Faced with the question of who needs to be hidden, the answer is becoming increasingly broad, encompassing aspects such as: (i) External adversaries/attackers. They perform local passive eavesdropping, using, for example, a sniffer-type electronic device connected to a specific LAN link or the mirror port of a LAN switch. They also perform global eavesdropping, allowing them to observe traffic across the entire network. They can inject malware, junk email, or spam (spammers). (ii) Internal adversaries/attackers. They use elements of the communications system whose security has been compromised, such as infected routers, to carry out conspiracy procedures. (iii) Communication collaborators/partners. From the point of view of their intentions: (a) Honest but curious, passive users and user groups (they only listen locally or globally). (b) Malicious users and user groups, passive (only listen), active (modify/delete/add information or inject malicious code: viruses, spam, spyware, bots, malware, etc.).
Types of Anonymity for Anonymous Communications:
Anonymity in communications refers to facilitating communication between entities in a way that conceals who is speaking/conversing/interacting with whom. The field of applications is constantly expanding, encompassing privacy in all types of governmental/military communications (CNI, NSA, CIA, FBI, etc.), civilian communications at the individual/institutional level (avoiding spam), social communications such as e-commerce/electronic business in general (such as online sales, B2B, B2C, and C2C music/movie transactions, etc.), anonymous bulletin boards, free voice chat services (important in oppressed and undemocratic countries), all types of online forums, blogs, IRC, wikis, Web 2.0 or even Web 3.0 social networks, and all types of concealment at the machine level, for individuals/groups of users/data owners, and for the people themselves moving within a territory, etc. In the area of privacy, it allows for the concealment of transactions, web browsing, and all types of network operations, etc., originating from oppressive governments/corporations, against potentially honest/curious individuals or even criminals, activists, and terrorists, etc. In the field of digital cash, it works with electronic money. It is also applied in the context of electronic voting, census-resistant publishing, and traceless email. From another perspective, it enables operations within the area of crypto-anarchy.
The following types of anonymity can be identified: (i) Sender anonymity. (ii) Receiver anonymity. (iii) Publisher anonymity (diffusion model). (iv) Non-linkage/correlation anonymity. (v) Non-observability anonymity. Two problems can be detected in this context: (i) Sender anonymity: concealing the honest sender/originator of a message. (ii) Receiver anonymity: concealing the receiver of a message sent by an honest sender. Obviously, anonymity can also be exploited by dishonest entities, criminals, terrorists, anarchists, and other offenders. What can be done in such cases? How can society defend itself against this problem? The answer is simple: absolute anonymity is impossible, since the underlying network is not anonymous, even if it is secure.
Types of Network Anonymity Services.
Network anonymity services protect users' identities, hide other identifying factors, dissociate users' actions from their identities, and do not conceal that these actions occur. Anonymity is not the same as privacy, but it can help provide it. The following types of network anonymity services can be identified: (1) Covert Anonymity. The user is not automatically labeled as using anonymity technology; often, the user has more credibility and does not attract suspicion. They use unsuspecting web proxies (that go unnoticed) and free webmail accounts through proxies. (2) Overt Anonymity. The user is known to be anonymous, and their credibility is often questioned. They use well-known remailers and addresses like anonymizer.com. They also employ SSL anonymity proxies, anonymity ISPs, mix-net remailer systems, anonymity servers such as anon.penet.fi, etc. (3) Mixed anonymity. Mixes the previous anonymities.
Some technologies for anonymity are:
(i) Using trusted third parties or proxies to forward messages. Its main advantages are that it is inexpensive and easy to use. The main drawback is determining who can be trusted. (ii) DC-Network or DC-Net or DC Network. Developed in 1988 by David Chaum, it only allows anonymity for the sender. Its effectiveness for N users is (1 / N(N – 1)). It only allows one message to be sent at a time, otherwise a collision occurs. (iii) Mixnets. This uses a server to mix a set of messages. Each message is encrypted using asymmetric cryptography and a PKI so that only the recipient can read it. It uses a set of servers to provide anonymity. It supports up to a maximum of (N – 1) conglomerated servers out of a total of N. AMPC is a variant of Mixnets in which cryptography is implemented through distribution. In an Onion Mix, the first server to receive a set of messages constructs a random path through a set of Mixes to the final Mix that distributes the messages. If the first Mix is corrupted, the entire system is compromised. (iv) Crowds. A crowd is a dynamically formed set of users. Each user runs a process called a jondo on their computer. When the jondo starts, it contacts a server called a blender to request admission to the crowd. If admitted, the blender reports the user's current membership and sends the information necessary to join the crowd (cryptographic keys). The user configures their browser to use their jondo as a web proxy. When the jondo receives the first request from the browser, it begins establishing a random path of jondos in the crowd. The jondo randomly selects a jondo (possibly itself) from the crowd and forwards the request to it (after protecting/securing it). When this host receives the request, it forwards it with probability p (again to a randomly selected host) or sends the request to the destination server with probability (1 – p). Subsequent requests follow the same path, and the server responds using the same path (in the opposite direction). Communication between hosts is encrypted. (v) Tor. This is a second-generation Onion Routing anonymity network. It uses a network of routers provided by volunteers. Among other things, it allows the protection of the identity and location of the sender accessing Internet services. The Tor anonymity network is identifiable because there are public lists of nodes, and it is experiencing significant expansion (see http://www.noreply.org/tor-running-routers/totall_ong.html ). Likewise, its bandwidth is currently growing (see http://www.noreply.org/tor-running-routers/totalTra-fficLong.html ). The main limitations of the Tor service are high bandwidth services (video), frequent connections (P2P file sharing), and very low latency services such as telephony; especially problems arise with FDX (Full-DupleX) communications, although it can support HDX (Half-DupleX) push-to-talk type communications.
Node Anonymity in Ad-Hoc Networks:
Node privacy in ad-hoc networks aims to conceal the identities of nodes involved in routing tasks within wireless mobile ad-hoc networks. Traditional ad-hoc routing algorithms rely on private information, such as identifiers, which are exposed on the network. Privacy solutions designed for P2P networks are not suitable for ad-hoc networks. Privacy is weak in position-based ad-hoc routing algorithms, as each node's position information must be broadcast locally on a regular basis. Adversaries can obtain a node's path based on position reports and even estimate the network topology. Once a match is found between a node's position and its actual identifier, a tracer can monitor that node's behavior. The AO2P (Ad-hoc On-demand Position-based Private routing) algorithm preserves node privacy in mobile ad-hoc networks by exhibiting low next-hop determination latency. The destination's position is the information exposed on the network for route discovery. A receiver contention scheme is designed to determine the next hop in a route. Pseudo-identifiers are used instead of real identifiers to deliver the data packet after a route has been constructed. The route with the fewest hops is used to improve end-to-end throughput. Only the destination's position in the network is revealed for route discovery. Destination privacy relies on the difficulty of matching a position with a node identifier. Node mobility improves destination privacy because the match between a position and a node identifier is temporary. The privacy of the sender and intermediate forwarders is preserved. Routing accuracy relies on the fact that at any given moment, only one node can be at a given position. Since the pseudo-identifier for a node is generated from its position and time, the probability of more than one node having the same pseudo-identifier is negligible. AO2P can improve its privacy by using a waypoint, resulting in the R-AO2P algorithm. The waypoint's position is carried in the packet instead of the destination's position. The waypoint is located on the extended line connecting the sender and destination and can be used for route discovery. The destination's position is only revealed to the nodes involved in the routing.
Final considerations
Our research group has been working for more than fifteen years on the anonymity of communications in all types of networks, narrowband, broadband, data and multimedia, wired, wireless, mixed, hierarchical, CS (Client-Server), P2P (Peer-to-Peer), for people, M2M (Machine-to-Machine), etc.
This article is part of the activities developed within the LEFIS-APTICE project (funded by Socrates. European Commission).
Literature
- Areitio, J. “Information Security: Networks, Computing and Information Systems”. Cengage Learning-Paraninfo. 2009.
- Areitio, J. “Analysis of Spam”. Conectrónica Magazine. No. 104. February 2007.
- Areitio, J. “Analysis of Technologies for Information Concealment”. Conectrónica Magazine. No. 109. July-August 2007.
- Areitio, J. “Analysis of Forensic Security, Anti-Forensic Techniques, Incident Response and Digital Evidence Management”. Conectrónica Magazine. No. 125. March 2009.
- Senior, A. “Protecting Privacy in Video Surveillance”. Springer. 2009.
- Gutwirth, S., Poullet, Y., De Hert, P., Terwangne, C. and Nouwt, S. “Reinventing Data Protection”. Springer. 2009.
- Howard, R. “Cyber Fraud”. Auerbach Publishers, Inc. 2009.
- Flegel, U. “Privacy Respecting Intrusion Detection.” Springer. 2007.
Author:
Prof. Dr. Javier Areitio Bertolín – E.Mail:
Professor at the Faculty of Engineering, ESIDE.
Director of the Networks and Systems Research Group, University of Deusto.
