Info & Claims

CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

Pages 369 - 379

https://doi.org/10.1145/1653662.1653707

Published: 09 November 2009 Publication History

Abstract

This work casts the traffic analysis of anonymity systems, and in particular mix networks, in the context of Bayesian inference. A generative probabilistic model of mix network architectures is presented, that incorporates a number of attack techniques in the traffic analysis literature. We use the model to build an Markov Chain Monte Carlo inference engine, that calculates the probabilities of who is talking to whom given an observation of network traces. We provide a thorough evaluation of its correctness and performance, and confirm that mix networks with realistic parameters are secure. This approach enables us to apply established information theoretic anonymity metrics on complex mix networks, and extract information from anonymised traffic traces optimally.

References

[1]

Dakshi Agrawal and Dogan Kesdogan. Measuring anonymity: The disclosure attack. IEEE Security and Privacy, 1(6):27--34, 2003.

Digital Library

[2]

David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 4(2), February 1981.

Digital Library

[3]

Sebastian Clauss and Stefan Schiffner. Structuring anonymity metrics. In DIM '06: Proceedings of the second ACM workshop on Digital identity management, pages 55--62, New York, NY, USA, 2006. ACM.

Digital Library

[4]

George Danezis. Statistical disclosure attacks: Traffic confirmation in open environments. In Gritzalis, Vimercati, Samarati, and Katsikas, editors, Proceedings of Security and Privacy in the Age of Uncertainty, (SEC2003), pages 421--426, Athens, May 2003. IFIP TC11, Kluwer.

Digital Library

[5]

George Danezis and Claudia Diaz. A survey of anonymous communication channels. Technical Report MSR-TR-2008-35, Microsoft Research, January 2008.

[6]

George Danezis, Claudia Diaz, and Carmela Troncoso. Two-sided statistical disclosure attack. In Nikita Borisov and Philippe Golle, editors, Proceedings of the Seventh Workshop on Privacy Enhancing Technologies (PET 2007), Ottawa, Canada, June 2007. Springer.

Digital Library

[7]

George Danezis, Roger Dingledine, and Nick Mathewson. Mixminion: Design of a Type III Anonymous Remailer Protocol. In Proceedings of the 2003 IEEE Symposium on Security and Privacy, pages 2--15, May 2003.

Digital Library

[8]

George Danezis and Len Sassaman. Heartbeat traffic to counter (n-1) attacks. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2003), Washington, DC, USA, October 2003.

Digital Library

[9]

George Danezis and Andrei Serjantov. Statistical disclosure or intersection attacks on anonymity systems. In Proceedings of 6th Information Hiding Workshop (IH 2004), LNCS, Toronto, May 2004.

Digital Library

[10]

George Danezis and Paul Syverson. Bridging and fingerprinting: Epistemic attacks on route selection. In Nikita Borisov and Ian Goldberg, editors, Proceedings of the Eighth International Symposium on Privacy Enhancing Technologies (PETS 2008), pages 133--150, Leuven, Belgium, July 2008. Springer.

Digital Library

[11]

George Danezis and Carmela Troncoso. The application of bayesian inference to traffic analysis. Technical report, Micorsoft Research, August 2008.

[12]

Yuxin Deng, Jun Pang, and Peng Wu. Measuring anonymity with relative entropy. In Proceedings of the 4th International Workshop on Formal Aspects in Security and Trust, volume 4691 of Lecture Notes in Computer Science, pages 65--79. Springer, 2007.

Digital Library

[13]

Claudia Diaz, Steven J. Murdoch, and Carmela Troncoso. Towards practical dependant link padding. Under submission, 2009.

[14]

Claudia Diaz and Bart Preneel. Reasoning about the anonymity provided by pool mixes that generate dummy traffic. In Proceedings of 6th Information Hiding Workshop (IH 2004), LNCS, Toronto, May 2004.

Digital Library

[15]

Claudia Diaz, Stefaan Seys, Joris Claessens, and Bart Preneel. Towards measuring anonymity. In Roger Dingledine and Paul Syverson, editors, Proceedings of Privacy Enhancing Technologies Workshop (PET 2002). Springer-Verlag, LNCS 2482, April 2002.

Digital Library

[16]

Claudia Diaz, Carmela Troncoso, and Andrei Serjantov. On the impact of social network profiling on anonymity. In Nikita Borisov and Ian Goldberg, editors, Proceedings of the Eighth International Symposium on Privacy Enhancing Technologies (PETS 2008), pages 44--62, Leuven, Belgium, July 2008. Springer.

Digital Library

[17]

Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium}, August 2004.

Digital Library

[18]

M. Edman, F. Sivrikaya, and B. Yener. A combinatorial approach to measuring anonymity. Intelligence and Security Informatics, 2007 IEEE, pages 356--363, 2007.

[19]

Benedikt Gierlichs, Carmela Troncoso, Claudia Diaz, Bart Preneel, and Ingrid Verbauwhede. Revisiting a combinatorial approach toward measuring anonymity. In Marianne Winslett, editor, Workshop on Privacy in the Electronic Society 2007, page 5, Alexandria,VA,USA, 2008. ACM.

Digital Library

[20]

W.K. Hastings. Monte carlo sampling methods using markov chains and their applications. Biometrika, 57(1):97--109, April 1970.

[21]

E.T. Jaynes. Probability Theory : The Logic of Science. Cambridge University Press, April 2003.

[22]

Dogan Kesdogan, Dakshi Agrawal, and Stefan Penz. Limits of anonymity in open environments. In Fabien Petitcolas, editor, Proceedings of Information Hiding Workshop (IH 2002). Springer-Verlag, LNCS 2578, October 2002.

Digital Library

[23]

Dogan Kesdogan and Lexi Pimenidis. The hitting set attack on anonymity protocols. In Proceedings of 6th Information Hiding Workshop (IH 2004), LNCS, Toronto, May 2004.

Digital Library

[24]

David J.C. Mackay. Information Theory, Inference, and Learning Algorithms. Cambridge University Press, 2003.

Digital Library

[25]

Nick Mathewson and Roger Dingledine. Practical traffic analysis: Extending and resisting statistical disclosure. In Proceedings of Privacy Enhancing Technologies workshop (PET 2004), volume 3424 of LNCS, pages 17--34, May 2004.

Digital Library

[26]

Steven J. Murdoch and Piotr Zielinski. Sampled traffic analysis by internet-exchange-level adversaries. In Nikita Borisov and Philippe Golle, editors, Privacy Enhancing Technologies, volume 4776 of Lecture Notes in Computer Science, pages 167--183. Springer, 2007.

Digital Library

[27]

Luke O'Connor. On blending attacks for mixes with memory. In Proceedings of Information Hiding Workshop (IH 2005), pages 39--52, June 2005.

Digital Library

[28]

Andrei Serjantov. On the Anonymity of Anonymity Systems. PhD thesis, University of Cambridge, June 2004.

[29]

Andrei Serjantov and George Danezis. Towards an information theoretic metric for anonymity. In Roger Dingledine and Paul Syverson, editors, Proceedings of Privacy Enhancing Technologies Workshop (PET 2002). Springer-Verlag, LNCS 2482, April 2002.

Digital Library

[30]

Andrei Serjantov and Richard E. Newman. On the anonymity of timed pool mixes. In Proceedings of the Workshop on Privacy and Anonymity Issues in Networked and Distributed Systems, pages 427--434, Athens, Greece, May 2003. Kluwer.

[31]

Paul Syverson, Gene Tsudik, Michael Reed, and Carl Landwehr. Towards an Analysis of Onion Routing Security. In H. Federrath, editor, Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, pages 96--114. Springer-Verlag, LNCS 2009, July 2000.

Digital Library

[32]

Gergely Toth and Zoltan Hornak. Measuring anonymity in a non-adaptive, real-time system. In Proceedings of Privacy Enhancing Technologies workshop (PET 2004), volume 3424 of Springer-Verlag, LNCS, pages 226--241, 2004.

Digital Library

[33]

Carmela Troncoso, Benedikt Gierlichs, Bart Preneel, and Ingrid Verbauwhede. Perfect matching disclosure attacks. In Nikita Borisov and Ian Goldberg, editors, Proceedings of the Eighth International Symposium on Privacy Enhancing Technologies (PETS 2008), volume 5134 of Lecture Notes in Computer Science, pages 2--23, Leuven,BE, 2008. Springer-Verlag.

Digital Library

[34]

Matthew Wright, Micah Adler, Brian Neil Levine, and Clay Shields. An analysis of the degradation of anonymous protocols. In Proceedings of the Network and Distributed Security Symposium NDSS '02. IEEE, February 2002.

Cited By

Dolev SKhankin D(2023)Random spanning trees for expanders, sparsifiers, and virtual network securityComputer Communications10.1016/j.comcom.2023.09.028212:C(21-34)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1016/j.comcom.2023.09.028
Guirat IDiaz CEldefrawy KZeilberger H(2023)Traffic Analysis by Adversaries with Partial VisibilityComputer Security – ESORICS 202310.1007/978-3-031-51476-0_17(338-358)Online publication date: 25-Sep-2023
https://dl.acm.org/doi/10.1007/978-3-031-51476-0_17
Naikoo FAhmad KAhmad K(2022)Anonymity-Enabled Mix Network: Owing to Techniques and Proof of correctness2022 International Conference on Computing, Communication, and Intelligent Systems (ICCCIS)10.1109/ICCCIS56430.2022.10037727(176-181)Online publication date: 4-Nov-2022
https://doi.org/10.1109/ICCCIS56430.2022.10037727
Show More Cited By

Index Terms

The bayesian traffic analysis of mix networks
1. Security and privacy
  1. Network security

Recommendations

Bayesian learning of Bayesian networks with informative priors

This paper presents and evaluates an approach to Bayesian model averaging where the models are Bayesian nets (BNs). A comprehensive study of the literature on structural priors for BNs is conducted. A number of prior distributions are defined using ...
Being Bayesian about learning Bayesian networks from ordinal data
Abstract
In this paper we propose a Bayesian approach for inferring Bayesian network (BN) structures from ordinal data. Our approach can be seen as the Bayesian counterpart of a recently proposed frequentist approach, referred to as the ‘ordinal structure ...
Bayesian multivariate spatial models for roadway traffic crash mapping

We consider several Bayesian multivariate spatial models for estimating the crash rates from different kinds of crashes. Multivariate conditional autoregressive (CAR) models are considered to account for the spatial effect. The models considered are ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '09: Proceedings of the 16th ACM conference on Computer and communications security

November 2009

664 pages

ISBN:9781605588940

DOI:10.1145/1653662

General Chair:
Ehab Al-Shaer
University of North Carolina, Charlotte, USA
,
Program Chairs:
Somesh Jha
University of Wisconsin, USA
,
Angelos D. Keromytis
Columbia University, USA and Symantec Research Labs Europe, France

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '09

Sponsor:

SIGSAC

CCS '09: 16th ACM Conference on Computer and Communications Security 2009

November 9 - 13, 2009

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

28
Total Citations
View Citations
624
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)2

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Dolev SKhankin D(2023)Random spanning trees for expanders, sparsifiers, and virtual network securityComputer Communications10.1016/j.comcom.2023.09.028212:C(21-34)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1016/j.comcom.2023.09.028
Guirat IDiaz CEldefrawy KZeilberger H(2023)Traffic Analysis by Adversaries with Partial VisibilityComputer Security – ESORICS 202310.1007/978-3-031-51476-0_17(338-358)Online publication date: 25-Sep-2023
https://dl.acm.org/doi/10.1007/978-3-031-51476-0_17
Naikoo FAhmad KAhmad K(2022)Anonymity-Enabled Mix Network: Owing to Techniques and Proof of correctness2022 International Conference on Computing, Communication, and Intelligent Systems (ICCCIS)10.1109/ICCCIS56430.2022.10037727(176-181)Online publication date: 4-Nov-2022
https://doi.org/10.1109/ICCCIS56430.2022.10037727
Ahmad KKamal A(2021)Mix Networks: Existing Scenarios and Future Directions on Security and PrivacyRecent Patents on Engineering10.2174/187221211466619122312561914:3(310-323)Online publication date: 19-Jan-2021
https://doi.org/10.2174/1872212114666191223125619
Manfredi VDonnay Hill CAguilar Igartua MBellavista PLoureiro AGiannelli C(2020)Quantifying Unlinkability in Multi-hop Wireless NetworksProceedings of the 23rd International ACM Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems10.1145/3416010.3423216(73-82)Online publication date: 16-Nov-2020
https://dl.acm.org/doi/10.1145/3416010.3423216
Liu ALi RLiu ALi R(2020)Breaching Privacy in Encrypted Instant Messaging NetworksAlgorithms for Data and Computation Privacy10.1007/978-3-030-58896-0_14(385-404)Online publication date: 29-Nov-2020
https://doi.org/10.1007/978-3-030-58896-0_14
Lu TDu ZJane Wang Z(2019)A Survey on Measuring Anonymity in Anonymous Communication SystemsIEEE Access10.1109/ACCESS.2019.29193227(70584-70609)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2919322
Almasizadeh JAbdollahi Azgomi M(2018)A probabilistic model for anonymity analysis of anonymous communication networksTelecommunications Systems10.1007/s11235-018-0454-069:2(171-186)Online publication date: 1-Oct-2018
https://dl.acm.org/doi/10.1007/s11235-018-0454-0
Dolev SKhankin D(2017)Monitorability Bounds via Expander, Sparsifier and Random WalksNetworked Systems10.1007/978-3-319-59647-1_23(307-321)Online publication date: 14-May-2017
https://doi.org/10.1007/978-3-319-59647-1_23
Erdin EZachor CGunes M(2015)How to Find Hidden Users: A Survey of Attacks on Anonymity NetworksIEEE Communications Surveys & Tutorials10.1109/COMST.2015.245343417:4(2296-2316)Online publication date: Dec-2016
https://doi.org/10.1109/COMST.2015.2453434
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents