Statistical Disclosure or Intersection Attacks on Anonymity Systems

1
Statistical Disclosure or Intersection Attacks on
Anonymity Systems

• George Danezis and Andrei Serjantov
• University of Cambridge Computer Laboratory

2
Outline

• Introduction
• Intersection attack
• The model
• Different approaches
• Our approach(es)
• Exact probability calculation
• Efficient attack
• Conclusions

3
Introduction

• Analysis of anonymous communication schemes
• Suppose there is an anonymous communication
  channel (mix)
• Alice communicates repeatedly with Bob
• How much anonymity does Alice have?
• How many rounds can she communicate for without
  being exposed?

4
The Setup

• The communication channel is a mix
• Alice has a set of recipients M and communicates
  to one of these every round (picked uniformly at
  random)
• The receivers of the other messages are picked
  from a uniform distribution over the set of all
  senders, N

5
The Setup (Diagram)
M
To M
Alice
Threshold B1
N
B
Steves
To N
As seen by the attacker
6
Approach I

• Disclosure Attack
• Kesdogan, Agrawal, Penz
• IH2002,SP2003,SPMag2004,IH2004?
• Exact Attack
• i.e. if after some rounds it is possible to
  identify M, (Alices recipients), the attack
  succeeds
• Expensive
• Does not yield (much) information if fails

7
Approach II

• Newman, Nalla, Moskowitz
• WPES2003, PET2004
• Alice is the bad insider
• Tries to communicate information to the outside
• Eve observes only behind the mix
• Covert Channel Capacity between Alice and Eve
• Use Mutual Information to measure this

8
Our Approach I (III)

• A Probabilistic calculation which gives the
  probability of Alice communicating to a
  particular set K i.e. P(KM).
• Works really well if M is small
• Generalises Kesdogans disclosure attack
• Makes no simplifying assumptions
• Expensive when M is large

9
Our Approach II (IV)

• Statistical Disclosure Attack
• Danezis, INetSec2003 (see paper for full ref)
• Really efficient!
• Analytical results about how accurate the attack
  is
• Makes some simplifying assumptions

10
Our Contribution I

• Probability calculations for anonymous channel
  modelled by the threshold mix
• Starts being inefficient when M becomes large
• Probability calculations for anonymous channel
  modelled by a pool mix
• Pretty inefficient
• No Simplifying Assumptions!

11
Our Contribution II

• Statistical Disclosure Attack for anonymous
  communication channel modelled by the pool mix
• (Where all other approaches fail)
• Kesdogans approach is non-probabilistic
• Our probabilistic method is too expensive
• Newman, Nalla, Moskowitz say future work

12
The Details (Probabilistic Approach)

• Alice sends msgs via a threshold mix (B1)
• There are B other senders (Steves) who pick
  receivers uniformly
• Define as the probability a Steve sends a
  message to r
• Attacker has no a-priori information about the
  relationship between senders and receivers
• For the moment assume Attacker knows Alice
  communicates to one person

13
Information from Observations

• 1 round of communication. Roger receives exactly
  1 message. (call this event X)
• How likely is it that Roger is Alices receiver?
• P(Y), Y is the event MRoger
• P(YX) is probability MRoger given he receives
  1 message
• Use Bayes theorem

14
Information from Observations

• P(X) Probablity Roger gets one message
• P(X) P(XY)P(Y) P(XY)P(Y)
• P(XY)
• P(XY)
• P(Y) Probability Roger is Alices receiver
• P(Y)
• P(Y)

15
Putting it all together

• Now,

16
?????

• This is, of course, entirely obvious!!!
• Can as easily calculate the probability of any
  set M being Alices receivers M given any other
  observation
• Including observations like
• Roger receives k messages
• in round 1 and k messages in round 2
• through a pool mix.

17
Statistical Disclosure Attack on a Pool Mix

• You have to know Statistical Disclosure Attack
• Essentially, we build a simplified model of
  whats going on, then develop a way of
  identifying Alices receivers, and test it on a
  simulation where we know who is Alice and who is
  not
• In the original Statistical Disclosure Attack
  (threshold mix) rounds are independent, in the
  case of the pool mix, they are not
• Additionally, in SD we could ignore rounds where
  Alice did not send, now we cannot!

18
Pool Mix

• b messages stay in the mix at each round
• Messages to be sent are picked from both the B
  and the b

Messages might stay in the mix for a long time
19
The Model
20
Simplification introduced by the model
Alice
21
The Attack

• Can easily estimate
• And we have observations
• From this we estimate
• Bayes theorem, see paper

22
The Results (1000 rounds, B10)
P(Estimate)
Receivers, r
Estimate of probability of Alice sending to r
23
The Results
24
The Results
25
Related Work

• Already beaten to death
• If anyone knows more, please shout!

26
Future Work

• We would really like to find the relation between
  Newman, Nalla, Moskowitz and this work
• Rather than studying how bad the intersection
  attack is, study how to protect against it
• Dummy traffic

27
Conclusions

• Intersection attack is very powerful
• Pretty well known already
• We take a probabilistic approach
• Unlike Kesdogan IH2004?
• Both efficient attacks and accurate definitions
  are possible
• Each has advantages and disadvantages