08448380779 Call Girls In Greater Kailash - I Women Seeking Men
On the Design Dilemma in Dining Cryptographer Networks
1. TrustBus 2008
Turin, Italy
5. September 2008
On the Design Dilemma in Dining
Cryptographer Networks
Institute for IT-Security and Security Law
Jens Oberender
Computer Networks & Communications Group
Hermann de Meer
University of Passau
Germany
partly supported by
EuroNGI Design and Engineering of the Next Generation Internet (IST-028022)
EuroNF Anticipating the Network of the Future (IST-216366)
2. Motivation
Connection-level anonymity
Establish communication privacy
Hides relationship between initiator and receiver of a message
Being undistinguishable within the anonymity set
Anonymity evolves in a non-cooperative game
Strategies := cooperate | defect
Node strategies -> anonymity set -> anonymity grade
Nash equilibria indicate best strategy
Does rational behavior have impact on the anonymity?
How can rationality protect reachability?
On the Design Dilemma in DC-nets 2
3. Overview
Does rational behavior have impact on the anonymity?
1) Modeling rational behavior
2) Taxonomy of anonymity techniques
3) Accessible information in Dining Cryptographer (DC) networks
How can rationality protect availability?
4) Parameterizing games during design
On the Design Dilemma in DC-nets 3
4. Rational acting in Anonymity
Networks
1. What benefit is received ? 2. What cost is involved in
participation?
Sender anonymity
Effective Throughput
Anonymity set
enhances Increase of message delay
grade of anonymity Increase of traffic
on purpose to
counter traffic
Challenges for design of anonymity systems analysis
Impact of strategic behavior on anonymity
Novel attacks targeting economy of anonymity
On the Design Dilemma in DC-nets 4
5. Requirements of strategic behavior in
anonymity networks
Enable senders to determine anonymity
1) Rely on trustworthy entities
No abuse of collected system-wide entropy
Trust into computing anonymity grade
2) Neighborhood–based approaches (first-hand experience)
Limited credibility – eclipse attack
Anonymity grade in near future
1) Based on prediction
2) Policy enforced
On the Design Dilemma in DC-nets 5
6. Determine anonymity grade
Strategic users consider anonymity of a message in advance
Decentralization: limited system view
Predicted Depdendable
Without
Perceived anonymity Assured anonymity
Pre-
• broadcast responses in a DC-net • queue state in a mixer node
requisites
Relies Reported anonymity Policy-enforced anonymity
• reported number of participants • mixer policy in high-latency
on
Trust e.g. AN.ON mixers, no forwarding,
before anonymity guaranteed
On the Design Dilemma in DC-nets 6
7. Dining Cryptographer (DC) networks
Round-based
Sender broadcasts
message or empty packet
Disruption: message collisions
require retransmission
Security objective: reachability
Coding schemes
Cost in bandwidth, computation effort
Robustness against collisions
Countermeasure to disrupters
On the Design Dilemma in DC-nets 7
8. Apply game theory to Dining Efficient / Robust design
Designer
Cryptographer (DC) networks User Participate / Leave
Adversary Conforming / Disrupt
Design dilemma: efficient or robust
Non-cooperative game Sequential game
Complete Information Incomplete information
Payoff functions public Adversaries strategy unknown
Imperfect information Perfect information
Concurrency Time order
Random disruptions
Disrupter identification removes attacker from network
Disrupt without being identified as disrupter
Rational behavior, possible to formulate as utility function
On the Design Dilemma in DC-nets 8
9. Resolving dilemma games
Iterated Prisoner’s Dilemma (IPD) -> Mixed strategy solution
Nash Equilibria in iterated games
1
Probability distributions
0.8
Disrupt probability
Non-cooperative
Different strategies
0.6
p>80% disrupting
0.4
in non-cooperative game
0.2
Ability to identify disrupters (>18%)
Sequential
0
prevents misbehavior in sequential game
0 0.2 0.4 0.6 0.8 1
Ability to identify disrupter
User’s preference for anonymity
On the Design Dilemma in DC-nets 9
10. Conclusions
Modeling of strategic behavior
Grade of anonymity relies on behavior of all participants
For design of anonymity systems
Risk-prevention of malicious participants
Dilemma games
Influence rational players through system parameters
Incomplete knowledge restrict the designer’s payoff,
but parameters hinder malicious collisions
User perspective on future anonymity:
more research ongoing
On the Design Dilemma in DC-nets 10
11. DC Coding Schemes
Bitwise XOR [Chaum88]
Not robust against collisions
Low computation overhead
Bilinear Maps [Golle04]
Robust against collisions
Medium computation overhead
Identification of Disrupters [Bos89]
Robust against collisions
High computation overhead
Identifies a disrupter
On the Design Dilemma in DC-nets 11
12. Dining Cryptographers network
Figure out, whether the meal has been paid
by either one at the table
Protocol provides sender anonymity
13. Communication Anonymity
Anonymity := do not disclose communication relationship
between sender and recipient
Technically: being indistinguishable within the anonymity set,
i.e. all current communication participants
Level of anonymity scales with size of anonymity set
If a user leaves system degrades anonymity
Especially in small systems
DC net
Coding superimposes messages
Simultaneous slot occupation
communication is disrupted
Effort to receive/decode broadcasts
On the Design Dilemma in DC-nets 13
14. Game Theory and Dilemmas
Models strategic behavior, e.g. in cooperative systems
Game defines players, strategy sets, and utility
Outcome defined by strategies of all users
Pay off: effective utility depending on the outcome of the game
Strategic behavior
Rationally acting, i.e. maximize payoff
Predict strategy of other players (Non-cooperative game)
Minimize own losses (Sequential game, incomplete knowledge)
Dilemma: strategic behavior
does not increase payoff for any of the players
On the Design Dilemma in DC-nets 14
15. Stake holders of a DC-net
Send M1
Dining Cryptographers network
Broadcast
Send M2 Send M3
Communicating subjects (=users)
Anonymous communication with reasonable cost
Adversary
Disrupt anonymous communications (increase user costs),
but remain unidentified
DC-net designer
Facilitate high level of anonymity
Decreasing participation degrades anonymity (for small sizes)
On the Design Dilemma in DC-nets 15
16. 1) Robust design
against malicious attacks
Design parameters
α 0 none – collision robustness
1 full
Designer Strategy s 1
1
β 0 no –disrupter identification
0.8
1 possible
0.6 Sequential
User (single instance)
0.4 Non-Coop.
γ 0 low – anonymity preference =0
0.2
1 high >0
0
0 0.2 0.4 0.6 0.8 1
Compute Nash equilibria , i.e. best strategy for specified parameters
Probability for efficient (0) or robust (1) algorithm
On the Design Dilemma in DC-nets 16
17. References
Pfitzmann, A., Hansen, M.: Anonymity, unlinkability, undetectability,
unobservability, pseudonymity, and identity management - a consolidated
proposal for terminology. (2008) Draft
Dingledine, R., Mathewson, N.: Anonymity loves company: Usability and
the network effect. In: Workshop on the Economics of Information
Security. (2006)
Acquisti, A., Dingledine, R., Syverson, P.: On the economics of anonymity.
In Financial Cryptography. Number 2742 in LNCS, Springer (2003)
Golle, P., Juels, A.: Dining cryptographers revisited. In: EUROCRYPT.
Volume 3027 of LNCS, Springer (2004) 456-473
Bos, J.N., den Boer, B.: Detection of Disrupters in the DC Protocol. In:
Workshop on the theory and application of cryptographic techniques on
Advances in cryptology. (1989) 320-327
On the Design Dilemma in DC-nets 17