Int. J. Security and Networks, Vol. 2, Nos. 1/2, 2007
Analysis of Fow-correlation attacks in
Department of Electrical and Computer Engineering,
Cleveland State University,
Cleveland, OH, USA
College of Business and Information Systems,
Dakota State University,
Madison, SD, USA
Riccardo Bettati and Wei Zhao
Department of Computer Science,
Texas A&M University,
College Station, TX, USA
Mix networks are designed to provide anonymity for users in a variety of applications,
including privacy-preservingWWW browsing and numerous e-commerce systems. Such networks
have been shown to be susceptible to a number of statistical traf±c analysis attacks. Among these
are ²ow correlation attacks, where an adversary may disclose the communication relationship
between a sender and a receiver by measuring the similarity between the sender’s outbound ²ow
and the receiver’s inbound ²ow. The effectiveness of the attacks is measured in terms of the
probability that an adversary correctly recognises the receiver. This paper describes a model for
the ²ow correlation attack effectiveness. Our results illustrate the quantitative relationship among
system parameters such as sample size, noise level, payload ²ow rate and attack effectiveness.
Our analysis quantitatively reveals how, under certain situations, existing ²ow-based anonymous
systems would fail under ²ow-correlation attacks, thus providing useful guidelines for the design
of future anonymous systems.
anonymous communication; ²ow-correlation attack; mix network.
to this paper should be made as follows: Zhu, Y., Fu, X., Bettati, R. and Zhao, W.
(2007) ‘Analysis of ²ow-correlation attacks in anonymity network’,
Int. J. Security and Networks
Vol. 2, Nos. 1/2, pp.137–153.
He received his BSc in 1994 from Shanghai JiaoTong University and his MSc in 2002 from Texas
A&M University. His research interests include anonymous communication, network security,
peer-to-peer networking and traf±c engineering.
Xinwen Fu is an Assistant Professor in the College of Business and Information Systems at
Dakota State University. He received his BS (1995) and MS (1998) in Electrical Engineering
from Jiaotong University, China and University of Science and Technology of China, respectively.
He received his PhD (2005) in Computer Engineering from Texas A&M University. In 2005, he
joined Dakota State University as a faculty member. His current research interests are in anonymity
and other privacy issues in distributed systems such as the internet, mobile and sensor networks.