Your SlideShare is downloading. ×
0
TrustBus 2008
                                                                   Turin, Italy
                            ...
Motivation


    Connection-level anonymity


      Establish communication privacy

      Hides relationship between i...
Overview


Does rational behavior have impact on the anonymity?
 1) Modeling rational behavior

 2) Taxonomy of anonymit...
Rational acting in Anonymity
    Networks

    1. What benefit is received ?                     2. What cost is involved ...
Requirements of strategic behavior in
anonymity networks

    Enable senders to determine anonymity


      1) Rely on t...
Determine anonymity grade


       Strategic users consider anonymity of a message in advance
   

       Decentralizatio...
Dining Cryptographer (DC) networks


    Round-based


        Sender broadcasts
    

        message or empty packet
 ...
Apply game theory to Dining                                                Efficient / Robust design
                     ...
Resolving dilemma games

    Iterated Prisoner’s Dilemma (IPD) -> Mixed strategy solution





    Nash Equilibria in ite...
Conclusions


    Modeling of strategic behavior


      Grade of anonymity relies on behavior of all participants

    ...
DC Coding Schemes


    Bitwise XOR [Chaum88]


      Not robust against collisions

      Low computation overhead

  ...
Dining Cryptographers network

    Figure out, whether the meal has been paid


    by either one at the table








 ...
Communication Anonymity

    Anonymity := do not disclose communication relationship


    between sender and recipient
 ...
Game Theory and Dilemmas


    Models strategic behavior, e.g. in cooperative systems


    Game defines players, strateg...
Stake holders of a DC-net
                                                             Send M1
    Dining Cryptographers n...
1) Robust design
    against malicious attacks

    Design parameters


     α    0 none – collision robustness

       ...
References


    Pfitzmann, A., Hansen, M.: Anonymity, unlinkability, undetectability,


    unobservability, pseudonymit...
Upcoming SlideShare
Loading in...5
×

On the Design Dilemma in Dining Cryptographer Networks

566

Published on

Published in: Technology, Economy & Finance
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
566
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "On the Design Dilemma in Dining Cryptographer Networks"

  1. 1. TrustBus 2008 Turin, Italy 5. September 2008 On the Design Dilemma in Dining Cryptographer Networks Institute for IT-Security and Security Law Jens Oberender Computer Networks & Communications Group Hermann de Meer University of Passau Germany partly supported by EuroNGI Design and Engineering of the Next Generation Internet (IST-028022) EuroNF Anticipating the Network of the Future (IST-216366)
  2. 2. Motivation Connection-level anonymity   Establish communication privacy  Hides relationship between initiator and receiver of a message  Being undistinguishable within the anonymity set Anonymity evolves in a non-cooperative game   Strategies := cooperate | defect  Node strategies -> anonymity set -> anonymity grade  Nash equilibria indicate best strategy Does rational behavior have impact on the anonymity?  How can rationality protect reachability?  On the Design Dilemma in DC-nets 2
  3. 3. Overview Does rational behavior have impact on the anonymity?  1) Modeling rational behavior  2) Taxonomy of anonymity techniques  3) Accessible information in Dining Cryptographer (DC) networks How can rationality protect availability?  4) Parameterizing games during design On the Design Dilemma in DC-nets 3
  4. 4. Rational acting in Anonymity Networks 1. What benefit is received ? 2. What cost is involved in   participation?  Sender anonymity  Effective Throughput  Anonymity set enhances  Increase of message delay grade of anonymity  Increase of traffic on purpose to counter traffic Challenges for design of anonymity systems analysis Impact of strategic behavior on anonymity  Novel attacks targeting economy of anonymity  On the Design Dilemma in DC-nets 4
  5. 5. Requirements of strategic behavior in anonymity networks Enable senders to determine anonymity   1) Rely on trustworthy entities No abuse of collected system-wide entropy  Trust into computing anonymity grade  2) Neighborhood–based approaches (first-hand experience)  Limited credibility – eclipse attack  Anonymity grade in near future   1) Based on prediction  2) Policy enforced On the Design Dilemma in DC-nets 5
  6. 6. Determine anonymity grade Strategic users consider anonymity of a message in advance  Decentralization: limited system view  Predicted Depdendable Without Perceived anonymity Assured anonymity Pre- • broadcast responses in a DC-net • queue state in a mixer node requisites Relies Reported anonymity Policy-enforced anonymity • reported number of participants • mixer policy in high-latency on Trust e.g. AN.ON mixers, no forwarding, before anonymity guaranteed On the Design Dilemma in DC-nets 6
  7. 7. Dining Cryptographer (DC) networks Round-based  Sender broadcasts  message or empty packet Disruption: message collisions  require retransmission Security objective: reachability  Coding schemes  Cost in bandwidth, computation effort  Robustness against collisions  Countermeasure to disrupters  On the Design Dilemma in DC-nets 7
  8. 8. Apply game theory to Dining Efficient / Robust design Designer Cryptographer (DC) networks User Participate / Leave Adversary Conforming / Disrupt Design dilemma: efficient or robust  Non-cooperative game Sequential game  Complete Information  Incomplete information Payoff functions public Adversaries strategy unknown   Imperfect information Perfect information   Concurrency Time order   Random disruptions   Disrupter identification removes attacker from network Disrupt without being identified as disrupter   Rational behavior, possible to formulate as utility function On the Design Dilemma in DC-nets 8
  9. 9. Resolving dilemma games Iterated Prisoner’s Dilemma (IPD) -> Mixed strategy solution  Nash Equilibria in iterated games  1 Probability distributions  0.8 Disrupt probability Non-cooperative  Different strategies 0.6 p>80% disrupting  0.4 in non-cooperative game 0.2 Ability to identify disrupters (>18%)  Sequential 0 prevents misbehavior in sequential game 0 0.2 0.4 0.6 0.8 1 Ability to identify disrupter User’s preference for anonymity On the Design Dilemma in DC-nets 9
  10. 10. Conclusions Modeling of strategic behavior   Grade of anonymity relies on behavior of all participants  For design of anonymity systems  Risk-prevention of malicious participants Dilemma games   Influence rational players through system parameters  Incomplete knowledge restrict the designer’s payoff, but parameters hinder malicious collisions  User perspective on future anonymity: more research ongoing On the Design Dilemma in DC-nets 10
  11. 11. DC Coding Schemes Bitwise XOR [Chaum88]   Not robust against collisions  Low computation overhead Bilinear Maps [Golle04]   Robust against collisions  Medium computation overhead Identification of Disrupters [Bos89]   Robust against collisions  High computation overhead  Identifies a disrupter On the Design Dilemma in DC-nets 11
  12. 12. Dining Cryptographers network Figure out, whether the meal has been paid  by either one at the table  Protocol provides sender anonymity 
  13. 13. Communication Anonymity Anonymity := do not disclose communication relationship  between sender and recipient Technically: being indistinguishable within the anonymity set,  i.e. all current communication participants Level of anonymity scales with size of anonymity set  If a user leaves system  degrades anonymity  Especially in small systems DC net  Coding superimposes messages  Simultaneous slot occupation   communication is disrupted Effort to receive/decode broadcasts  On the Design Dilemma in DC-nets 13
  14. 14. Game Theory and Dilemmas Models strategic behavior, e.g. in cooperative systems  Game defines players, strategy sets, and utility   Outcome defined by strategies of all users  Pay off: effective utility depending on the outcome of the game Strategic behavior   Rationally acting, i.e. maximize payoff  Predict strategy of other players (Non-cooperative game)  Minimize own losses (Sequential game, incomplete knowledge) Dilemma: strategic behavior  does not increase payoff for any of the players On the Design Dilemma in DC-nets 14
  15. 15. Stake holders of a DC-net Send M1 Dining Cryptographers network  Broadcast Send M2 Send M3 Communicating subjects (=users)   Anonymous communication with reasonable cost Adversary   Disrupt anonymous communications (increase user costs), but remain unidentified DC-net designer   Facilitate high level of anonymity  Decreasing participation  degrades anonymity (for small sizes) On the Design Dilemma in DC-nets 15
  16. 16. 1) Robust design against malicious attacks Design parameters  α 0 none – collision robustness 1 full Designer Strategy s 1 1 β 0 no –disrupter identification 0.8 1 possible 0.6 Sequential User (single instance)  0.4 Non-Coop. γ 0 low – anonymity preference =0 0.2 1 high >0 0 0 0.2 0.4 0.6 0.8 1 Compute Nash equilibria , i.e. best strategy for specified parameters   Probability for efficient (0) or robust (1) algorithm On the Design Dilemma in DC-nets 16
  17. 17. References Pfitzmann, A., Hansen, M.: Anonymity, unlinkability, undetectability,  unobservability, pseudonymity, and identity management - a consolidated proposal for terminology. (2008) Draft Dingledine, R., Mathewson, N.: Anonymity loves company: Usability and  the network effect. In: Workshop on the Economics of Information Security. (2006) Acquisti, A., Dingledine, R., Syverson, P.: On the economics of anonymity.  In Financial Cryptography. Number 2742 in LNCS, Springer (2003) Golle, P., Juels, A.: Dining cryptographers revisited. In: EUROCRYPT.  Volume 3027 of LNCS, Springer (2004) 456-473 Bos, J.N., den Boer, B.: Detection of Disrupters in the DC Protocol. In:  Workshop on the theory and application of cryptographic techniques on Advances in cryptology. (1989) 320-327 On the Design Dilemma in DC-nets 17
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×