匿名性能衡量方法研究

对现有的多种匿名性衡量方法进行分析和比较,对熵值和θ方法的局限性作了详细分析,指出这两种方法都不能很好地反映出攻击者作局部判定的难易.在此基础上,提出一种新的基于部分熵值的匿名性能衡量方法,该方式在假设匿名攻击有效的前提下,给出相近匿名集的定义,并且基于相近匿名集的元素个数、概率总和以及概率分布重新定义了匿名性衡量的指标.文中详细给出了该方法设计的思想,分析和计算表明,新的衡量方法能较好地体现攻击中常用的排除法,反映出匿名概率集中概率突出且接近者影响攻击判定的事实,能更好地衡量出系统的匿名性能.     

匿名通信技术的研究现状和发展趋势

阐述了匿名技术的应用需求，介绍了匿名性的定义，较为全面的论述了匿名通信技术的研究现状，在此基础上对现有匿名通信系统进行分析和归类．指出目前的匿名技术存在的问题。并提出了匿名通信技术进一步的研究趋势。     

匿名技术分析及其抗攻击性比较

对现有的匿名技术进行综述研究,对多种匿名技术进行分类介绍,分析目前匿名技术存在的问题,然后定义几种攻击模型,对现有的多种匿名系统在抵抗攻击性方面进行研究比较,为匿名技术的研究和设计新的匿名系统提供依据。     

转发概率递减的改进Crowds系统

Crowds匿名浏览系统中可以在不影响匿名度水平的前提下,通过递减转发概率减小重路由路径长度,提高系统性能。提出利用路径长度期望值递减规律确定转发概率递减比例系数的方法,仿真实验表明,新方案可以在保持原有匿名度的基础上,有效减小重路由路径长度,提高Crowds系统的通信性能。     

基于组群的可实现接收者匿名的通信模型*

基于组群的匿名实现了通过多主机的转发对发送者或双方通信关系的隐藏,典型的实现如Crowds利用转发概率实现了发送者一定程度的匿名,但该系统对于接收者匿名缺乏保护,接收者对于Crowds的组员而言完全是公开的。新模型在传统的Crowds基础上,利用公开密钥加密实现了接收者匿名,同时提出了一种新的通信加密方案,并通过改进对Jondo的管理,提高了性能,改善了匿名度。     

匿名通信系统中统计型攻击模型研究

提出了匿名通信系统中的两种统计型攻击模型 ,对两种攻击模型的攻击能力作了定量的分析 .计算数据表明 ,在一定条件下 ,两种统计型攻击方法可以有效地破坏匿名通信系统中发送者的匿名度 .     

匿名通信概览

对匿名通信的基本概念及相关理论进行了较为全面的整理。阐述了匿名通信的研究意义,介绍了匿名通信及其攻击的定义。在此基础上对于目前不同的匿名通信系统进行了分析和评价,并介绍了重要的攻击形式。最后提出了匿名通信的未来研究方向和关于匿名通信的法律问题。     

P2P匿名通信系统的匿名度量

分析了P2P匿名通信系统模型及攻击模型,基于信息熵,针对共谋攻击,度量了几种典型的P2P匿名系统的接收者匿名度,分析了系统匿名性与系统规模N、恶意节点比例、路径长度及转发概率的关系。计算数据表明,嵌套加密使系统获得强匿名,接收者的匿名度随系统规模等的增大而增大,随恶意节点比例的增大而减小,受恶意节点比例及系统规模影响较大,受路径长度影响较小。     

基于Web日志的典型匿名用户路径挖掘研究

通过获取的匿名用户浏览路径集,依据新的路径相似度定义,建立用户浏览路径相似度矩阵,并在此基础上设计实现了匿名用户浏览路径聚类算法,获得聚类结果集,并计算各类的中心,得到典型匿名用户路径.挖掘结果显示典型匿名用户路径代表了不同类用户网络浏览路径,可有效地作为网站信息推荐的依据.     

图数据连续发布中的隐私保护方法

随着互联网技术的发展和智能终端的普及,社交网络中产生了大量用户隐私数据,公开发布社交网络数据将提高用户隐私泄露的风险,需要对数据进行匿名化处理然后进行发布。传统社交网络k度匿名方法在图数据连续发布中的匿名方式,存在大量冗余计算及无法抵抗度时序推理攻击的问题,为此,提出一种连续发布图数据的改进k度匿名算法。通过定义度时序矩阵来一次性地构建满足k匿名性要求的k度时序矩阵,在k度时序矩阵的基础上提取不同时刻的k度向量,将其作为时刻图的匿名向量,通过图修改方法对前一时刻的匿名图进行处理,得到后续一系列的匿名图版本,从而缩短每一次重新匿名所消耗的时间,同时抵抗基于度变化实现的度时序背景知识攻击。在真实社交网络数据集上进行实验,结果表明,相对kDA算法,该算法的总体运行效率以及网络结构属性可用性均较优。     

Probabilistic and nondeterministic aspects of anonymity

The concept of anonymity comes into play in a wide range of situations, varying from voting and anonymous donations to postings on bulletin boards and sending emails. The protocols for ensuring anonymity often use random mechanisms which can be described probabilistically, while the agents’ behavior may be totally unpredictable, irregular, and hence expressible only nondeterministically. Formal definitions of the concept of anonymity have been investigated in the past either in a totally nondeterministic framework, or in a purely probabilistic one. In this paper, we investigate a notion of anonymity which combines both probability and nondeterminism, and which is suitable for describing the most general situation in which the protocol and the users can have both probabilistic and nondeterministic behavior. We also investigate the properties of the definition for the particular cases of purely nondeterministic users and purely probabilistic users. We formulate the notions of anonymity in terms of probabilistic automata, and we describe protocols and users as processes in the probabilistic π-calculus, whose semantics is again based on probabilistic automata. Throughout the paper, we illustrate our ideas by using the example of the dining cryptographers.     

一种UC匿名的移动自组网概率组播策略

鉴于现有移动自组网匿名路由协议不能为组播提供匿名通信支持,而只能提供特定非形式化的匿名性分析,提出了一种UC(universally composable)匿名的移动自组网概率组播策略.在路由发现阶段,采用一次性密钥对保持路径记录私密.在数据分组传输阶段,采用Gossip机制、DH秘密路径及Bloom Filter编码实现匿名源路由组播.最后,采用UC框架分析了协议的匿名性,并对协议的性能进行了仿真.分析与仿真结果表明,该策略在实现匿名性的同时还提供了较好的可靠性.     

On compositional reasoning about anonymity and privacy in epistemic logic

In this paper, we exploit epistemic logic (or the modal logic of knowledge) for multiagent systems to discuss the compositionality of several privacy-related information-hiding/disclosure properties. The properties considered here are anonymity, privacy, onymity, and identity. Our initial observation reveals that anonymity/privacy properties are not necessarily sequentially compositional. This means that even though a system comprising several sequential phases satisfies a certain unlinkability property in each phase, the entire system does not always enjoy a desired unlinkability property. We show that the compositionality can be guaranteed provided that the phases of the system satisfy what we call independence assumptions. More specifically, we develop a series of theoretical case studies of what assumptions are sufficient to guarantee the sequential compositionality of various degrees of anonymity, privacy, onymity, and/or identity properties. Similar results for parallel composition are also discussed. Further, we use the probabilistic extension of epistemic logic to consider the compositionality of probabilistic anonymity/privacy. We show that the compositionality can also be guaranteed in the probabilistic setting, provided that the phases of the system satisfy a probabilistic independence assumption.     

Weak Probabilistic Anonymity

Anonymity means that the identity of the user performing a certain action is maintained secret. The protocols for ensuring anonymity often use random mechanisms which can be described probabilistically. In this paper we propose a notion of weak probabilistic anonymity, where weak refers to the fact that some amount of probabilistic information may be revealed by the protocol. This information can be used by an observer to infer the likeliness that the action has been performed by a certain user. The aim of this work is to study the degree of anonymity that the protocol can still ensure, despite the leakage of information.We illustrate our ideas by using the example of the dining cryptographers with biased coins. We consider both the cases of nondeterministic and probabilistic users. Correspondingly, we propose two notions of weak anonymity and we investigate their respective dependencies on the biased factor of the coins.     

Probabilistic anonymity via coalgebraic simulations

There is a growing concern about anonymity and privacy on the Internet, resulting in lots of work on formalization and verification of anonymity. In particular, the importance of probabilistic aspects of anonymity has recently been highlighted by many authors. Several different notions of “probabilistic anonymity” have been studied so far, but proof methods for such probabilistic notions have not yet been elaborated. In this paper we introduce a simulation-based proof method for one notion of probabilistic anonymity introduced by Bhargava and Palamidessi, called strong probabilistic anonymity. The method is a probabilistic adaptation of the one by Kawabe, Sakurada et al. for non-deterministic anonymity; anonymity of a protocol is proved by finding a forward/backward simulation between certain automata. For the jump from non-determinism to probability we exploit a generic, coalgebraic theory of traces and simulations developed by Hasuo, Jacobs and Sokolova. In particular, an appropriate notion of probabilistic simulation is obtained as an instantiation of the generic definition, for which soundness theorem comes for free. Additionally, we show how we can use a similar idea to verify a weaker notion of probabilistic anonymity called probable innocence.     

MANET中MIX策略的分析与设计

在MANET匿名通信中,使用加密等技术防止攻击者通过消息内容进行匿名攻击,并采用MIX输出策略防范攻击者根据通信模式进行的匿名攻击.基于概率模型检测方法,该文分析几种典型的MIX输出策略在MANET中的应用.结果显示,这几种策略无法防范统计暴露攻击等波动攻击,且防范攻击的能力、平均时延和开销等性能会受到移动性的影响.该文提出同步发送的MIX输出策略,能更好地防御匿名攻击,具有延迟低、受节点移动影响小的特点.     

MANET中MIX策略的分析与设计

在MANET匿名通信中,使用加密等技术防止攻击者通过消息内容进行匿名攻击,并采用MIX输出策略防范攻击者根据通信模式进行的匿名攻击。基于概率模型检测方法,该文分析几种典型的MIX输出策略在MANET中的应用。结果显示,这几种策略无法防范统计暴露攻击等被动攻击,且防范攻击的能力、平均时延和开销等性能会受到移动性的影响。该文提出同步发送的MIX输出策略,能更好地防御匿名攻击,具有延迟低、受节点移动影响小的特点。     

网络匿名度量研究综述

保护网络空间隐私的愿望推动了匿名通信系统的研究,使得用户可以在使用互联网服务时隐藏身份和通信关系等敏感信息,不同的匿名通信系统提供不同强度的匿名保护.如何量化和比较这些系统提供的匿名程度,从开始就是重要的研究主题,如今愈发得到更多关注,成为新的研究焦点,需要开展更多的研究和应用.匿名度量可以帮助用户了解匿名通信系统提供...     

匿名协议WonGoo的概率模型验证分析

Internet隐私的一个主要问题是缺乏匿名保护．近年来，人们已经针对这一问题做了很多工作．然而．如何利用已有的形式化方法分析匿名技术却是一个极具挑战的问题．对P2P匿名通信协议WonGoo进行了形式化分析．利用离散时问Markov链模型化节点和攻击者的行为．系统的匿名性质采用时序逻辑PCTI，进行描述．利用概率模型验证器PRISM对WonGoo系统的匿名性进行了自动验证．结果表明WonGoo的匿名性随着系统规模的增加而增加；但却随着攻击者观察到的源自同一个发送者的路径的增加而降低．另外，匿名路径越长，系统的匿名性越强．     

一种基于环签名的匿名数字指纹方案

分析了现有数字指纹技术,将环签名与数字指纹相结合,基于椭圆曲线密码提出了一类非对称的匿名数字指纹方案。该方案实现了购买者的匿名性与指纹信息的非对称性,有效地保护了用户与商家的隐私信息,必要时又可对匿名身份实施追踪,避免了可信第三方的安全假设及指纹信息前后关联的缺陷,防止了对数字指纹进行联合攻击和广义伪造攻击的安全隐患。