The variety of possible anonymity network topologies has spurred much debate in recent years. In a synchronous batching design, each batch of messages enters the mix network together, and the messages proceed in lockstep through the network. We show that a synchronous batching strategy can be used in various topologies, including a free-route network, in which senders choose paths freely, and a cascade network, in which senders choose from a set of fixed paths. We show that free-route topologies can provide better anonymity as well as better message reliability in the event of partial network failure.

Anonymity on the Internet is a property commonly identified with privacy of electronic communications. A number of different systems exist which claim to provide anonymous email and web browsing, but their effectiveness has hardly been evaluated in practice. In this thesis we focus on the anonymity properties of such systems. First, we show how the anonymity of anonymity systems can be quantified, pointing out flaws with existing metrics and proposing our own. In the process we distinguish the anonymity of a message and that of an anonymity system. Secondly, we focus on the properties of building blocks of mix-based (email) anonymity systems, evaluating their resistance to powerful blending attacks, their delay, their anonymity under normal conditions and other properties. This leads us to methods of computing anonymity for a particular class of mixes – timed mixes – and a new binomial mix. Next, we look at the anonymity of a message going through an entire anonymity system based on a mix network architecture. We construct a semantics of a network with threshold mixes, define the information observable by an attacker, and give a

Abstract. Users building routes through an anonymization network must discover the nodes comprising the network. Yet, it is potentially costly, or even infeasible, for everyone to know the entire network. We introduce a novel attack, the route bridging attack, which makes use of what route creators do not know of the network. We also present new discussion and results concerning route fingerprinting attacks, which make use of what route creators do know of the network. We prove analytic bounds for both route fingerprinting and route bridging and describe the impact of these attacks on published anonymity-network designs. We also discuss implications for network scaling and client-server vs. peer-to-peer systems. 1

Abstract. The lack of a formal model in wireless location privacy protection research makes it difficult to evaluate new location privacy protection proposals, and difficult to utilize existing research results in anonymous communication into this new problem. In this paper, we analyze a wireless location privacy protection system (W LP 2 S), and generalize it to a MIX based formal model, which includes a MIX, a set of MIX’s user, and a intruder of MIX. In addition, we also use information theory approach to define anonymity and measures of this model, and describe the characteristics of observation process in W LP 2 S in detail. Two benefits arise from our model. Firstly, it provides a means of evaluating the privacy level of proposed location privacy protection protocols. We use the measures of proposed formal model to study the performance of our novel silent period technique. Simulation results reveal the role of many parameters-such as users ’ mobility pattern and intruders ’ tracking accuracy- on users ’ privacy level. The results shed more light on improving our defense protocol. Secondly, our approach provides a link between existing defense and attack protocols in MIX research and the new location privacy protection problem. By utilizing the formal model, we conducted preliminary studies in identifying potential attacks, and improve the performance of existing defense protocol. This study results an extension of existing defense protocols. Those simulation and analytical results demonstrates the promising potential of our model. 1

Abstract. Anonymity is the property of maintaining secret the identity of users performing a certain action. Anonymity protocols often use random mechanisms which can be described probabilistically. In this paper, we propose a probabilistic process calculus to describe protocols for ensuring anonymity, and we use the notion of relative entropy from information theory to measure the degree of anonymity these protocols can guarantee. Furthermore, we prove that the operators in the probabilistic process calculus are non-expansive, with respect to this measuring method. We illustrate our approach by using the example of the Dining Cryptographers Problem. 1

Abstract not found

Abstract — Probabilistic model checking is a formal verification technique for analysing the reliability and performance of systems exhibiting stochastic behaviour. In this paper, we demonstrate the applicability of this approach and, in particular, the probabilistic model checking tool PRISM to the evaluation of reliability and redundancy of defect-tolerant systems in the field of computeraided design. We illustrate the technique with an example due to von Neumann, namely NAND multiplexing. We show how, having constructed a model of a defect-tolerant system incorporating probabilistic assumptions about its defects, it is straightforward to compute a range of reliability measures and investigate how they are affected by slight variations in the behaviour of the system. This allows a designer to evaluate, for example, the trade-off between redundancy and reliability in the design. We also highlight errors in analytically computed reliability bounds, recently published for the same case study. Index Terms — Probabilistic model checking, reliability, defecttolerant architectures, multiplexing

Abstract. We present a powerful and flexible method for automatically checking anonymity in a possibilistic general-purpose process algebraic verification toolset. We propose new definitions of a choice anonymity degree and a player anonymity degree, to quantify the precision with which an intruder is able to single out the true originator of a given event or to associate the right event to a given protocol participant. We show how these measures of anonymity can be automatically calculated from a protocol specification in µCRL, by using a combination of dedicated tools and existing state-of-the-art µCRLtools. To illustrate the flexibility of our method we test the Dining Cryptographers problem and the FOO 92 voting protocol. Our definitions of anonymity provide an accurate picture of the different ways that anonymity can break down, due for instance to coallitions of inside intruders. Our calculations can be performed on a cluster of machines, allowing us to check protocols for large numbers of participants. 1

There is a natural intuitive match between anonymity and information theory. In particular, the maximal anonymity loss in anonymity protocols can be matched to the information theoretical notion of channel capacity. However, there is also a significant mismatch between the theories and reality: current theories can only characterize channel capacity based upon certain assumptions of symmetry, which are rarely satisfied in the real world. This paper aims to resolve this mismatch by appealing to powerful mathematical techniques. A generic methodology using Lagrange multiplier method is proposed to characterize channel capacity in anonymity protocols. This Lagrangian approach is proved to be able to generalize previous work on the channel capacity of protocols. Further, we present analyses on three well known protocols,

Abstract. We present PARAM 1.0, a model checker for parametric discrete-time Markov chains (PMCs). PARAM can evaluate temporal properties of PMCs and certain extensions of this class. Due to parametricity, evaluation results are polynomials or rational functions. By instantiating the parameters in the result function, one can cheaply obtain results for multiple individual instantiations, based on only a single more expensive analysis. In addition, it is possible to post-process the result function symbolically using for instance computer algebra packages, to derive optimum parameters or to identify worst cases. 1 Introducing PARAM Markov processes are applied in computer science, engineering, mathematics, and biology. In the early design phase of a system or for the sake of robust modelling, it can be advantageous to leave certain aspects unspecified