On the Design Dilemma in Dining Cryptographer Networks Institute for IT-Security and Security Law Computer Networks & Communications Group University of Passau Germany Jens Oberender Hermann de Meer TrustBus 2008 Turin, Italy 5. September 2008 partly supported by EuroNGI Design and Engineering of the Next Generation Internet (IST-028022) EuroNF Anticipating the Network of the Future (IST-216366)
17
Embed
On the Design Dilemma in Dining Cryptographer Networks
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
On the Design Dilemma in Dining Cryptographer Networks
Institute for IT-Security and Security LawComputer Networks & Communications GroupUniversity of PassauGermany
Jens Oberender Hermann de Meer
TrustBus 2008
Turin, Italy
5. September 2008
partly supported byEuroNGI Design and Engineering of the Next Generation Internet (IST-028022)EuroNF Anticipating the Network of the Future (IST-216366)
Motivation
Connection-level anonymity
Establish communication privacy
Hides relationship between initiator and receiver of a message
Being undistinguishable within the anonymity set
Anonymity evolves in a non-cooperative game
Strategies := cooperate | defect
Node strategies -> anonymity set -> anonymity grade
Nash equilibria indicate best strategy
Does rational behavior have impact on the anonymity?
How can rationality protect reachability?
2On the Design Dilemma in DC-nets
Overview
Does rational behavior have impact on the anonymity?
1) Modeling rational behavior
2) Taxonomy of anonymity techniques
3) Accessible information in Dining Cryptographer (DC) networks
How can rationality protect availability?
4) Parameterizing games during design
3On the Design Dilemma in DC-nets
Rational acting in Anonymity Networks
1. What benefit is received ?
Sender anonymity
Anonymity set enhances grade of anonymity
Challenges for design of anonymity systems Impact of strategic behavior on anonymity
Novel attacks targeting economy of anonymity
2. What cost is involved in participation?
Effective Throughput
Increase of message delay
Increase of traffic
4On the Design Dilemma in DC-nets
on purpose to counter traffic analysis
Requirements of strategic behavior in anonymity networks
Ability to identify disrupters (>18%)prevents misbehavior in sequential game
9On the Design Dilemma in DC-nets
Ability to identify disrupterUser’s preference for anonymity
0
0.2
0.4
0.6
0.8
1
0 0.2 0.4 0.6 0.8 1
Non-cooperative
Dis
rupt
pro
bab
ility
Sequential
Conclusions
Modeling of strategic behavior
Grade of anonymity relies on behavior of all participants
For design of anonymity systems
Risk-prevention of malicious participants
Dilemma games
Influence rational players through system parameters
Incomplete knowledge restrict the designer’s payoff,but parameters hinder malicious collisions
User perspective on future anonymity: more research ongoing
10On the Design Dilemma in DC-nets
DC Coding Schemes
Bitwise XOR [Chaum88]
Not robust against collisions
Low computation overhead
Bilinear Maps [Golle04]
Robust against collisions
Medium computation overhead
Identification of Disrupters [Bos89]
Robust against collisions
High computation overhead
Identifies a disrupter
11On the Design Dilemma in DC-nets
Dining Cryptographers network
Figure out, whether the meal has been paid by either one at the table
Protocol provides sender anonymity
Communication Anonymity
Anonymity := do not disclose communication relationship between sender and recipient
Technically: being indistinguishable within the anonymity set,i.e. all current communication participants
Level of anonymity scales with size of anonymity set
If a user leaves system degrades anonymityEspecially in small systems
DC net
Coding superimposes messages
Simultaneous slot occupation communication is disrupted
Effort to receive/decode broadcasts
13On the Design Dilemma in DC-nets
Game Theory and Dilemmas
Models strategic behavior, e.g. in cooperative systems
Game defines players, strategy sets, and utility
Outcome defined by strategies of all users
Pay off: effective utility depending on the outcome of the game
Strategic behavior
Rationally acting, i.e. maximize payoff
Predict strategy of other players (Non-cooperative game)
Minimize own losses (Sequential game, incomplete knowledge)
Dilemma: strategic behavior does not increase payoff for any of the players
14On the Design Dilemma in DC-nets
Stake holders of a DC-net
Dining Cryptographers network
Communicating subjects (=users)
Anonymous communication with reasonable cost
Adversary
Disrupt anonymous communications (increase user costs), but remain unidentified
DC-net designer
Facilitate high level of anonymity
Decreasing participation degrades anonymity (for small sizes)
15On the Design Dilemma in DC-nets
Send M1
Send M2 Send M3
Broadcast
1) Robust design against malicious attacks
Design parameters
α none – collision robustness full
β no –disrupter identificationpossible
User (single instance)
γ low – anonymity preferencehigh
Compute Nash equilibria , i.e. best strategy for specified parameters
Probability for efficient (0) or robust (1) algorithm
16On the Design Dilemma in DC-nets
0
1
0
1
0
1 0
0.2
0.4
0.6
0.8
1
0 0.2 0.4 0.6 0.8 1
Desig
ne
r S
tra
teg
y s
1
Sequential
Non-Coop.
=0
>0
References
Pfitzmann, A., Hansen, M.: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management - a consolidated proposal for terminology. (2008) Draft
Dingledine, R., Mathewson, N.: Anonymity loves company: Usability and the network effect. In: Workshop on the Economics of Information Security. (2006)
Acquisti, A., Dingledine, R., Syverson, P.: On the economics of anonymity. In Financial Cryptography. Number 2742 in LNCS, Springer (2003)
Bos, J.N., den Boer, B.: Detection of Disrupters in the DC Protocol. In: Workshop on the theory and application of cryptographic techniques on Advances in cryptology. (1989) 320-327