Studying the Anonymity Trilemma with a Discrete-event Mix Network Simulator

  title={Studying the Anonymity Trilemma with a Discrete-event Mix Network Simulator},
  author={Ania M. Piotrowska},
  journal={Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society},
  • Ania M. Piotrowska
  • Published 26 July 2021
  • Computer Science
  • Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society
In this work, we present a discrete event mix network simulator, that allows analysing how anonymity, latency, and bandwidth overhead are affected by various design choices (i.e., network topology, mixing technique, volume of traffic, packet size or use of cover traffic). To the best of our knowledge, this is the first such simulator as work on it began in 2017 to analyze the Loopix mix network, and the code of our simulator is available under an open-source license. To demonstrate the… 

Figures from this paper


The Loopix Anonymity System
A theoretical analysis of the Poisson mixing strategy as well as an empirical evaluation of the anonymity provided by the protocol and a functional implementation that is analyzed in terms of scalability by running it on AWS EC2 are provided.
Synchronous Batching: From Cascades to Free Routes
It is shown that free-route topologies can provide better anonymity as well as better message reliability in the event of partial network failure and a synchronous batching strategy can be used in various topologies.
Mixminion: design of a type III anonymous remailer protocol
Mixminion works in a real-world Internet environment, requires little synchronization or coordination between nodes, and protects against known anonymity-breaking attacks as well as or better than other systems with similar design parameters.
Towards an Information Theoretic Metric for Anonymity
An alternative information theoretic measure of anonymity is proposed which takes into account the probabilities of users sending and receiving the messages and is shown how to calculate it for a message in a standard mix-based anonymity system.
Website fingerprinting in onion routing based anonymization networks
It is shown that anonymity in Tor and JAP is not as strong as expected so far and cannot resist website fingerprinting attacks under certain circumstances, and this work is the first successful attack in the open-world scenario.
Shadow: Running Tor in a Box for Accurate and Efficient Experimentation
The design and implementation of Shadow is presented, an architecture for efficiently running accurate Tor experiments on a single machine and circuit scheduling is investigated and it is found that the EWMA circuit scheduler reduces aggregate client performance under certain loads when deployed to the entire Tor network.
Low-cost traffic analysis of Tor
New traffic-analysis techniques are presented that allow adversaries with only a partial view of the network to infer which nodes are being used to relay the anonymous streams and therefore greatly reduce the anonymity provided by Tor, and it is shown that otherwise unrelated streams can be linked back to the same initiator.
Locating hidden servers
This work presents fast and cheap attacks that reveal the location of a hidden server, the first actual intersection attacks on any deployed public network: thus confirming general expectations from prior theory and simulation.
Two Cents for Strong Anonymity: The Anonymous Post-office Protocol
The Anonymous Post-Office Protocol is introduced, a practical strongly-anonymous messaging system that offers strong anonymity against strong, globally-eavesdropping adversaries, that may also control multiple servers, including all-but-one servers in a mix-cascade.
Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System
A new MIX variant called “Stop-and-Go-MIX” (SG-MIx) is proposed which provides anonymity without identity verification, and it is proved that it is probabilistically secure.