Understanding the effects of real-world behavior in statistical disclosure attacks

  title={Understanding the effects of real-world behavior in statistical disclosure attacks},
  author={Simon Oya and Carmela Troncoso and Fernando P{\'e}rez-Gonz{\'a}lez},
  journal={2014 IEEE International Workshop on Information Forensics and Security (WIFS)},
High-latency anonymous communication systems prevent passive eavesdroppers from inferring communicating partners with certainty. However, disclosure attacks allow an adversary to recover users' behavioral profiles when communications are persistent. Understanding how the system parameters affect the privacy of the users against such attacks is crucial. Earlier work in the area analyzes the performance of disclosure attacks in controlled scenarios, where a certain model about the users' behavior… 

Figures and Tables from this paper

Design of Pool Mixes Against Profiling Attacks in Real Conditions
This paper proposes a theoretical model for users' sending behavior and uses this model to perform a privacy analysis of the system and obtains the delay function of the mix, which is optimal in the sense of protecting the users.
Design and Simulation of New Anonymous Intelligent Authentication for 4 G ( LTE ) Mobile Communication Network
The proposed security architecture enhances the LTE security level by solving the problem of using the User Equipment (UE) master key for all users which is used in the authentication standard protocol.


Understanding Statistical Disclosure: A Least Squares Approach
The LSDA is presented, a novel disclosure attack based on the Maximum Likelihood (ML) approach, in which user profiles are estimated solving a Least Squares problem, and it is verified through simulation that the predictors for the error closely model reality, and that the LSDA recovers users' profiles with greater accuracy than its predecessors.
Meet the family of statistical disclosure attacks
A framework to compare between the members of the statistical disclosure attack family is proposed and it is confirmed that LSDA outperforms the SDA family when the adversary has enough observations of the system.
Perfect Matching Disclosure Attacks
The Perfect Matching Disclosure Attack is developed, an efficient attack based on graph theory that operates without any assumption on user behavior that is highly effective when de-anonymizing mixing rounds and can be used to enhance user profile estimations.
You cannot hide for long: de-anonymization of real-world dynamic behaviour
This work introduces the sequential statistical disclosure technique, which explicitly takes into account the evolution of user behavior over time and outperforms traditional profiling techniques, both at detection and quantification of rates of actions.
Practical Traffic Analysis: Extending and Resisting Statistical Disclosure
This work describes how an eavesdropper can learn sender-receiver connections even when the substrate is a network of pool mixes, the attacker is non-global, and senders have complex behavior or generate padding messages.
Do Dummies Pay Off? Limits of Dummy Traffic Protection in Anonymous Communications
Focusing on the particular case of a timed pool mix, it is shown how, given a privacy target, the performance analysis can be used to design optimal dummy strategies to protect this objective.
A Least Squares approach to user profiling in pool mix-based anonymous communication systems
This paper studies the performance of the Least Squares Disclosure Attack (LSDA), an approach to disclosure rooted in Maximum Likelihood parameter estimation that recovers user profiles with greater accuracy than previous work.
Statistical disclosure attacks: Traffic confirmation in open environments
An improvement over the previously known disclosure attack is presented that allows, using statistical methods, to effectively deanonymize users of a mix system. Furthermore the statistical
Vida: How to Use Bayesian Inference to De-anonymize Persistent Communications
The Red-Blue model of the Vida family of abstractions of anonymous communication systems is evaluated to find that it is competitive with other established long-term traffic analysis attacks, while additionally providing reliable error estimates, and being more flexible and expressive.
Statistical Disclosure Attacks
An improvement over the previously known disclosure attack is presented that allows, using statistical methods, to effectively deanonymize users of a mix system. Furthermore the statistical