Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity

It is often mistakenly thought that Availability is, as a security property, orthogonal to Confidentiality. Yet in the case of anonymity system, that try to hide the senders and receivers of messages, this is not the case. In this talk we present the effect attackers that disrupt anonymous communications have on the security of traditional mix systems, as well as on the Hydra-Onion and Cashmere systems that aim to offer reliable mixing. We show that denial of service (DoS) lowers anonymity as messages need to get retransmitted to be delivered, uncovering a fundamental limit on the security of all mix systems; Cashmere (a peer-to-peer system) and Hydra-Onion are also badly affected by DoS attackers. We also show that reliable mixing systems may be introducing additional vulnerabilities and illustrate this with two novel attacks. Our results are backed by probabilistic modelling and extensive simulations and are of direct applicability to deployed anonymity systems.

Speaker Details

George Danezis is postdoctoral visiting fellow at the Cosic group, K.U.Leuven, in Flanders, Belgium. He has been researching anonymous communications, privacy enhancing technologies, and traffic analysis for the last 6 years, at K.U.Leuven and the University of Cambridge, where he completed his doctoral dissertation.His theoretical contributions to the PET field include the established information theoretic metric for anonymity and the study of statistical attacks against mix systems. On the practical side he is one of the lead designers of Mixminion, the next generation remailer, and has worked on the traffic analysis of deployed protocols such as SSL and Tor. He was the co-chair of the Privacy Enhancing Technologies Workshop in 2005 and 2006, he serves on the PET workshop board and has participated in multiple conference and workshop program committees in the privacy and security field.Homepage: http://homes.esat.kuleuven.be/~gdanezis/(Full CV: http://homes.esat.kuleuven.be/~gdanezis/gd216-cv.pdf)

Date:
Speakers:
George Danezis

    • Portrait of George Danezis

      George Danezis

    • Portrait of Jeff Running

      Jeff Running