Anonymous communication over social networks

1
Anonymous communication over social networks

• Shishir Nagaraja
• Security Group
• Computer Laboratory

2
What is anonymity?

• You cant tell who did what.

Who wrote this blog post?
Who is accessing this website?!!
Who drew this cartoon?
3

• More formally, it means indistinguishability from
  an anonymity set.

a
b
d
User1
c
The attacker cant tell who User1 is talking to!
f
e
n
4
What anonymity is not

• It isnt cryptography.

User1
User x
Attacker
Random content
5
What anonymity is not

• It isnt steganography.

6
So what does anonymity mean, again?

• Unlinkability Hide the connection between the
  senders and the recipients.
• Untraceability Hide the connection between
  actions of the same sender.
• Unobservability Hide the fact that the user is
  talking.
• Sender and Recipient anonymity.
• High Latency vs Low Latency systems.

7
Introducing mix-networks!
Source R. Dingledine, Mixminion, PET 2003.
8
Anonymity with Mix networks
Source R. Dingledine, Mixminion, PET 2003.
9
Basic aim

• We present a mix network topology that is based
  on social networks
• We would like to analyze the anonymity such
  networks provide under a high-latency assumption.

10
Why is this a good idea?

• Unlike encryption, its not enough for just a few
  users to want anonymity. The infrastructure must
  participate!
• Systems need cover traffic. (to attract
  high-sensitivity users one needs low sensitivity
  users)
• Why should a mix server process your traffic?
• Do you talk a lot to your friends? then you
  need less cover traffic
• It is much more difficult to block communication
  with your friends than well known mix nodes on
  the Internet.

11
A plausible setting High latency mix network

• Consider the live-journal network of friendship
  ties.
• Assume that sometime in the future, users have a
  live-journal client that can run a mix.
• Users running mix nodes publish their mix keys on
  their area.
• Users discover mixes with random walks.
• Senders select routes from this topology.

12
Measuring Anonymity

• We use the information theoretic metric of
  Danezis and Serjantov (2003)
• Anonymity of a system may be defined as the
  amount of information the attacker is missing to
  uniquely identify an actors link to an action.

??(?i)
13
theoretical anonymity bounds in this case?

• Path selection is abstracted as a random walk.
• Mixing rate on scale-free graphs steps in which
  the random walk converges to the Markov chain
  stationary distribution.

14

• Applying results from spectral graph theory of BA
  scale-free networks (Mihail et.al. 2005) we find
  that conductance is a constant for all scalefree
  graphs with dmingt2.

15
Example

• Consider an expander graph of size 1000 with
  40links per node (gives you good expansion
  properties)
• The fundamental limit of how quickly a network
  can mix depends on ?2gt0.3122
• In a social network using a BA-scalefree model we
  have for 1000 nodes with 4 edges per node ?2
  gt0.6363229
• 4-6 steps for expander vs 8-10 for a scalefree
  graph.

16
Convergence
17
Corrupt nodes
Anonymity Network
Mix1
User 1
User a
Mix1
User 2
Mix1
User 3
User b
Mix1
Mix1
User n
User c
Attacker
18
(No Transcript)
19
Conclusions

• RW on social networks based on BA scalefree
  graphs will take longer to converge, but youll
  get there.
• We have applied results from graph theory of
  skewed degree topologies to throw light on how
  anonymity on these networks may be analyzed.
• Further evaluation of anonymous communication
  over social networks should be exciting!

20
Definitions