The Anonymity Service Architecture Mark Borning Computer Science Dept., Informatik IV Aachen University of Technology Ahornstr. 55, 52074 Aachen, Germany [email protected] Abstract – Business-to-business is the most important area in E-Commerce. With the growth of this area, the importance of multi-media transfers increases as the business partners want to actually see each other during negotiations. In this paper, we will present an architecture that provides confidential multimedia transfers in the Internet, i.e. the transmitted data is protected against espionage from third parties by protecting the contents. Moreover, transmitted packets cannot be traced by observers in the Internet. Keywords – Multimedia, QoS, Routing, Security, Anonymity, Pri-vacy, Real-Time Communication I. INTRODUCTION The Internet is increasingly used in various areas of normal life. Today, one of the most important areas is E-Commerce, and within this area the field of business-to-business (B2B), which describes the relations between business partners, is crucial. In the B2B area, there are requirements different from those in other E-Commerce fields, as negotiations are essential in B2B. Therefore, the usage of multimedia communication systems, like e.g. videoconference systems, will become more important in the near future. They will partly replace face-to-face in negotiations, thus saving considerable time and money. Multimedia communication tools require both fast com-puters and fast networks. For example, the maximum transfer rate using [H.261] for a video stream is 1.5 MBit/s. If there are n participants in a videoconference, n video streams are generated and transmitted to a multicast address. The maximum transfer rate will then be n × 1.5 MBit/s. In an Ethernet network with a bandwidth of 10 MBit/s, there are at most six video parallel streams possi-ble. To secure multimedia communication systems, i.e. to protect the transfer of the multimedia traffic, two tech-niques are used. First, the data stream is encrypted; an attacker will not be able to see the contents of the trans-ferred packets. Second, the data stream is anonymized, so an attacker is not able to determine who communicates with whom. In chapter II, we will give an overview of the protection of individual messages. Here, section B gives a short introduction into data streams. In chapter III, the proposed anonymity architecture is introduced. The architecture is used to protect all kinds of traffic, including multimedia streams. Finally, chapter IV summarizes the results and gives an outlook on future work. II. PROTECTION OF INDIVIDUAL MESSAGES Negotiations between business partners may be highly confidential; as in many cases the partners do not want any third parties to know that they are negotiating, and what. In an open network, these negotiations have to be protected in the same way as in the real world. This can be done by protecting the contents and the communication scenarios of the negotiations. The protection of the content deals with the end-to-end protection by using cryptogra-phy. The protection of the communication scenario ad-dresses questions like: “Who communicates with whom, when, how, and where?” This is done by so-called ano-nymity techniques that use stations between the communi-cation partners. A transmitted message can only be protected if an at-tacker cannot use any property of a message to relate incoming and outgoing messages of a station. The proper-ties of any transmitted message are: I) Characteristic: address information, bit pattern, length and content of the message. II) Message correlation: temporal, spatial and textual correlation, i.e. sequence of messages and relation to other messages. The characteristic of a message can be determined by observing it. The message correlation is determined by a traffic analysis: An observer analyses the incoming and outgoing messages from any participant or intermediate station. Therefore, any intermediate station has to protect the message’s properties against observation or modifica-tion to ensure the messages untraceability. A. Protection of the communication scenario One method to protect the communication scenario is the Mix method [Cha81]. The protection of the message characteristic is done by a cipher; changing the order in which the messages are received protects the message correlation, because the input sequence differs from the output sequence. A Mix is, therefore, a system that applies two methods to protect the communication scenario. The first method is substitution, as each message is substituted by another message when arriving at the Mix. The second method is a permutation, as the transmission sequence of the messages differs from the receiving sequence. 0-7803-7128-3/01/$10.00 (C) 2001 IEEE0-7803-7128-3/01/$10.00 (C) 2001 IEEE 26Figure 1 describes the structure of a Mix. First, the in-coming messages ci are substituted by the messages mi by applying the deciphering function dk. Subsequently, n messages are collected in a buffer forming the sequence (m1, …, mn). The permutation π operates on this sequence forming the sequence (mπ(1), …, mπ(n)) that is transmitted according to the bandwidth of the outgoing network. Every Mix method developed so far can be described in this way. The various methods differ in two aspects. First, different cryptographic methods are used. Second, the permutation differs. It will work with a constant number of messages, and on the other hand, it will work with a variable number of messages, e.g. as shown in the SG-Mix method [Kes99]. If a Mix receives a duplicate of a message, it will de-stroy the duplicate, as it would allow a trace of the com-munication. Furthermore, all messages should have the same length, because tracing messages with a specific length can also reveal a communication. B. Anonymizing QoS Streams A Chaum Mix only anonymizes n packets of n different participants, where any participant transmits exactly one packet. But there are two kinds of services in today’s networks - connectionless services for individual packets and channel services used for data streams and connec-tion-oriented protocols. Any data stream can be described through certain prop-erties [ChNa98, LoOr99, OrGu00, StZh99]. These proper-ties are the Quality of Service (QoS) parameters. For ex-ample, a data stream has a transmission rate of λ and the maximum end-to-end delay has to be less
View Full Document
Unlocking...