Anon_Terminology_v0.7 - Anonymity, Unobservability, and...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Anonymity, Unobservability, and Pseudonymity – A Proposal for Terminology Change History Draft v0.1 July 28, 2000 Andreas Pfitzmann, [email protected] Draft v0.2 Aug. 25, 2000 Marit Köhntopp, [email protected] Draft v0.3 Aug. 26-Sep. 01, 2000 Andreas Pfitzmann, Marit Köhntopp Draft v0.4 Sep. 13, 2000 Andreas Pfitzmann, Marit Köhntopp Changes in sections Anonymity, Unobservability, Pseudonymity Draft v0.5 Oct. 03, 2000 Adam Shostack, [email protected], Andreas Pfitzmann, Marit Köhntopp Changed definitions, unlinkable pseudonym Draft v0.6 Nov. 26, 2000 Andreas Pfitzmann, Marit Köhntopp Changed order, role-relationship pseudonym, references Draft v0.7 Dec. 07, 2000 Marit Köhntopp, Relation to Information Hiding Terminology Abstract Based on the nomenclature of the early papers in the field, we propose a set of terminology which is both expressive and precise. More particularly, we define anonymity , unlinkability , unobservability , and pseudonymity ( pseudonyms and digital pseudonyms , and their attributes). We hope that the adoption of this terminology might help to achieve better progress in the field by avoiding that each researcher invents a language of his/her own from scratch. Of course, each paper will need additional vocabulary, which might be added consistently to the terms defined here. Setting We develop this terminology in the usual setting that senders send messages to recipients using a communication network. For other settings, e.g. users querying a database, customers shopping in an e-commerce shop, the same terminology can be derived by abstracting away the special names “sender”, “recipient”, and “message”. But for ease of explanation, we use the specific setting here. All statements are made from the perspective of an attacker who may be interested in monitoring what communication is occurring, what patterns of communication exist, or even in manipulating the communication. We assume that the attacker is not able to get information on the sender or recipient from the message content. Therefore, we do not mention the message content in the sequel. Anonymity To enable anonymity of a subject, there always has to be an appropriate set of subjects with potentially the same attributes.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
- 2 - Anonymity is the state of being not identifiable within a set of subjects, the anonymity set . The anonymity set is the set of all possible subjects who might cause an action. Therefore, a sender may be anonymous only within a set of potential senders, his/her sender anonymity set , which itself may be a subset of all subjects worldwide who may send messages from time to time. The same is true for the recipient, who may be anonymous within a set of potential recipients, which form his/her recipient anonymity set . Both anonymity sets may be disjoint, be the same, or they may overlap. Anonymity is the stronger, the larger the respective anonymity set is and the more evenly
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 01/18/2012 for the course CIS 4930 taught by Professor Staff during the Fall '08 term at University of Florida.

Page1 / 8

Anon_Terminology_v0.7 - Anonymity, Unobservability, and...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online