Degradation of Anonymity Methods – The Predecessor Attack 28
Questions and Answers 31
What is Anonymity?
Anonymity is a property of network security. An entity in a system has anonymity if no other entity can identify the first entity, nor is there any link back to the first entity that can be used, nor any way to verify that any two anonymous acts are performed by the same entity.
Related term - Pseudonymity: A weaker, related property is pseudonymity. Pseudonymity means that one cannot identify an entity, but it may be possible to prove that two pseudonymous acts were performed by the same entity.
“For example, imagine that you have received a letter in the mail, with no signature, no return address, and no method for you to identify the sender or respond. This letter is anonymous. If the letter contains a secret key, and you then get later letters containing the same secret key, you can be pretty sure they came from the same entity. These latter letters are pseudonymous. If the letter contains instructions for responding, other than by some public channel, and you respond and the writer then responds to you, the writer is now pseudonymous rather than anonymous. This is because you have two (or more) acts (mailing letters) that were performed by the same person” .
Naively, there is no privacy2 on the Web. Browsers advertise IP address, domain name, organization, referring page, platform (OS, browser) and which information is requested. The information is available to end servers, local system administrator, and other third parties (see the example doubleclick.com below). Cookies are another violation of privacy.
Partial – e.g. in a cable Internet system, all the users use the same channel and can get everyone’s messages (encrypted), so an eavesdropper can perform a traffic analysis of another user.
Local – e.g. system administrator
Active attackers – an individual or a group, local or global, that can cause worse damage than just listening.
Anonymity in the network is relevant to:
E-commerce – The efficiencies of the public Internet are strong motivation for companies to use it instead of private intranets. However, these companies may want to protect their interests. The existence of inter-company collaboration may be confidential. Private people are also interested in anonymous e-commerce. A person shopping on the Web may not want his visits tracked.
Sending anonymous messages or distributing anonymous content
Other data communications (E-mail, Web browsing, Chatting) – Avoiding traffic analysis3
Hiding the existence of a VPN (Virtual Private Network) between two or more participants
Interest group – Examples are: Private health concerns - a person who is an AIDS carrier (and therefore accesses relevant data bases) is interested that this will remain unknown; Support groups of victims of crimes (rape, violence, etc.).
PIR – private information retrieval. For example, a researcher using the World Wide Web to access a patents database may expect his particular focus to remain private
Privacy of the communication patterns (defected by cookies)
Sender anonymity – the receiver (and others) cannot know who sends the message.
Receiver anonymity – servers in the message path cannot know to whom the message is designated.
Unlinkabiliity of sender and receiver. Linkability is the possibility to link between different actions in the Internet. For example, if a specific IP address appears in several transactions, then it can be concluded that there is a connection between those transactions.
Publisher anonymity (broadcast).
Information anonymity - For example, a few years ago, a convicted child rapist working as a technician in a Boston hospital riffled through 1,000 computerized records looking for potential victims (and was caught when the father of a nine-year-old girl used caller ID to trace the call back to the hospital).