disad-free-routes - The Disadvantages of Free MIX Routes and How to Overcome Them Oliver Berthold1 Andreas Pfitzmann1 and Ronny Standtke2 1 Dresden

The Disadvantages of Free MIX Routes and How to Overcome Them Oliver Berthold 1 , Andreas Pfitzmann 1 , and Ronny Standtke 2 1 Dresden University of Technology, Germany { ob2,pfitza } @inf.tu-dresden.de 2 Secunet, Dresden [email protected] Abstract. There are different methods to build an anonymity service using MIXes. A substantial decision for doing so is the method of choos- ing the MIX route. In this paper we compare two special configurations: a fixed MIX route used by all participants and a network of freely usable MIXes where each participant chooses his own route. The advantages and disadvantages in respect to the freedom of choice are presented and examined. We’ll show that some additional attacks are possible in net- works with freely chosen MIX routes. After describing these attacks, we estimate their impact on the achievable degree of anonymity. Finally, we evaluate the relevance of the described attacks with respect to existing systems like e.g. Mixmaster, Crowds, and Freedom. 1 Introduction The concept of MIXes was developed in 1981 by David Chaum [3], in order to enable unobservable communication between users of the internet. A single MIX does nothing else than hiding the correlation between incoming and outgoing messages within a large group of messages. If participants exclusively use such a MIX for sending messages to each other, their communication relations will be unobservable - even though if the attacker does control all the network connections. Without additional information not even the receiver gets to know the identity of the message’s sender. When using only one MIX, one has to rely upon its security completely. Therefore usually several MIXes are used in a chain. Now, any single MIX does not have all the information which is needed to reveal communication relations. At worst, a MIX may only know either sender or receiver. According to the attacker model for MIXes, the communication relations have to be kept secret even in case that all but one MIX cooperate with an attacker who taps all lines (called global attacker ). But a sufficient number of reliable participants is necessary: A single participant can not be anonymous if all or most of the other participants are controlled by the attacker. All possible attacks on a MIX network are to be examined with regard to that attacker model. H. Federrath (Ed.): Anonymity 2000, LNCS 2009, pp. 30–45, 2001. c Springer-Verlag Berlin Heidelberg 2001

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document

The Disadvantages of Free MIX Routes 31 There are different possibilities to organise the co-operation of several MIXes. Generally, all MIXes exist independently from each other in the internet. When anybody wants to use a certain MIX, he simply sends his message to it, respec- tively, he has another MIX send his message to it. This kind of co-operation is further called a MIX network .