Probabilistic and nondeterministic aspects of anonymity

The concept of anonymity comes into play in a wide range of situations, varying from voting and anonymous donations to postings on bulletin boards and sending emails. The protocols for ensuring anonymity often use random mechanisms which can be described probabilistically, while the agents’ behavior may be totally unpredictable, irregular, and hence expressible only nondeterministically. Formal definitions of the concept of anonymity have been investigated in the past either in a totally nondeterministic framework, or in a purely probabilistic one. In this paper, we investigate a notion of anonymity which combines both probability and nondeterminism, and which is suitable for describing the most general situation in which the protocol and the users can have both probabilistic and nondeterministic behavior. We also investigate the properties of the definition for the particular cases of purely nondeterministic users and purely probabilistic users. We formulate the notions of anonymity in terms of probabilistic automata, and we describe protocols and users as processes in the probabilistic π-calculus, whose semantics is again based on probabilistic automata. Throughout the paper, we illustrate our ideas by using the example of the dining cryptographers.     

On Dice and Coins: Models of Computation for Random Generation

To examine the concept of random generation in bounded, as opposed to expected, polynomial time, a model of a probabilistic Turing machine (PTM) with the ability to make random choices with any (small) rational bias is necessary. This ability is equivalent to that of being able to simulate rolling any k-sided die (where [k] is polynomial in the length of the input). We would like to minimize the amount of hardware required for a machine with this capability. This leads to the problem of efficiently simulating a family of dice with a few different types of biased coins as possible. In the special case of simulating one n-sided die, we prove that only two types of biased coins are necessary, which can be reduced to one if we allow irrationally biased coins. This simulation is efficient, taking O(log n) coin flips. For the general case we get a tight time vs number of biases tradeoff; for example, with O(log n) different biases, we can simulate, for any i < n, an i-sided die in O(log n) coin flips.     

Probabilistic anonymity via coalgebraic simulations

There is a growing concern about anonymity and privacy on the Internet, resulting in lots of work on formalization and verification of anonymity. In particular, the importance of probabilistic aspects of anonymity has recently been highlighted by many authors. Several different notions of “probabilistic anonymity” have been studied so far, but proof methods for such probabilistic notions have not yet been elaborated. In this paper we introduce a simulation-based proof method for one notion of probabilistic anonymity introduced by Bhargava and Palamidessi, called strong probabilistic anonymity. The method is a probabilistic adaptation of the one by Kawabe, Sakurada et al. for non-deterministic anonymity; anonymity of a protocol is proved by finding a forward/backward simulation between certain automata. For the jump from non-determinism to probability we exploit a generic, coalgebraic theory of traces and simulations developed by Hasuo, Jacobs and Sokolova. In particular, an appropriate notion of probabilistic simulation is obtained as an instantiation of the generic definition, for which soundness theorem comes for free. Additionally, we show how we can use a similar idea to verify a weaker notion of probabilistic anonymity called probable innocence.     

Minimal Information Disclosure in a Centralized Authorization System

We propose a centralized authorization system, in which user authorizations cannot be retrieved in a computationally feasible way without cooperation of user, authorization server and end-servers. A certain level of anonymity is also guaranteed to the users. The security of the protocol is based on standard cryptographic assumptions. We show that the complexity of the protocol compares to that of the SSL handshake protocol.     

An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks

We address the problem of mutual authentication and key agreement with user anonymity for mobile networks. Recently, Lee et al. proposed such a scheme, which is claimed to be a slight modification of, but a security enhancement on Zhu et al.’s scheme based on the smart card. In this paper, however, we reveal that both schemes still suffer from certain weaknesses which have been previously overlooked, and thus are far from the desired security. We then propose a new protocol which is immune to various known types of attacks. Analysis shows that, while achieving identity anonymity, key agreement fairness, and user friendliness, our scheme is still cost-efficient for a general mobile node.     

Formally transforming user-model testing problems into implementer-model testing problems and viceversa

There are several methods to assess the capability of a test suite to detect faults in a potentially wrong system. We explore two methods based on considering some probabilistic information. In the first one, we assume that we are provided with a probabilistic user model. This is a model denoting the probability that the entity interacting with the system takes each available choice. In the second one, we suppose that we have a probabilistic implementer model, that is, a model denoting the probability that the implementer makes each possible fault while constructing the system. We show that both testing scenarios are strongly related. In particular, we prove that any user can be translated into an implementer model in such a way that the optimality of tests is preserved, that is, a test suite is optimal for the user if and only if it is optimal for the resulting implementer. Another translation, working in the opposite direction, fulfills the reciprocal property. Thus, we conclude that any test selection criterium designed for one of these testing problems can be used for the other one, once the model has been properly translated. Besides, the applicability of user models to other kinds of testing approaches is considered.     

具有隐私保护的安全电子交易协议

电子交易的普及在给用户带来便利的同时,其在交易支付中所暴露出的隐私保护和安全性问题也受到不同程度的挑战。针对此问题,提出一个安全的电子交易协议。协议中,优化后的签密算法可保证交易的安全性;同时支付服务商具有去匿名性功能,可以在保护用户隐私的基础上进行追责。经性能分析,本协议在提高通信性能的基础上,满足消息的机密性和不可否认性、购买者的匿名性和可追踪性以及电子交易的公平性。     

A lightweight authentication and key agreement protocol preserving user anonymity

Nowadays with widespread employment of the Internet, servers provide various services for legal users. The vital issue in client/server connections is authentication protocols that make the communication channel safe and secure against famous attacks. Recently, Kumari et al. and Chaudhry et al. proposed two authentication and key agreement protocols and illustrated that their proposed protocols are secure against various security attacks. However, in this paper we demonstrate that both protocols are vulnerable to off-line password guessing attacks. Moreover, we show that Kumari et al.’s protocol does not provide the property of user anonymity. In order to overcome these weaknesses, we propose a lightweight authentication and key agreement protocol. The correctness of the proposed protocol is proved using BAN logic. Security analysis demonstrates that the proposed protocol resists various security attacks and provides user anonymity. Furthermore, performance analysis confirms that the computation cost of the proposed protocol is acceptable.

     

Analysis of privacy in mobile telephony systems

We present a thorough experimental and formal analysis of users’ privacy in mobile telephony systems. In particular, we experimentally analyse the use of pseudonyms and point out weak deployed policies leading to some critical scenarios which make it possible to violate a user’s privacy. We also expose some protocol’s vulnerabilities resulting in breaches of the anonymity and/or user unlinkability. We show these breaches translate in actual attacks which are feasible to implement on real networks and discuss our prototype implementation. In order to countermeasure these attacks, we propose realistic solutions. Finally, we provide the theoretical framework for the automatic verification of the unlinkability and anonymity of the fixed 2G/3G procedures and automatically verify them using the ProVerif tool.     

基于区块链的轻量级匿名评审协议

同行评审的重要价值一直被学术界广泛认可,然而其过程的不透明广受诟病。近年来,区块链技术的快速发展正在迅速推动以太坊等开放式智能合约平台的成熟,为开发去中心化的评审系统奠定了坚实基础。然而,目前去中心化的评审协议面临两个有挑战性的问题。首先,由于区块链记录的信息是透明公开的,若评审方的身份在评审结果产生前被公开,会导致匿名性难以保障,不利于维护评审过程的公平性。其次,由于智能合约中函数的每一次调用都要花费一定量链上资源,执行包含n位评审方的协议需花费O（n）链上资源,导致可扩展性难以保障,协议难以应用到实际场景。本文提出一种基于区块链的轻量级匿名审稿协议（Blockchain-based Lightweight Anonymous Review, BLAR）,旨在解决去中心化评审协议的匿名性和可扩展性两个关键问题。BLAR协议不需要在评审结果展示前在区块链上存储任意可能导致指派信息泄露的信息,包括但不限于被选中评审方的账户地址或其哈希值,从而使攻击者无法确定性地找出对应某投稿的评审方。同时, BLAR协议不依赖区块链进行存储与计算,而是仅利用区块链进行验证和可信性保证,从而在最小程度造成...     

Verifying anonymity in voting systems using CSP

We present formal definitions of anonymity properties for voting protocols using the process algebra CSP. We analyse a number of anonymity definitions, and give formal definitions for strong and weak anonymity, highlighting the difference between these definitions. We show that the strong anonymity definition is too strong for practical purposes; the weak anonymity definition, however, turns out to be ideal for analysing voting systems. Two case studies are presented to demonstrate the usefulness of the formal definitions: a conventional voting system, and Prêt à Voter, a paper-based, voter-verifiable scheme. In each case, we give a CSP model of the system, and analyse it against our anonymity definitions by specification checks using the Failures-Divergences Refinement (FDR2) model checker. We give a detailed discussion on the results from the analysis, emphasizing the assumptions that we made in our model as well as the challenges in modelling electronic voting systems using CSP.     

An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards

Generally, if a user wants to use numerous different network services, he/she must register himself/herself to every service providing server. It is extremely hard for users to remember these different identities and passwords. In order to resolve this problem, various multi-server authentication protocols have been proposed. Recently, Sood et al. analyzed Hsiang and Shih's multi-server authentication protocol and proposed an improved dynamic identity based authentication protocol for multi-server architecture. They claimed that their protocol provides user's anonymity, mutual authentication, the session key agreement and can resist several kinds of attacks. However, through careful analysis, we find that Sood et al.'s protocol is still vulnerable to leak-of-verifier attack, stolen smart card attack and impersonation attack. Besides, since there is no way for the control server CS to know the real identity of the user, the authentication and session key agreement phase of Sood et al.'s protocol is incorrect. We propose an efficient and security dynamic identity based authentication protocol for multi-server architecture that removes the aforementioned weaknesses. The proposed protocol is extremely suitable for use in distributed multi-server architecture since it provides user's anonymity, mutual authentication, efficient, and security.     

无线匿名电话会议协议的分析与改进*

分析了文献［l］中Wang提出的一个无线匿名认证方案中的匿名电话会议认证协议,发现其存在安全漏洞,该协议不但无法保护用户的匿名性,而且还会泄露用户的机密信息,针对存在的安全漏洞对该协议进行了改进,改进后的协议保留了原方案的所有安全特性,并且比原协议具有更高的安全性。     

Low-cost and reliable mutual anonymity protocols in peer-to-peer networks

We present several protocols to achieve mutual communication anonymity between an information requester and a provider in a P2P information-sharing environment, such that neither the requester nor the provider can identify each other, and no other peers can identify the two communicating parties with certainty. Most existing solutions achieve mutual anonymity in pure P2P systems without any trusted central controls. Compared with two such representative ones, our protocols improve efficiency in two different ways. First, utilizing trusted third parties and aiming at both reliability and low-cost, we propose a group of mutual anonymity protocols. We show that with some limited central support, our protocols can accomplish the goals of anonymity, efficiency, and reliability. Second, we propose a mutual anonymity protocol which relies solely on self-organizations among peers without any trusted central controls. In this protocol, the returning path can be shorter than the requesting path. This protocol does not need to broadcast the requested file back to the requester so that the bandwidth is saved and efficiency is improved. In addition, this protocol does not need special nodes to keep indices of sharing files, thus eliminating the index maintenance overhead and the potential for inconsistency between index records and peer file contents. We have evaluated our techniques in a browser-sharing environment. We show that the average increase in response time caused by our protocols is negligible, and these protocols show advantages over existing protocols in a P2P system.     

Anonymous Geo-Forwarding in MANETs through Location Cloaking

In this paper, we address the problem of destination anonymity for applications in mobile ad hoc networks where geographic information is ready for use in both ad hoc routing and Internet services. Geographic forwarding becomes a lightweight routing protocol in favor of the scenarios. Traditionally the anonymity of an entity of interest can be achieved by hiding it among a group of other entities with similar characteristics, i.e., an anonymity set. In mobile ad hoc networks, generating and maintaining an anonymity set for any ad hoc node is challenging because of the node mobility, consequently the dynamic network topology. We propose protocols that use the destination position to generate a geographic area called {em anonymity zone (AZ)}. A packet for a destination is delivered to all the nodes in the AZ, which make up the anonymity set. The size of the anonymity set may decrease because nodes are mobile, yet the corresponding anonymity set management is simple. We design techniques to further improve node anonymity and reduce communication overhead. We use analysis and extensive simulation to study the node anonymity and routing performance, and to determine the parameters that most impact the anonymity level that can be achieved by our protocol.     

A lightweight conditional privacy-preserving authentication and access control scheme for pervasive computing environments

In pervasive computing environments, the users can get access to the services from the service providers in a highly desirable way. But the security of the user's authentication is a challenging field. Pervasive computing environments must provide the service to only legitimate users. On the other hand, some users attempt to keep their anonymity without revealing their identities while using some privacy-related services such as location information, printing, buying shares, etc. In this paper, we propose a conditional privacy-preserving authentication and access control scheme for pervasive computing environments, called CPriauac. Compared with the previous schemes in the literature, registration servers and authentication servers in the proposed scheme need not maintain any sensitive verification tables. The management of public keys is easier. Furthermore, the anonymity of the user can be removed efficiently once the dispute happens. The proposed scheme provides user anonymity against outside and inside parties, mutual authentication, accountability and differentiated access control.     

On compositional reasoning about anonymity and privacy in epistemic logic

In this paper, we exploit epistemic logic (or the modal logic of knowledge) for multiagent systems to discuss the compositionality of several privacy-related information-hiding/disclosure properties. The properties considered here are anonymity, privacy, onymity, and identity. Our initial observation reveals that anonymity/privacy properties are not necessarily sequentially compositional. This means that even though a system comprising several sequential phases satisfies a certain unlinkability property in each phase, the entire system does not always enjoy a desired unlinkability property. We show that the compositionality can be guaranteed provided that the phases of the system satisfy what we call independence assumptions. More specifically, we develop a series of theoretical case studies of what assumptions are sufficient to guarantee the sequential compositionality of various degrees of anonymity, privacy, onymity, and/or identity properties. Similar results for parallel composition are also discussed. Further, we use the probabilistic extension of epistemic logic to consider the compositionality of probabilistic anonymity/privacy. We show that the compositionality can also be guaranteed in the probabilistic setting, provided that the phases of the system satisfy a probabilistic independence assumption.     

On the efficiency of user identification: a system-based approach

In the Internet era, users’ fundamental privacy and anonymity rights have received significant research and regulatory attention. This is not only a result of the exponential growth of data that users generate when accomplishing their daily task by means of computing devices with advanced capabilities, but also because of inherent data properties that allow them to be linked with a real or soft identity. Service providers exploit these facts for user monitoring and identification, albeit impacting users’ anonymity, based mainly on personal identifiable information or on sensors that generate unique data to provide personalized services. In this paper, we report on the feasibility of user identification using general system features like memory, CPU and network data, as provided by the underlying operating system. We provide a general framework based on supervised machine learning algorithms both for distinguishing users and informing them about their anonymity exposure. We conduct a series of experiments to collect trial datasets for users’ engagement on a shared computing platform. We evaluate various well-known classifiers in terms of their effectiveness in distinguishing users, and we perform a sensitivity analysis of their configuration setup to discover optimal settings under diverse conditions. Furthermore, we examine the bounds of sampling data to eliminate the chances of user identification and thus promote anonymity. Overall results show that under certain configurations users’ anonymity can be preserved, while in other cases users’ identification can be inferred with high accuracy, without relying on personal identifiable information.     

On the Feasibility of Time Estimation under Isolation Conditions in Wireless Sensor Networks

We study the problem of providing a sensor with an accurate estimate of the time, from a novel perspective which is complementary to the well-studied clock synchronization problem. More precisely, we analyze the case in which a sensor node is temporarily unable to run a clock synchronization protocol due to failures or intermittent connectivity, or is willing to skip one or more clock adjustments to save energy, but still requires an accurate estimate of the reference time. We propose and analyze two simple and efficient clock reading methods, one deterministic and the other probabilistic, which are designed to work in synergy with a clock synchronization protocol. Our deterministic method achieves a better time accuracy by exploiting information regarding the sign of the deviation of the hardware clock from the reference time. This algorithm leads to noticeable energy savings since it can be applied to reduce the frequency of the periodic clock adjustments by a factor of 2, while maintaining the same error bound. Moreover, our method is of theoretical interest since it shows how a stronger but realistic clock model leads to a refinement of the optimality bound for the maximum deviation of a clock that is periodically synchronized. We also propose two simple versions of this algorithm: a method that guarantees the monotonicity of the clock values, and a generalization that improves the accuracy in case of clock stability. Our probabilistic method is based on time series forecasting, and provides a probabilistically accurate estimate of the reference time with a constant error bound. It is more flexible than our previous methods since it does not depend on the frequency at which clock synchronization occurs, and can be dynamically tuned according to the application requirements and resource availability. All these methods have broad applicability for their generality. In sensor networks they can be applied to improve the clock accuracy of a sensor node in conditions of network isolation, or to reduce the frequency of the clock adjustments, thus saving energy and increasing the system lifetime.     

DESCRIPTION OF PROBABILISTICAL SYSTEMS WITH STRONGLY STATISTICALLY DEPENDENT ELEMENTS

We propose the f-divergences of two probability distributions as the measures of the organization of a probabilistic system with respect to its probabilistic uncertainty. A probabilistic system consist of stochastical objects on which random variables are defined which are statistically dependent. Using Shannon's f-divergence for the organization of a probabilistic system we express it in terms of the probability distributions of the element random variables and their statistical linkages. Then we find the maximum entropy of a probabilistic system if the statistical linkages between its elements are given as input data. We show that an important class of physical statistical systems can be described by the probabilistic systems of Gibbsian type.