Dynamic Anonymity

Encryption protects communication partners from disclosure of their secret messages but cannot prevent traffic analysis and the leakage of information about “who communicates with whom". In the presence of collaborating adversaries, this linkability of actions can danger anonymity. However, reliably providing anonymity is crucial in many applications. Especially in contextaware mobile business, where mobile users equipped with PDAs request and receive services from service providers, providing anonymous communication is mission-critical and challenging at the same time. Firstly, the limited performance of mobile devices does not allow for heavy use of expensive public-key operations which are commonly used in anonymity protocols. Moreover, the demands for security depend on the application (e.g., mobile dating vs. pizza delivery service), but different users (e.g., a celebrity vs. a normal person) may even require different security levels for the same application. Considering both hardware limitations of mobile devices and different sensitivity of users, we propose an anonymity framework that is dynamically configurable according to user and application preferences. Our framework is based on Chaum-s mixnet. We explain the proposed framework, its configuration parameters for the dynamic behavior and the algorithm to enforce dynamic anonymity.

Authors:

• Emin Islam Tatlı
• Dirk Stegemann
• Stefan Lucks

Keywords:

• Anonymity
• context-awareness
• mix-net
• mobile business
• policy management

References:

[1] Fleet management.URL: http://www.fleetonline.ch.
[2] Indoor & outdoor routing.URL: http://www.falk.de.
[3] Jap: Anonymity and privacy tool for internet.
URL: http://anon.inf.tu-dresden.de.
[4] Locating people in emergency.URL: http://www.sintrade.ch.
[5] Location-based chat and games.URL: http://www.vodafone.de.
[6] The mobile business research group.URL: http://www.m-business.unimannheim.
de.
[7] Smtp remailers.URL:http://www.freehaven.net/related-comm.html.
[8] Tracking of kids.URL: http://www.trackyourkid.de.
[9] ISO99 IS 15408.URL: http://www.commoncriteriaportal.org, 1999.
[10] The Anonymizer. URL: http://anonymizer.com.
[11] David L. Chaum. Untraceable electronic mail, return addresses, and
digital pseudonyms. Commun. ACM, 24(2):84-90, 1981.
[12] Andreas Pfitzmann et al. Anonymity, unobservability, and
pseudonymity: A proposal for terminology, July 2000.
[13] Michael J. Freedman and Robert Morris. Tarzan: A peer-to-peer
anonymizing network layer. In Proceedings of the 9th ACM Conference
on Computer and Communications Security (CCS 2002), Washington,
DC, November 2002.
[14] Stefan Köpsell, Hannes Federrath, and Marit Hansen. Erfahrungen mit
dem Betrieb eines Anonymisierungsdienstes. Datenschutz und Datensicherheit,
27(3), 2003.
[15] Andreas Pfitzmann, Birgit Pfitzmann, and Michael Waidner. ISDNmixes:
Untraceable communication with very small bandwidth overhead.
In Proceedings of the GI/ITG Conference on Communication in
Distributed Systems, pages 451-463, February 1991.
[16] Michael Reiter and Aviel Rubin. Crowds: Anonymity for web transactions.
ACM Transactions on Information and System Security, 1(1),
June 1998.
[17] Bruce Schneier. Secrets and Lies, chapter 5. Security Needs, pages 63-
67. Wiley and Sons, 2001.
[18] Emin Islam Tatl─▒, Dirk Stegemann, and Stefan Lucks: Security
challenges in location-aware mobile business, In Proceedings of the 2nd
International Workshop on Mobile Commerce and Services, M├╝nchen,
2005. IEEE Computer Society.