Title: On the impact of Cross-Layer Information Leakage on Anonymity in Crowds

Authors: Panchenko, A.

Publisher: ACM

ISBN: 978-1-4503-3757-1

DOI: 10.1145/2815317.2815325

Repository Link: http://dl.acm.org/citation.cfm?doid=2815317.2815325

Abstract: Common anonymizers focus only on a part of the users’ personal identification information, namely on the network addresses of the communicating parties. In the light of the entire communication stack, even if the network addresses are perfectly anonymized, information leakage at one of the other layers can completely wipe out the entire effort. No popular anonymization network follows a holistic approach; all neglect the other layers. For example, at the application layer, they neither filter out nor even warn about information that may look innocent to the end-user, though it may be revealing. Security analysis of anonymizing networks usually also focuses only on a single layer. It has been shown that in theory taking more layers into account may help to enhance attacks. In this paper, we show how innocent-looking application layer data can be practically used to speed-up the network-layer attack in the Crowds anonymization system, which is often applied in wireless and mobile networks. To this end, we define two new attacks — the cross-layer and the combined attack — to facilitate the process and show their superiority compared to the earlier predecessor attack. The attacks we propose allow not only building extensive user profiles at low cost, but also speeding up traditional network layer attacks, which are targeted at the identification of users’ peer partners. Our analysis uncovers the consequences of ignoring the consideration of information that is available to the attacker. Without a holistic approach to analysis, it is not possible to perform a realistic threat assessment.



PRIVACY FLAG is at the moment one of the six EU projects on privacy innovation. The others are listed below:
VisiOn – Visual Privacy Management in User Centric Open Environments
Operando – Online privacy enforcement, rights assurance & optimization
Panoramix – Privacy and Accountability in Networks via Optimized Randomized Mix-nets
• Types – Towards transparencY and Privacy in the onlinE advertising business
SafeCloud – Secure and Resilient Cloud Architecture, www.safecloud-project.eu

PRIVACY FLAG also shares common interests with EU Projects in areas such as Internet of Things (IoT) and Smart Cities. These are:
Organicity EU project – Co-creating smart cities of the future
• U4IoT – User Engagement for Large Scale Pilots in the Internet of Things. (Project started in 01/01/2017)
• ANASTACIA – Advanced Networked Agents for Security and Trust Assessment in CPS/IOT Architectures (Project started in 01/01/2017)
• CREATE-IoT – Cross Fertilisation Through Alignment, Synchronisation and Exchanges For IoT (Project started in 01/01/2017)
WeLive – A neW concept of public administration based on citizen co-created mobile urban services

PRIVACY FLAG goal is to amplify the European privacy innovation community and promote the community’s position in an international context.