C. Gulcu and G. Tsudik. Mixing Email with Babel . In Internet Society Symposium on Network and Distributed Sytem Security (NDSS'96), pages 2-16, San Diego, CA, Feb 1996.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....thus hiding the correspondence between incoming and outgoing messages. Perhaps the most intuitive way of measuring the anonymity of a message M in a mix system is to just count the number of messages M has been mixed with while passing through the system. However, as pointed out in [Cot94] and [GT96], this is not enough as all the other messages could, for instance, come from a single known sender. Indeed, the attacker may mount the so called n 1 attack based on this observation by sending n 1 of their own messages to each of the mixes on M s path. In this case, the receiver of M ceases to ....

C. Gulcu and G. Tsudik. Mixing email with Babel. In 1996 Internet Society Symposium on Network and Distributed Sytem Security , pages 2-16. San Diego, CA, 1996.

....a message under this model. In Section V, we report our analytical and numerical results. Finally, in Section VI, we present our conclu sions. II. OVERVIEW OF ANONYMOUS COMMUNICATION SYSTEMS In this section, we survey the past work related to anonymity, including DC Net [5] 39] Mixes [4] [18], 20] Anonymizer [1] Anonymous Remailer [2] LPWA [10] Onion Routing [13] 31] 33] 34] Crowds [26] Hordes [28] Freedom [12] and Pipenet [8] Many anonymous communication systems have been designed and implemented that provide various types of anonymity, such as sender anonymity, ....

C. Gulcu and G. Tsudik, Mixing Email with Babel, Proceedings of the 1996.

....anonymity behavior of anonymous communication systems. In Section 6, we report our numerical results. Finally, in Section 7, we present our conclusions. 2 Overview of Anonymous Communication Systems In this section, we survey the past work related to anonymity, including DC Net [4, 22] Mixes [3, 10, 11], Anonymizer [1] Anonymous Remailer [2] LPWA [6] Onion Routing [8, 17, 19, 20] Crowds [14] Hordes [15] Freedom [7] and PipeNet [5] Many existing anonymous communication systems provide various forms of anonymity, such as sender anonymity, receiver anonymity, and mutual anonymity, ....

C. G ulc u and G. Tsudik, Mixing Email with Babel, Proceedings of the 1996.

....the attacks, point out potential weaknesses in existing designs, and suggest improvements. 1 Introduction Many modern anonymity systems are based on mixes. Chaum rst introduced the concept in 1981 [Cha81] and since then researchers and developers have described many mix variations, e.g. [Jak99,GT96,KEB98]. These have di erent aims and approaches, yet we still fail to understand the performance and anonymity tradeo s between them. In fact, some of the mixes used in well known elded systems such as Mixmaster [Cot94,MC00] are mentioned only brie y or not at all in the literature. We aim to start ....

....consider the extent to which the mixes are vulnerable to active attacks such as the n 1 attack. More speci cally, an attacker targeting a speci c message going into a mix can manipulate the batch of messages entering that mix so the only message unknown to him in the batch is the target message [Cot94,GT96]. This manipulation may involve delaying or dropping most or all other incoming messages (a trickle attack) or ooding the batch with attacker messages (a ooding attack) We call these attacks or combinations of them blending attacks. We provide a rigorous analysis and comparison of several ....

[Article contains additional citation context not shown here]

C. Gulcu and G. Tsudik. Mixing Email with Babel . In Internet Society Symposium on Network and Distributed Sytem Security (NDSS'96), pages 2-16. San Diego, CA, 1996.

....a high enough rate, it will starve out most of the legitimate users and will occupy the queue for him her itself. Ideally, the users will notice starvation due to an absence of message identi er bulletin postings, but this may not necessarily be so. Babel attempts to solve this using mix detours [GT96]. This solution also applies to our framework. 11 Malicious adversaries, if on the originator host as well, can launch DoS attacks by injecting bogus messages into the system. A malicious router may disrupt the operation by denying forwarding, but the end users will detect this in the course of ....

C. Gulcu and G. Tsudik. Mixing email with babel. In

....privacy is a great concern for users of electronic commerce. Numerous protocols have emerged for protecting the anonymity of individuals. These protocols have been in the areas of protecting general Internet communications [23] commercial transactions [25] web based communications [21, 1] email [9, 18], and electronic cash [28] However, Work by this author supported by ONR. y Work by this author was also performed at AT T Research. 814 P. Syverson and S. Stubblebine, Group Principals and the Formalization of Anonymity. in FM 99 Formal Methods, Vol. I, Springer Verlag LNCS 1708, ....

C. Gulcu and G. Tsudik. "Mixing Email with Babel ", 1996 Symposium on Network and Distributed System Security , San Diego, February 1996.

....a great concern for users of electronic commerce. Numerous protocols have emerged for protecting the anonymity of individuals. These protocols have been in the areas of protecting general Internet communications [SGR97] commercial transactions [SSG97] web based communications [RR97, Ano] email [Cot, GT96], and electronic cash [Way96] However, little work has been done on formally representing or analyzing privacy in such protocols. In this paper, we provide an epistemic language and logic and use it to reason about anonymity protocols and anonymity services. We also describe an associated model ....

C. Gulcu and G. Tsudik. "Mixing Email with Babel", 1996 Symposium on Network and Distributed System Security, San Diego, February 1996.

.... anonymous MIX is an intermediary communications node which attempts to make it very di#cult for anyone to trace the path of a message which passes through the MIX. The idea behind MIXs is discussed in [Cha81] and is used in election schemes [Cha81, PIK94] and anonymous remailers on the Internet [Sch95, TG96]. In our protocol, we use anonymous MIXs to prevent an eavesdropper who has access complete access to the network s tra#c from being able to compromise the system. When Alice sends Bob a message through an anonymous MIX, the following (roughly) takes place: 1. Alice wishes to send message P to ....

G. Tsudik and C. Gulcu, "Mixing E-mail with BABEL," ISOC Symposium on Network and Distributed System Security '96, to apprear. This article was processed using the L A T E X macro package with LLNCS style 11

....of decrypted message. Doing so greatly reduces Alice s ability to deliver bogus information. So long as neither Alice nor Bob attempt to cheat, their identities need never be revealed to a third party. That is, this whole protocol could be conducted anonymously, through anonymous remailers [Sch95, TG96]. This method does not o#er privacy in that an eavesdropper has access to both EK (M) and K. If privacy is required, the exchanges at Steps (1) and (2) should be conducted using a method providing adequate privacy. There are several e mail security protocols that could su#ce: e.g. PGP [Zim95, ....

G. Tsudik and C. Gulcu, "Mixing E-Mail with BABEL," ISOC Symposium on Network and Distributed System Security, IEEE Computer Society Press, 1996, p. 2--16.

....message. Implementation efforts for approximating anonymous networks are being carried out by several research groups (e.g. anonymous routing [SGR97] and anonymous Web traffic [SGR97, RR98] Besides that, there are several anonymous remailers available for either e mail communication (see, e.g. [GWB97, GT96, B96, E96]) or Web browsing (see, e.g. Anon] We will discuss some of these in more detail later. We view our goal as complementary: All of the above work tries to find methods and systems to make the Internet an (approximate) anonymous network. This is a hard task and consequently the resulting tools ....

....then describe our anonymous mailbox system, and finally discuss how enhanced privacy can be achieved by using our mailbox system in conjunction with remailers. 4.1 Brief History of Anonymous E mail Tools for anonymous e mail communication have been around for a few years by now (see, e. g, [GWB97, B96, GT96, E96]. Early anonymous remailers (Type 0, e.g. Anon.penet.fi) accepted e mail messages by a user, translated them to a unique ID and forwarded them to the intended recipient. The recipient could use the ID to reply to the sender of the message. The level of security of this type of remailer was rather ....

C. Gulcu, G. Tsudik, Mixing email with babel. In Proc. ISOC Symposium on Network and Distributed System Security, 1996.

....sender s address with some alias, permitting replies. These sorts of remailers store sensitive state: the mapping between the alias and the true return address. Also, mail forwarded through a chain of remailers may be tracked because it appears the same to each remailer. Mix based remailers like [4, 8] use mixes to provide anonymous e mail services. Essentially, the mail message is carried in the innermost layer of an onion like data structure. Another onion like structure, used for a return address, can be contained in the message. This makes the return path self contained, and the remailer ....

....message is carried in the innermost layer of an onion like data structure. Another onion like structure, used for a return address, can be contained in the message. This makes the return path self contained, and the remailer essentially stateless. Onion Routing shares many structures with Babel [8] but it uses them to build application independent end to end connections. This makes anonymous connections accessible to a wide variety of applications. In [10] mixes are used to provide untraceable communication in an ISDN network. Here is a summary of that paper. In a phone system, each ....

C. Gulcu and G. Tsudik. "Mixing Email with Babel", in Proceedings of the 1996 Symposium on Network and Distributed System Security , San Diego, February 1996.

.... are being carried out by several research groups (e.g. anonymous routing [Goldschlag et al. 1999] and anonymous Web traffic [Goldschlag et al. 1999; Reiter and Rubin 1998] Besides that, there are several anonymous remailers available for e mail communication (see, e.g. Goldberg et al. 1997; Gulcu and Tsudik 1996; Bacard ; Engelfriet On Secure and Pseudonymous Client Relationships with Multiple Servers Delta 3 ] and Web proxies that act as middle men for Web browsing (see, e.g. the Anonymizer [Boyan 1997] and LPWA [Gabber et al. 1999] We will discuss some of these in more detail later. We view ....

....mailbox system, and finally discuss how enhanced privacy can be achieved by using our mailbox system in conjunction with remailers. 4.1 Brief History of Anonymous E mail Tools for anonymous e mail communication have been around for a few years now. See, e. g, Goldberg et al. 1997; Bacard ; Gulcu and Tsudik 1996; Engelfriet ] Early anonymous remailers (Type 0, e.g. Anon.penet.fi) accepted e mail messages by a user, translated them to a unique ID and forwarded them to the intended recipient. The recipient could use the ID to reply to the sender of the message. The level of security of this type of ....

Gulcu, C. and Tsudik, G. 1996. Mixing email with babel. In Proceedings of ISOC Symposium on Network and Distributed System Security (1996).

....robustness, practicality or efficiency in order to provide a solution. For example, the majority of currently used remailers use only one mix server, which has to be fully trusted by the users for both privacy and correctness. If several such servers are pipelined for improved privacy (such as in [14, 23, 31]) this raises concerns in terms of both correctness and availability of service, especially in situations where mix servers are welcome targets of attackers. It is interesting to note that if an attacker corrupting some subset of mix servers can verify a claimed mix decryption, the degree of ....

C. Gulcu, G. Tsudik, "Mixing email with babel," ISOC Symposium on Network and Distributed System Security, 1996.

....Data may also be passed through a privacy filter before being sent over an anonymous connection. This removes identifying information from the data stream, to make communication anonymous too. Although onion routing may be used for anonymous communication, it differs from anonymous remailers [20, 9] in two ways: Communication is real time and bidirectional, and the anonymous connections are application independent. Onion routing s anonymous connections can support anonymous mail as well as other applications. For example, onion routing may be used for anonymous Web browsing. A user may wish ....

....sender s address with some alias, permitting replies. These sorts of remailers store sensitive state: the mapping between the alias and the true return address. Also, mail forwarded through a chain of remailers may be tracked because it appears the same to each remailer. Mix based remailers like [20, 9] use mixes to provide anonymous e mail services. Essentially, the mail message is carried in the innermost layer of the onion 6 data structure. Another onion type structure, used for a return address, can be contained in the message. This makes the return path self contained, and the remailer ....

[Article contains additional citation context not shown here]

C. Gulcu and G. Tsudik. "Mixing Email with Babel ", 1996 Symposium on Network and Distributed System Security , San Diego, February 1996.

....After delaying and reordering, the message is forwarded to the following mix, which in its turn performs the same task, so that finally the internal message is sent to the recipient. Example Mixmaster based systems can be found at [1] and [13] A last mix based anonymous email system is Babel [8]. In this system, an onion type structure, used for the return address (called Return Path Information) can be included in the message. This provides the recipient the ability to reply, without having the intermediate mixes to keep a list of return addresses (stateless remailers) 6 Anonymity on ....

C. Gulcu and G. Tsudik. Mixing Email with Babel. In ISOC Symposium on Network and Distributed System Security, February 1996.

....public key encrypted hidden file has bias removal applied to it and is then steganographically encoded into the graphics file. This file is then uuencoded and titled. The title is chosen from a list of phrases like cool picture , check this out , etc. This file is then sent via a mix [Ch81, GT96, Co] based anonymous remailer to alt.binaries.pictures.fractals, for instance. The advantages to this method are numerous. Graphics, sound, and video are mediums that allow high bandwidth steganographic encoding. We point at graphics as our medium of choice because a Trojan horse program can ....

C. Gulcu, G. Tsudik. Mixing Email with BABEL. In Proceedings of the 1996 IEEE Symposium on Network and Distributed System Security, Feb. 22-23, 1996. IEEE.

....is less remote if the last COR is also compromised and we assume that the data sent over it is not end to end encrypted for the responder. We will return to this discussion below. 10 7 Related Work Basic comparison of Onion Routing to broadly related anonymity mechanisms, such as remailers [11, 5] and ISDN Mixes [14] can be found in [16] Also mentioned there are such complementary connection based mechanisms as LPWA [7] and the Anonymizer [1] These are both very effective at anonymizing the data stream in different ways, but they both pass all traffic directly from the initiator via a ....

C. Gulcu and G. Tsudik. "Mixing Email with Babel ", in 1996 Symposium on Network and Distributed System Security , San Diego, February 1996.

No context found.

C. Gulcu and G. Tsudik. Mixing Email with Babel . In Internet Society Symposium on Network and Distributed Sytem Security (NDSS'96), pages 2-16, San Diego, CA, Feb 1996.

No context found.

Gulcu, C., and Tsudik, G. Mixing email with BABEL. In Symposium on Networked and Distributed System Security (1996).

No context found.

B. Gulcu and G. Tsudik. Mixing email with BABEL. In Symposium on Networked and Distributed System Security, 1996.

No context found.

C. Gulcu and G. Tsudik. Mixing Email with Babel . In Internet Society Symposium on Network and Distributed Sytem Security (NDSS'96), pages 2-16, San Diego, CA, Feb 1996.

No context found.

C. Gulcu and G. Tsudik. Mixing Email with Babel . In Internet Society Symposium on Network and Distributed Sytem Security (NDSS'96), pages 2--16, San Diego, CA, Feb 1996.

No context found.

C. Gulcu and G. Tsudik. Mixing Email with Babel . In Internet Society Symposium on Network and Distributed Sytem Security (NDSS'96), pages 2--16, San Diego, CA, Feb 1996.

No context found.

C. Gulcu and G. Tsuski, "Mixing Email with Babel," IEEE Proc. Symp. Networks and Distr. Sys. Security, 1996.

No context found.

GULCU,C.AND TSUDIK, G. 1996. Mixing email with Babel. In Proceedings of the 1996 Internet Society Symposium on Network and Distributed System Security (San Diego, CA, Feb.), 2--16.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC