User talk:Yiztet

Crowds Protocol
Introduction

A system for anonymity on the web proposed by Reiter & Rubin. Provide users with a mechanism for anonymous Web browsing. The main idea behind Crowds anonymity protocol is to hide each user's communications by routing them randomly within a group of similar users. By Crowds protocol a corrupt group member or local eavesdropper that observes a message being sent by a particular user can never be sure  whether the user is the actual sender, or is simply routing another user's message.

How crowds works --- 1. Each user joins a crowd of other users by registering himself at the blender which is a single server responsible for membership management. When a user registers, all the other members in the crowd are notified. The blender is also responsible for key distribution, as it distributes symmetric keys to individual pairs of jondos, used for encryption and decryption, respectively,of packets routed along the virtual paths.

2. Each user is represented by a jondo on her machine which is an application that runs on a user’s computer.

3. Each jondo either submit request to end server or forwards it to a randomly chosen jondo(possibly itself).Other jondo tasks are to strip out any personal information sach as cookies,identifying header fields.

4. A jondo cannot tell if a request is initiated by the previous jondo or one before it.

5. Request and reply follow the same virtual paths which are constructed using an algorithm involving probabilities.The virtual paths are torn down and reconstructed on a regular basis to allow anonymity for newly added members.

What Crowds achieves -- Anonymity properties provided to an individual user against three distinct types of attackers:

1. A local eavesdropper - is an attacker who can observe all communication to and from the user's computer.

2. Collaborating crowd members - are other crowd members that can pool their information and even deviate from the prescribed protocol.

3. End server - is the web server to which the web transaction is directed.

SECURITY ANALYSIS

We consider the question of what information an attacker can learn about the senders and receivers of web transactions, given the mechanisms of Crowds we described.

Local eavesdropper -

Recall that every message forwarded on a path, except for the final request to the end server, is encrypted.Thus, while the eavesdropper is able to view any message emanating from the user's computer, it only views a message submitted to the end server if the user's jondo ultimately submits the user's request itself. Since the probability that the user's jondo ultimately submits the request is 1/n where n is the size of the crowd when the path was created.Thus We learn that the probability that the eavesdropper learns the identity of the receiver decreases as a function of crowd size. Moreover, when the user's jondo does not ultimately submit the request, the local eavesdropper sees only the encrypted address of the end server, which we suggest yields receiver anonymity that is (informally) beyond suspicion. (beyond suspicion - no user is more suspicious than other).

Collaborating jondos -

Consider a set of collaborating corrupted jondos in the crowd.Because each jondo can observe plaintext trafic on a path routed through it,any such trafic, including the address of the end server is exposed to this attacker. The question we consider here is if the attacker can determine who initiated the path.The goal of the collaborators is to determine the member that initiated the path. We now analyze how confident the collaborators can be that their immediate predecessor is in fact the path initiator:

Let Hk, k >= 1, denote the event that the first collaborator on the path occupies the kth position on the path, where the initiator itself occupies the 0th position (and possibly others).

Let define Hk+  =   Hk  or  Hk+1  or  Hk+2  or. . ..

Let I  denote the event that the first collaborator on the path is immediately preceded on the path by the path initiator.

Note that H1 => I, but the converse  I => H1 is not true, because the initiating jondo might appear on the path multiple times.There can be a case where path is composed as follow:

initiator jondo(0 - position) > jondo(1 - position)  > initiator jondo(2 - position) > Collaborating jondo(3 - position)

Note that the first collaborator on the path is in the 3th position.

Given this notation, the collaborators now hope to determine: P(I|H1+) - given that a collaborator is on the path, what is the probability that the path initiator is the first collaborator's immediate predecessor?

Let define:

probable innocence - each user is more likely innocent than not.

In order to yield probable innocence for the path initiator, certain conditions must be met in our system. In particular, let

pf > 1/2  be the probability of forwarding in the system.

c -  denote the number of collaborators in the crowd.

n -  denote the total number of crowd members when the path is formed.

The theorem below gives a suficient condition on pf, c, and n to ensure probable innocence for the path initiator.

Main Theorem:The path initiator has probable innocence against c collaborators in case:

$$n \geq \frac{p_f}{p_f - \frac{1}{2}}\left( c + 1\right)$$