to A TAXONOMY FOR AND ANALYSIS OF ANONYMOUS COMMUNICATIONS NETWORKS DISSERTATION Douglas Kelly, GG-14 AFIT/DCS/ENG/09-08 AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson Air Force Base, Ohio APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED The views expressed in this dissertation are those of the author and do not reflect the official policy or position of the United States Air Force, Department of Defense, or the U.S. Government. A TAXONOMY FOR AND ANALYSIS OF ANONYMOUS COMMUNICATIONS NETWORKS DISSERTATION Presented to the Faculty Graduate School of Engineering and Management Air Force Institute of Technology Air University Air Education and Training Command In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy Douglas J. Kelly, BS, MS, MBA March 2009 APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED AFIT/DCS/ENG/09-08 A TAXONOMY FOR AND ANALYSIS OF ANONYMOUS COMMUNICATIONS NETWORKS DISSERTATION Douglas J. Kelly, BS, MS, MBA Approved: __________//SIGNED//________________ _16 Mar 09_ Dr. Richard A. Raines (Chairman) Date __________//SIGNED//________________ _16 Mar 09_ Dr. Barry E. Mullins (Member) Date __________//SIGNED//________________ _16 Mar 09_ Dr. Rusty O. Baldwin (Member) Date __________//SIGNED//________________ _16 Mar 09_ Dr. Michael R. Grimaila (Member) Date Accepted: __________//SIGNED//________________ _18 Mar 09_ Dr. M. U. Thomas Date Dean, Graduate School of Engineering and Management - iii - AFIT/DCS/ENG/09-08 Abstract Any entity operating in cyberspace is susceptible to debilitating attacks. With cyber attacks intended to gather intelligence and disrupt communications rapidly replacing the threat of conventional and nuclear attacks, a new age of warfare is at hand. In 2003, the United States acknowledged that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Even President Obama’s Cybersecurity Chief-elect recognizes the challenge of increasingly sophisticated cyber attacks. Now through April 2009, the White House is reviewing federal cyber initiatives to protect US citizen privacy rights. Indeed, the rising quantity and ubiquity of new surveillance technologies in cyberspace enables instant, undetectable, and unsolicited information collection about entities. Hence, anonymity and privacy are becoming increasingly important issues. Anonymization enables entities to protect their data and systems from a diverse set of cyber attacks and preserves privacy. This research provides a systematic analysis of anonymity degradation, preservation and elimination in cyberspace to enhance the security of information assets. This includes discovery/obfuscation of identities and actions of/from potential adversaries. First, novel taxonomies are developed for classifying and comparing well-established anonymous networking protocols. These expand the classical definition of anonymity and capture the peer-to-peer and mobile ad hoc anonymous protocol family relationships. Second, a unique synthesis of state-of- the-art anonymity metrics is provided. This significantly aids an entity’s ability to reliably measure changing anonymity levels; thereby, increasing their ability to defend against cyber attacks. Finally, a novel epistemic-based mathematical model is created to characterize how an adversary reasons with knowledge to degrade anonymity. This offers multiple anonymity property representations and well-defined logical proofs to ensure the accuracy and correctness of current and future anonymous network protocol design. - iv - AFIT/DCS/ENG/09-08 Acknowledgments Special thanks go to my advisor and committee members who were extremely supportive during some very difficult times while pursuing this degree. Succinctly, my committee members and agency executive support enabled me to grow professionally and contribute eight academic papers in my field. Most PhD candidates deservedly praise their wives and/or significant others for their tremendous love, support, and understanding while advancing their career. I am able to attest to the significant advantage such support provides for I had no such personal support to draw strength from. Nonetheless, I acknowledge God for giving me the fortitude to continue to make progress in my studies and ultimately become successful during this challenging but rewarding academic experience. v AFIT/DCS/ENG/09-08 Table of Contents Abstract .............................................................................................................................. iv Acknowledgments.............................................................................................................. iv Table of Contents ............................................................................................................... vi List of Figures .................................................................................................................. xiv List of Tables ................................................................................................................... xiv List of Acronyms .............................................................................................................. xv I. Introduction ................................................................................................................. 1 1.0 Background .......................................................................................................... 1 1.1 Problem Statement ............................................................................................... 3 1.2 Research Objectives ............................................................................................. 4 1.3 Assumptions/Limitations ..................................................................................... 5 1.4 Implications.......................................................................................................... 6 1.5 Summary .............................................................................................................. 6 II. Literature Review........................................................................................................ 8 2.0 Chapter Overview ................................................................................................ 8 2.1 Background .......................................................................................................... 8 2.1.1 Privacy. ......................................................................................................... 9 2.1.2 Identity. ....................................................................................................... 11 2.1.3 Anonymity. ................................................................................................. 11 2.1.3.1 Advantages. .......................................................................................... 13 2.1.3.2 Disdvantages. ....................................................................................... 15 2.1.4 Pseudonymity. ............................................................................................. 17 2.1.5 Reputation. .................................................................................................. 18 2.1.5.1 eBay. .................................................................................................... 18 2.2 Nomenclature ..................................................................................................... 19 2.2.1 Fundamental Anonymity Properties. .......................................................... 19 2.2.2 The Adversary. ............................................................................................ 23 2.2.3 The Attacks. ................................................................................................ 24 2.2.4 The Mix. ...................................................................................................... 27 2.3 Anonymous Networks ....................................................................................... 33 vi AFIT/DCS/ENG/09-08 2.3.1 Wired Networks. ......................................................................................... 34 2.3.1.1 Anonymizer.......................................................................................... 34 2.3.1.2 Java Anon Proxy. ................................................................................. 35 2.3.1.3 PipeNet. ................................................................................................ 35 2.3.1.4 Onion Routing (Tor). ........................................................................... 36 2.3.1.5 Freedom Network. ............................................................................... 37 2.3.1.6 Cyberpunk (Type I remailer). .............................................................. 37 2.3.1.7 Mixmaster (Type II remailer). ............................................................. 38 2.3.1.8 Mixminion (Type III remailer). ........................................................... 38 2.3.1.9 DC-Net. ................................................................................................ 39 2.3.1.10 Herbivore. .......................................................................................... 39 2.3.1.11 Crowds. .............................................................................................. 40 2.3.1.12 Hordes. ............................................................................................... 40 2.3.1.13 P5. ....................................................................................................... 40 2.3.1.14 Tarzan. ............................................................................................... 41 2.3.1.15 WonGoo. ............................................................................................ 41 2.3.1.16 Cashmere............................................................................................ 41 2.3.1.17 MAM.................................................................................................. 42 2.3.2 Wireless Networks. ..................................................................................... 42 2.3.2.1 SDAR. .................................................................................................. 44 2.3.2.2 AnonDSR. ............................................................................................ 44 2.3.2.3 MASK. ................................................................................................. 45 2.3.2.4 ARM. ................................................................................................... 45 2.3.2.5 ODAR. ................................................................................................. 46 2.3.2.6 AMUR.................................................................................................. 46 2.3.2.7 HANOR. .............................................................................................. 47 2.3.2.8 ANODR. .............................................................................................. 47 2.3.2.9 SDDR. .................................................................................................. 48 2.3.2.10 ASR. ................................................................................................... 48 2.3.2.11 ZAP. ................................................................................................... 49 2.3.2.12 AODPR. ............................................................................................. 49 vii AFIT/DCS/ENG/09-08 2.3.2.13 AO2P.................................................................................................. 50 2.3.2.14 SAS. ................................................................................................... 50 2.3.2.15 ASC. ................................................................................................... 50 2.3.2.16 ASRPAKE. ........................................................................................ 51 2.4 Quantifying Anonymity ..................................................................................... 51 2.4.1 Anonymity Set Size. ................................................................................... 52 2.4.2 Individual Anonymity Degree. ................................................................... 53 2.4.3 Entropy Anonymity. ................................................................................... 54 2.4.3.1 Effective Anonymity Set Size. ............................................................. 56 2.4.4 Normalized Entropy Anonymity Degree. ................................................... 59 2.4.5 Negligibility-based Identity-free Anonymity. ............................................ 61 2.4.6 Localized Real-time Anonymity. ................................................................ 63 2.4.7 Combinatorial Anonymity Degree. ............................................................. 66 2.4.8 Evidence Theory Anonymity. ..................................................................... 69 2.4.9 k-Anonymity. .............................................................................................. 73 2.4.9.1 Data Privacy k-Anonymity. ................................................................. 74 2.4.9.2 Destination k-Anonymity Zone. .......................................................... 75 2.4.9.3 Personalized Location k-Anonymity. ................................................... 80 2.4.10 Multicast Anonymity. ............................................................................... 83 2.5 Formalizing Anonymity ..................................................................................... 86 2.5.1 Conceptual Framework. .............................................................................. 90 2.5.1.1 Group Support System Framework. .................................................... 91 2.5.1.2 Collaborative Peer Group Framework. ................................................ 92 2.5.1.3 Connection Anonymity Framework. ................................................... 94 2.5.1.4 Summary. ............................................................................................. 96 2.5.2 Probabilistic and Nondeterministic Systems. ............................................. 97 2.5.3 Group Principals. ........................................................................................ 99 2.5.4 Multi-agent Systems. ................................................................................ 101 2.6 Logics ............................................................................................................... 104 2.6.1 Modal Logics. ........................................................................................... 105 2.6.2 Epistemic Logic. ....................................................................................... 107 viii AFIT/DCS/ENG/09-08 2.6.3 KT45n Logic.............................................................................................. 108 2.6.3.1 KT45n Syntax. ................................................................................... 108 2.6.3.2 KT45n Rules. ...................................................................................... 109 2.6.3.3 KT45n Semantics. .............................................................................. 113 2.6.4 Logical Posibilistic Anonymity. ............................................................... 114 2.6.5 Logical Probabilistic Anonymity. ............................................................. 116 2.6.6 Temporal Logics. ...................................................................................... 117 2.7 Process Calculi ................................................................................................. 119 2.7.1 Communications Sequential Processes (CSP). ......................................... 119 2.7.1.1 System Model. ................................................................................... 120 2.7.1.2 Applications. ...................................................................................... 122 2.7.2 π-Calculus. ................................................................................................ 123 2.7.2.1 Syntax. ............................................................................................... 124 2.7.2.2 Semantics. .......................................................................................... 125 2.7.2.3 Variants and Applications. ................................................................. 125 2.7.3 Comparison. .............................................................................................. 126 2.8 Function Views ................................................................................................ 128 2.8.1 Function Knowledge. ................................................................................ 128 2.8.2 Opaqueness. .............................................................................................. 129 2.8.3 Modular Approach. ................................................................................... 130 2.9 Summary .......................................................................................................... 132 III. Methodology ....................................................................................................... 134 3.0 Chapter Overview ............................................................................................ 134 3.1 Motivation ........................................................................................................ 134 3.1.1 Develop Anonymous Network Taxonomy. .............................................. 137 3.1.2 Evaluate Emerging Anonymity Metrics. .................................................. 137 3.1.3 Create a Formal Model. ............................................................................ 138 3.2 Summary .......................................................................................................... 139 IV. Anonymous Network Taxonomy Analysis and Results ..................................... 140 4.0 Chapter Overview ............................................................................................ 140 4.1 Anonymity Properties ...................................................................................... 140 ix
Description: