Degree of anonymity

Last updated June 12, 2022

In anonymity networks (e.g., Tor, Crowds, Mixmaster, I2P, etc.), it is important to be able to measure quantitatively the guarantee that is given to the system. The degree of anonymity $d$ is a device that was proposed at the 2002 Privacy Enhancing Technology (PET) conference. There were two papers that put forth the idea of using entropy as the basis for formally measuring anonymity: "Towards an Information Theoretic Metric for Anonymity", and "Towards Measuring Anonymity". The ideas presented are very similar with minor differences in the final definition of $d$ .

Background

Anonymity networks have been developed and many have introduced methods of proving the anonymity guarantees that are possible, originally with simple Chaum Mixes and Pool Mixes the size of the set of users was seen as the security that the system could provide to a user. This had a number of problems; intuitively if the network is international then it is unlikely that a message that contains only Urdu came from the United States, and vice versa. Information like this and via methods like the predecessor attack and intersection attack helps an attacker increase the probability that a user sent the message.

Example With Pool Mixes

As an example consider the network shown above, in here $A,B,C$ and $D$ are users (senders), $Q,R,S$ , and $T$ are servers (receivers), the boxes are mixes, and $\{A,B\}\in T$ , $\{A,B,C\}\in S$ and $\{A,B,C,D\}\in Q,R$ where $\in$ denotes the anonymity set. Now as there are pool mixes let the cap on the number of incoming messages to wait before sending be $2$ ; as such if $A,B$ , or $C$ is communicating with $R$ and $S$ receives a message then $S$ knows that it must have come from $E$ (as the links between the mixes can only have $1$ message at a time). This is in no way reflected in $S$ 's anonymity set, but should be taken into account in the analysis of the network.

Degree of Anonymity

The degree of anonymity takes into account the probability associated with each user, it begins by defining the entropy of the system (here is where the papers differ slightly but only with notation, we will use the notation from .):
$H(X):=\sum _{i=1}^{N}\left[p_{i}\cdot \lg \left({\frac {1}{p_{i}}}\right)\right]$ , where $H(X)$ is the entropy of the network, $N$ is the number of nodes in the network, and $p_{i}$ is the probability associated with node $i$ . Now the maximal entropy of a network occurs when there is uniform probability associated with each node $\left({\frac {1}{N}}\right)$ and this yields $H_{M}:=H(X)\gets \lg(N)$ . The degree of anonymity (now the papers differ slightly in the definition here, defines a bounded degree where it is compared to $H_{M}$ and gives an unbounded definition—using the entropy directly, we will consider only the bounded case here) is defined as
$d:=1-{\frac {H_{M}-H(X)}{H_{M}}}={\frac {H(X)}{H_{M}}}$ . Using this anonymity systems can be compared and evaluated using a quantitatively analysis.

Definition of Attacker

These papers also served to give concise definitions of an attacker:

Internal/External: an internal attacker controls nodes in the network, whereas an external can only compromise communication channels between nodes.
Passive/Active: an active attacker can add, remove, and modify any messages, whereas a passive attacker can only listen to the messages.
Local/Global: a local attacker has access to only part of the network, whereas a global can access the entire network.

Example $d$

In the papers there are a number of example calculations of $d$ ; we will walk through some of them here.

Crowds

In Crowds there is a global probability of forwarding ( $p_{f}$ ), which is the probability a node will forward the message internally instead of routing it to the final destination. Let there be $C$ corrupt nodes and $N$ total nodes. In Crowds the attacker is internal, passive, and local. Trivially $H_{M}\gets \lg(N-C)$ , and overall the entropy is $H(x)\gets {\frac {N-p_{f}\cdot (N-C-1)}{N}}\cdot \lg \left[{\frac {N}{N-p_{f}\cdot (N-C-1)}}\right]+p_{f}\cdot {\frac {N-C-1}{N}}\cdot \lg \left[N/p_{f}\right]$ , $d$ is this value divided by $H_{M}$ .

Onion routing

In onion routing let's assume the attacker can exclude a subset of the nodes from the network, then the entropy would easily be $H(X)\gets \lg(S)$ , where $S$ is the size of the subset of non-excluded nodes. Under an attack model where a node can both globally listen to message passing and is a node on the path this decreases to $H(X)\gets \lg(L)$ , where $L$ is the length of the onion route (this could be larger or smaller than $S$ ), as there is no attempt in onion routing to remove the correlation between the incoming and outgoing messages.

Applications of this metric

In 2004, Diaz, Sassaman, and DeWitte presented an analysis of two anonymous remailers using the Serjantov and Danezis metric, showing one of them to provide zero anonymity under certain realistic conditions.

Related Research Articles

Information theory is the scientific study of the quantification, storage, and communication of digital information. The field was fundamentally established by the works of Harry Nyquist and Ralph Hartley, in the 1920s, and Claude Shannon in the 1940s. The field is at the intersection of probability theory, statistics, computer science, statistical mechanics, information engineering, and electrical engineering.

In information theory, the entropy of a random variable is the average level of "information", "surprise", or "uncertainty" inherent to the variable's possible outcomes. Given a discrete random variable $, which takes values in the alphabet and is distributed according to :$

In the field of data compression, Shannon–Fano coding, named after Claude Shannon and Robert Fano, is a name given to two different but related techniques for constructing a prefix code based on a set of symbols and their probabilities.

The principle of maximum entropy states that the probability distribution which best represents the current state of knowledge about a system is the one with largest entropy, in the context of precisely stated prior data.

A Bayesian network is a probabilistic graphical model that represents a set of variables and their conditional dependencies via a directed acyclic graph (DAG). Bayesian networks are ideal for taking an event that occurred and predicting the likelihood that any one of several possible known causes was the contributing factor. For example, a Bayesian network could represent the probabilistic relationships between diseases and symptoms. Given symptoms, the network can be used to compute the probabilities of the presence of various diseases.

The ground state of a quantum-mechanical system is its stationary state of lowest energy; the energy of the ground state is known as the zero-point energy of the system. An excited state is any state with energy greater than the ground state. In quantum field theory, the ground state is usually called the vacuum state or the vacuum.

In statistics, the (binary) logistic model is a statistical model that models the probability of one event taking place by having the log-odds for the event be a linear combination of one or more independent variables ("predictors"). In regression analysis, logistic regression is estimating the parameters of a logistic model. Formally, in binary logistic regression there is a single binary dependent variable, coded by a indicator variable, where the two values are labeled "0" and "1", while the independent variables can each be a binary variable or a continuous variable. The corresponding probability of the value labeled "1" can vary between 0 and 1, hence the labeling; the function that converts log-odds to probability is the logistic function, hence the name. The unit of measurement for the log-odds scale is called a logit, from logistic unit, hence the alternative names. See § Background and § Definition for formal mathematics, and § Example for a worked example.

In probability and statistics, an exponential family is a parametric set of probability distributions of a certain form, specified below. This special form is chosen for mathematical convenience, based on some useful algebraic properties, as well as for generality, as exponential families are in a sense very natural sets of distributions to consider. The term exponential class is sometimes used in place of "exponential family", or the older term Koopman–Darmois family. The terms "distribution" and "family" are often used loosely: specifically, an exponential family is a set of distributions, where the specific distribution varies with the parameter; however, a parametric family of distributions is often referred to as "a distribution", and the set of all exponential families is sometimes loosely referred to as "the" exponential family. They are distinct because they possess a variety of desirable properties, most importantly the existence of a sufficient statistic.

In statistics, Gibbs sampling or a Gibbs sampler is a Markov chain Monte Carlo (MCMC) algorithm for obtaining a sequence of observations which are approximated from a specified multivariate probability distribution, when direct sampling is difficult. This sequence can be used to approximate the joint distribution ; to approximate the marginal distribution of one of the variables, or some subset of the variables ; or to compute an integral. Typically, some of the variables correspond to observations whose values are known, and hence do not need to be sampled.

In information theory, the information content, self-information, surprisal, or Shannon information is a basic quantity derived from the probability of a particular event occurring from a random variable. It can be thought of as an alternative way of expressing probability, much like odds or log-odds, but which has particular mathematical advantages in the setting of information theory.

Quantum statistical mechanics is statistical mechanics applied to quantum mechanical systems. In quantum mechanics a statistical ensemble is described by a density operator S, which is a non-negative, self-adjoint, trace-class operator of trace 1 on the Hilbert space H describing the quantum system. This can be shown under various mathematical formalisms for quantum mechanics. One such formalism is provided by quantum logic.

In mathematical statistics, the Kullback–Leibler divergence, $, is a statistical distance: a measure of how one probability distribution P is different from a second, reference probability distribution Q . A simple interpretation of the divergence of P from Q is the expected excess surprise from using Q as a model when the actual distribution is P . While it is a distance, it is not a metric, the most familiar type of distance: it is asymmetric in the two distributions, and does not satisfy the triangle inequality. Instead, in terms of information geometry, it is a divergence, a generalization of squared distance, and for certain classes of distributions, it satisfies a generalized Pythagorean theorem.$

In information theory, Shannon's source coding theorem establishes the limits to possible data compression, and the operational meaning of the Shannon entropy.

In information theory, the cross-entropy between two probability distributions $and over the same underlying set of events measures the average number of bits needed to identify an event drawn from the set if a coding scheme used for the set is optimized for an estimated probability distribution, rather than the true distribution .$

In statistics and information theory, a maximum entropy probability distribution has entropy that is at least as great as that of all other members of a specified class of probability distributions. According to the principle of maximum entropy, if nothing is known about a distribution except that it belongs to a certain class, then the distribution with the largest entropy should be chosen as the least-informative default. The motivation is twofold: first, maximizing entropy minimizes the amount of prior information built into the distribution; second, many physical systems tend to move towards maximal entropy configurations over time.

Crowds is a proposed anonymity network for anonymous web browsing. The main idea behind Crowds anonymity protocol is to hide each user's communications by routing them randomly within a group of similar users. Neither the collaborating group members nor the end receiver can therefore be sure where in the group the packet originated. Crowds was designed by Michael K. Reiter and Aviel D. Rubin. It defends against internal attackers and a corrupt receiver, but provides no anonymity against a global attacker or a local eavesdropper. Crowds is vulnerable to the predecessor attack; this was discussed in Reiter and Rubin's paper and further expanded in "The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems" by Matthew K. Wright, Micah Adler, And Brian Neil Levine. Crowds introduced the concept of users blending into a crowd of computers.

This article discusses how information theory is related to measure theory.

Rubber elasticity refers to a property of crosslinked rubber: it can be stretched by up to a factor of 10 from its original length and, when released, returns very nearly to its original length. This can be repeated many times with no apparent degradation to the rubber. Rubber is a member of a larger class of materials called elastomers and it is difficult to overestimate their economic and technological importance. Elastomers have played a key role in the development of new technologies in the 20th century and make a substantial contribution to the global economy. Rubber elasticity is produced by several complex molecular processes and its explanation requires a knowledge of advanced mathematics, chemistry and statistical physics, particularly the concept of entropy. Entropy may be thought of as a measure of the thermal energy that is stored in a molecule. Common rubbers, such as polybutadiene and polyisoprene, are produced by a process called polymerization. Very long molecules (polymers) are built up sequentially by adding short molecular backbone units through chemical reactions. A rubber polymer follows a random, zigzag path in three dimensions, intermingling with many other rubber molecules. An elastomer is created by the addition of a few percent of a cross linking molecule such as sulfur. When heated, the crosslinking molecule causes a reaction that chemically joins (bonds) two of the rubber molecules together at some point. Because the rubber molecules are so long, each one participates in many crosslinks with many other rubber molecules forming a continuous molecular network. As a rubber band is stretched, some of the network chains are forced to become straight and this causes a decrease in their entropy. It is this decrease in entropy that gives rise to the elastic force in the network chains.

In information theory, Shannon–Fano–Elias coding is a precursor to arithmetic coding, in which probabilities are used to determine codewords.

Maximal entropy random walk (MERW) is a popular type of biased random walk on a graph, in which transition probabilities are chosen accordingly to the principle of maximum entropy, which says that the probability distribution which best represents the current state of knowledge is the one with largest entropy. While standard random walk chooses for every vertex uniform probability distribution among its outgoing edges, locally maximizing entropy rate, MERW maximizes it globally by assuming uniform probability distribution among all paths in a given graph.

References

^ See Towards Measuring Anonymity Claudia Diaz and Stefaan Seys and Joris Claessens and Bart Preneel (April 2002). Roger Dingledine and Paul Syverson (ed.). "Towards measuring anonymity". Proceedings of Privacy Enhancing Technologies Workshop (PET 2002). Springer-Verlag, LNCS 2482. Archived from the original on July 10, 2006. Retrieved 2005-11-10.
^ See Towards an Information Theoretic Metric for Anonymity Andrei Serjantov and George Danezis (April 2002). Roger Dingledine and Paul Syverson (ed.). "Towards an Information Theoretic Metric for Anonymity". Proceedings of Privacy Enhancing Technologies Workshop (PET 2002). Springer-Verlag, LNCS 2482. Archived from the original on July 19, 2004. Retrieved 2005-11-10.
^ See Comparison Between Two Practical Mix Designs Claudia Diaz and Len Sassaman and Evelyn Dewitte (September 2004). Dieter Gollmann (ed.). "Comparison Between Two Practical Mix Designs" (PDF). Proceedings of European Symposium on Research in Computer Security (ESORICS 2004). Springer-Verlag, LNCS 3193. Retrieved 2008-06-06.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

Degree of anonymity

Contents

Background

Example With Pool Mixes

Degree of Anonymity

Definition of Attacker

Example $d$

Crowds

Onion routing

Applications of this metric

See also

Related Research Articles

References

Degree of anonymity

Contents

Background

Example With Pool Mixes

Degree of Anonymity

Definition of Attacker

Example d{\displaystyle d}

Crowds

Onion routing

Applications of this metric

See also

Related Research Articles

References

Example $d$