Hannes Federrath

Web MIXes: a system for anonymous and unobservable Internet access

We present the architecture, design issues and functions of a MIX-based system for anonymous and unobservable real-time Internet access. This system prevents traffic analysis as well as flooding attacks. The core technologies include an adaptive, anonymous, time/volume-sliced channel mechanism and a ticket-based authentication mechanism. The system also provides an interface to inform anonymous users about their level of anonymity and unobservability.

Designing Privacy Enhancing Technologies

Based on the nomenclature of the early papers in the field, we propose a set of terminology which is both expressive and precise. More particularly, we define anonymity, unlinkability, unobservability, and pseudonymity (pseudonyms and digital pseudonyms, and their attributes). We hope that the adoption of this terminology might help to achieve better progress in the field by avoiding that each researcher invents a language of his/her own from scratch. Of course, each paper will need additional vocabulary, which might be added consistently to the terms defined here.

Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier

Privacy enhancing technologies like OpenSSL, OpenVPN or Tor establish an encrypted tunnel that enables users to hide content and addresses of requested websites from external observers This protection is endangered by local traffic analysis attacks that allow an external, passive attacker between the PET system and the user to uncover the identity of the requested sites. However, existing proposals for such attacks are not practicable yet. We present a novel method that applies common text mining techniques to the normalised frequency distribution of observable IP packet sizes. Our classifier correctly identifies up to 97% of requests on a sample of 775 sites and over 300,000 real-world traffic dumps recorded over a two-month period. It outperforms previously known methods like Jaccards classifier and Naïve Bayes that neglect packet frequencies altogether or rely on absolute frequency values, respectively. Our method is system-agnostic: it can be used against any PET without alteration. Closed-world results indicate that many popular single-hop and even multi-hop systems like Tor and JonDonym are vulnerable against this general fingerprinting attack. Furthermore, we discuss important real-world issues, namely false alarms and the influence of the browser cache on accuracy.

Modeling the Security of Steganographic Systems

We present a model of steganographic systems which allows to evaluate their security. We especially want to establish an analogy to the known-plaintext-attack which is commonly used to rate cryptographic systems. This models main statement is that the embedding operation of a steganographic system should work indeterministic from the attackers point of view. This is proved by means of information theory.

Project “anonymity and unobservability in the Internet”

It is a hard problem to achieve anonymity for real-time services in the Internet (e.g. Web access). All existing concepts fail when we assume a very strong attacker model (i.e. an attacker is able to observe all communication links). We also show that these attacks are real- world attacks. This paper outlines alternative models which mostly render these attacks useless. Our present work tries to increase the efficiency of these measures.

A privacy aware and efficient security infrastructure for vehicular ad hoc networks

VANETs have the potential to dramatically increase road safety by giving drivers more time to react adequately to dangerous situations. To prevent abuse of VANETs, a security infrastructure is needed that ensures security requirements like message integrity, confidentiality, and availability. After giving more details on the requirements we propose a security infrastructure that uses asymmetric as well as symmetric cryptography and tamper resistant hardware. While fulfilling the requirements, our proposal is especially designed to protect privacy of the VANET users and proves to be very efficient in terms of computational needs and bandwidth overhead.

MIXes in Mobile Communication Systems: Location Management with Privacy

This paper introduces a new technique for location management in cellular networks. It avoids the recording of moving tracks of mobile subscribers. The described procedures are derived from the well known untraceable MIX network and the distributed storage of location information according to GSM networks.

Performance comparison of low-latency anonymisation services from a user perspective

Neither of the two anonymisation services Tor and AN.ON clearly outperforms the other one. AN.ONs user-perceived QoS is generally more consistent over time than Tors. While AN.ONs network latencies are low compared to Tor, it suffers from limitations in bandwidth. Interestingly, Tors performance seems to depend on the time of day: it increases in the European morning hours. Utilising AN.ONs reporting of concurrently logged-in users, we show a correlation between load and performance. The reported number of users should be adjusted, though, so that it serves as a better indicator for security and performance. Finally, the results indicate the existence of an overall tolerance level for acceptable latencies of approximately 4 seconds, which should be kept in mind when designing low-latency anonymisation services.

Location management strategies increasing privacy in mobile communication

Mobile communication offers many new opportunities. However, because of the mobility of the subscribers trustworthiness of data, reliability and security are major issues.

Individual management of personal reachability in mobile communication

This paper describes a concept for controlling personal reachability while maintaining a high degree of privacy and data protection. By easy negotiation of their communication requests users can reach others without disturbing the called partners and without compromising their own privacy. Reachability management can strengthen the called subscribers right to self-determined communication without violating the callersO interests in protecting their personal data. *