Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Privacy and Anonymity by bestt571

VIEWS: 26 PAGES: 7

PGP (Pretty Good Privacy), is based on RSA public key encryption system, e-mail encryption software. It can be kept confidential to prevent unauthorized messages are read, it can also add digital signatures on e-mail so that recipients can verify the sender of the message, and can be sure that the message has not been tampered with. It can provide a secure means of communication, but does not require any prior confidentiality channel used to pass key. It uses a traditional RSA hybrid encryption algorithms, message digest for digital signature algorithms, encryption, compression, before, there are a good ergonomic design. It's powerful, very fast speed. And its source code is free of charge.

More Info
									 sv-lncs


                                                  Privacy and Anonymity

                              Georgia Germanidou, Thanasis Agathos, Socratis Argiros
   City Liberal Studies, Computer Science Department, 13 Tsimiski Str, 546 24 Thessaloniki, Greece{Germanidou, Agathos,
                                                         Argiros}
 g.germanidou@city.academic.gr, a.agathos@city.academic.gr, sargiros@city.academic.
                                                                      gr




           Abstract. In the modern society where individuals are bombarded with information, privacy has been violated
           many times and for that reason the protection of private information is vital in many situations so that the
           individual is protected by opportunists that seek to gain an advantage by using information that does not belong in
           the public domain. Therefore the protection of privacy and anonymity in the information exchange process is
           crucial.




1. Introduction

Nowadays that the Internet is widespread and it is used almost from all the people security, privacy and encryption
are three important issues that are the main concern in the exchange of important information process. A system that
has been developed for the protection of the information exchange is Pretty Good Privacy (PGP) which uses a Public-
key that is popular in order to transmit information via the Internet. Public Keys are used from those who need to
send encrypted messages. But how easy is to encrypt and decrypt information?
However the process of encrypting and decrypting information has been proven not to be completely safe since there
are examples of transmission interceptions that lead to information leakage even in products that have been
advertised to provide increased security and protection like the VoIP (Voice over Internet Protocol). VoIP is a newly
introduced technology that allows the user to make phone calls using the Internet. Due to its increased popularity
since the cost is greatly reduced it is believed that VoIP will replace the traditional phone.
There are many factors that influence the decision making process of the individual regarding privacy issues. If
privacy is not protected then the individual may find him self in situations where the information for him/her is
partially revealed or the huge amount of information makes it hard for a person to cope and take proper actions.
Therefore the individual should be protected and the majority relies on the government for a solution.


1.1 Provable Anonymity- Receiver Anonymity via Incomparable Public Keys

Anonymity and Cryptography are two important issues concerning communication systems. In order users to be
protected from undesired adversaries are used protocols and tools such as: Anonymizing Protocols and Formal
Methods that provide anonymity and authentication. But the formalization of anonymity is not yet developed is still


 file:///C|/Documents%20and%20Settings/Socratis/Desktop/Privacy%20and%20Anonymity.htm (1 of 7)28/3/2006 7:03:05 ¼¼
 sv-lncs

in its infancy.
           There are various protocols and tools that provide anonymity, one of them is the Chaum mixes that was
introduced in 1981 by Chaum and is a way that provides anonymity. For example if A wants to send a message m to
B and chooses relays like:
R1,R2, and sends {|R2, {|B, {|m|}B|}R2 |}R1 to R1. Here {| . . . |}X denotes encryption with the public key of X.
Relay R1 decrypts the first layer of encryption and forwards the message {|B, {|m|}B|}R2 to R2, who peels off
another layer and sends the remainder to B.
           The main aim is to prevent receiver’s anonymity that is not formulated in contrast with sender’s
anonymity. The main goal is to provide a way for senders to transmit messages to receiver without anyone to be able
to determine who the sender and receiver are of a message. Public Key Cryptosystem is used in order receiver to
create many anonymous “identities” without these to refer to the same receiver.
           In order to achieve sender’s and receiver’s anonymity there are three requirements that should be satisfied.
The first requirement is that if any conspiracy of senders is asked to determine the receiver of a message they won’t
be able to do it. The second important requirement is that each receiver should be able to create a large number of
identities in order any message sent to any of these identities will go to that receiver but no one else will be able to
tell which identity corresponds to the same receiver and the third requirement is that the solution should be efficient.
           The solution that is given here is that each message is sent to a group where the members try to decrypt the
message, and only one of them will succeed to reed it. The use of symmetric key cryptosystem which is called
incomparable public key includes many unique public keys that can be used to encrypt data. The public keys are
“equivalent” if they correspond to the same secret key. So if two public keys are given to an adversary can not know
if they are equivalent.
           Receivers using incomparable public keys can construct an anonymous identity. In order to construct
another anonymous identity the receiver uses the same multicast address but a unique public key. Incomparable
Public Keys are useful when the receiver wants to send a message that will be delivered secure to another party and
wishes to remain anonymous.



          In order to achieve receiver’s anonymity Incomparable Public Keys could not be tested for equivalence
without having access of the secret key, and the holder of a secret key must be able to generate a large number of
public encryption keys. It is also important that none can determine if two massages were encrypted with the same
key.

          The creation a of an Incomparable Public Key is based on a random generator g that is chosen by the
receiver and creates the keys as (g, ga ) where a is the private key. The use of Public Incomparable Keys allow
receiver’s anonymity, it is robust and does not need more time.
          The implementation of all these that were mentioned and analysed above is based on an existing
application Pretty Good Privacy (PGP) where the code was modified. The effect of the key export function is that
when a Public Key that was used and now is passed to another user will be a new one so different user’s database
will contain different Incomparable Public Keys for the same receiver. Moreover, the same user ID is attached to all
keys and finally the encryption and decryption functions were unchanged as in PGP application and all messages
were encrypted with an Incomparable Public Key.
          Many solutions were given in order to achieve receiver’s anonymity but all of them had limitations.
Pfitzmann and Waidner thought that each message should be routed to a multicast address in order the receiver who
has that address to remain anonymous. In Chaum’s system that was mentioned above an initiator may use a chain of
nodes to send a message anonymously. That means that the initiator uses an anonymous reply address but this can be
used only once. Another method that was introduced is the use of Pseudonym servers but this is not efficient for the
receiver who needs to have a large number of secret keys in order to decrypt a message [2].


 file:///C|/Documents%20and%20Settings/Socratis/Desktop/Privacy%20and%20Anonymity.htm (2 of 7)28/3/2006 7:03:06 ¼¼
 sv-lncs

          In order to protect sender’s anonymity there are many systems that could be used, on the other hand
receiver’s anonymity is the most difficult part. Based on the above systems that were mentioned and to all these that
were analysed in that paper the implementation of an efficient system that allows receiver’s anonymity is based on
an existing application Pretty Good Privacy (PGP) where the code was modified. The effect of the key export
function is that when a Public Key that was used and now is passed to another user will be a new one so different
user’s database will contain different Incomparable Public Keys for the same receiver. Moreover, the same user ID is
attached to all keys and finally the encryption and decryption functions were unchanged as in PGP application and all
messages were encrypted with an Incomparable Public Key [2].




1.2 What are peer-to-peer VoIP calls and some of there advantages and usages
Peer-to-peer VoIP calls are becoming increasingly popular due to their advantages in cost and convenience When
these calls are encrypted from end to end and anonymized by low latency anonymizing network, they are considered
by many people to be both secure and anonymous.
VoIP is a technology that allows people to make phone calls through the public Internet rather than traditional Public
Switched Telephone Network (PSTN). Because VoIP offers signicant cost savings with more flexible and advanced
features over Plain Old Telephone System (POTS), has experienced increased popularity.
The use of VoIP has made it much easier to achieve anonymity in voice communications, especially when VoIP calls
are made between computers. This is because VoIP calls between peer computers have no phone numbers associated
with them, and they could easily be protected by end to end encryption and routed through low latency anonymizing
networks to achieve anonymity. Some of the networks that are used to achieve this anonymity are a) Onion Routing,
b) Tor, c) Freedom and d) Tarzan. People intuitively think their computer to computer VoIP calls could remain
anonymous if they are encrypted end to end and routed through some low latency anonymizing network.
On the other hand, law enforcement agencies (LEA) often need to conduct lawful electronic surveillance in order to
combat crime and terrorism. The LEAs need techniques to determine who has called the surveillance target and to
whom the surveillance target has called. In a letter to FCC, several federal law enforcement agencies have considered
the capability of tracking VoIP calls of paramount importance to the law enforcement and the national security.

1.2.2 The overall model for tracking anonymous VoIP calls
Here we do not intend to track all the peer-to-peer VoIP calls from anyone to anyone, nor do we assume the global
monitoring and intercepting capability. Instead we focus on finding out if some parties in which we are interested
have communicated via peer-to-peer VoIP calls anonymously, and we only need the capability to monitor and
intercept IP flows to and from those interested parties. This model is consistent with our understanding of the
common practice of lawful electronic surveillance by the law enforcement agencies. Because the Skype VoIP flows
are encrypted from end to end, no correlation could be found from the flow content. We can see this better in the
figure 1 in the appendix section of the paper.
Given that the Skype VoIP flow could pass some intermediate Skype peers and some low latency anonymizing
network, there is no correlation from the VoIP flow headers. Among all the characteristics of the VoIP flows, the
inter-packet timing characteristics are likely to be preserved across intermediate Skype peers and low latency
anonymizing network. This invariant property of VoIP flows forms the very foundation for tracking anonymous,
peer-to-peer VoIP calls on the Internet.
Therefore, passively comparing the timing characteristics of VoIP flows will not be able to distinguish different VoIP
flows.
Wang and Reeves proposed the first active approach to correlate the encrypted flows. However, the method proposed
by the Wang and Reeves can not be directly used to correlate VoIP flows due to the fact that, the VoIP traffic has
stringent real-time constraints. Moreover there are some more reasons that it couldn’t be used such as the inter-packet

 file:///C|/Documents%20and%20Settings/Socratis/Desktop/Privacy%20and%20Anonymity.htm (3 of 7)28/3/2006 7:03:06 ¼¼
 sv-lncs

arrival time of VoIP flows is very short and the watermarking method proposed is based on the quantization of
averaged Inter-Packet Delays (IPDs) which means that the required buffering would be too long for the real-time
VoIP flows.

1.2.3 Watermarking Voips in real-time
One key challenge in implementing the transparent and real-time VoIP watermarking engine is how to precisely
delay an outgoing packet in real-time. The inter-packet arrival time of normal VoIP °ows is either 20ms or 30ms.
This means that the delay of any VoIP packet must be less than 20ms. In order to hide the watermark embedding into
the “background noise" introduced by the normal network delay jitter, the delay of any VoIP packet should be no
more than a few milliseconds. To achieve packet delay of such a precision, the operating system must provide a hard
real-time scheduling capability.
To achieve the guaranteed high precision, we choose to build our packet delay capability upon the Real Time
Application Interface (RTAI) of Linux. The following features of RTAI have made it an attractive platform for
implementing the high precision packet delay capability:
1. The hard real-time scheduling functions introduced by The RTAI coexist with all the original Linux kernel
services. This makes it possible to leverage existing Linux kernel services, especially the IP stack components, from
within the real-time task.

2. The RTAI guarantees the execution time of real-time tasks regardless of the current load of non real-time tasks.

3. The RTAI supports high precision software timer with the resolution of microseconds.
We can see this better in figure 2 in the appendix section.




1.3 Privacy and Rationality in individual decision making
Everybody agrees that as a consumer one is entitled to be the sole decision maker as far as privacy decisions are
concerned. In other words that means that the consumer should be able to take decisions which in essence translate
into personal management of his/her privacy.
However after years of research using empirical and theoretical approaches researchers have reached the conclusion
that the consumer usually does not hold the necessary amount of information so that he/she can take privacy sensitive
decisions or at other occurrences where the amount of information is sufficient there is a trend to exchange the long
term privacy for short term benefits.
In the process of the individual privacy decision making one has to face many challenges, but research has indicated
that there are certain factors such as incomplete information, bounded rationality and systematic psychological
deviations from rationality that influence that process.
Incomplete information influences the privacy decision making simply because of externalities, information
asymmetries, risk and uncertainties. By externalities (in economics: a consequence of an economic activity which
affects other parties without this being reflected in market prices) one means that suppose that information that
concerns an individual is known among the members of some third party. The third party has the power to affect the
individual without the knowledge of the later as far as transactions are concerned between the individual and some
other group. Information asymmetries occur when the information that is crucial for the process of the privacy
decision is known only to a small part of the group that takes such decisions. Risk and uncertainties are immaterial
and as such they are not easily measured.
Assuming that as individuals had access to all the information. They would still be unable to cope with the vast
amounts of data. The latter becomes more apparent when the complexity of the consequences regarding the release or
the protection of personal information increases. This limits the ability of the individual to memorize, acquire, and

 file:///C|/Documents%20and%20Settings/Socratis/Desktop/Privacy%20and%20Anonymity.htm (4 of 7)28/3/2006 7:03:06 ¼¼
 sv-lncs

process the information and thus leading to oversimplified mental model heuristics and approximation strategies.
What has been described is called bounded rationality.
Last but not least are the systematic psychological deviations from rationality that influence the process of decision
making. Research in the fields of economy and psychology has provided evidence that suggest the individuals are
influenced greatly by certain motivational limitations and misrepresentations of personal utilities. For example loses
are measured heavier in ones mind than gains if one deals in absolute terms. In addition the individual often hurries
to jump into conclusions regarding present situations based on pat experiences. Moreover the behavior of a person is
also guided by the society’s norms which are translated as altruism or fairness.

                                                                                                            DATA
                                           DATA               DATA
                     GENERAL                                                     DATA                      ABOUT
                                          ABOUT              ABOUT                          DATA ABOUT
  LEVEL OF           PRIVACY                                                     ABOUT                     SEXUAL
                                          OFFLINE            ONLINE                        PROFESSIONAL
  CONCERN            CONCERN                                                   PERSONAL                      AND
                                         IDENTITY           IDENTITY                         PROFILE (%)
                        (%)                                                    PROFILE (%)                POLITICAL
                                            (%)                (%)
                                                                                                         IDENTITY (%)
     HIGH                 53.7               39.6                25.2              0.9          11.9         12.1

   MEDIUM                 35.5               48.3                41.2                16.8                   50.8     25.8

      LOW                 10.7               12.1                33.6                82.3                   37.3     62.1


The table above is the summary of the result from a survey that took place in May 2004 by Carnegie Mellon
University. The survey contained question organized in various groups: demographics, set of behavioral and
economic characteristics, past behavior with respect to protection and release of personal information, knowledge of
privacy risks and protection against them, and attitudes towards privacy.
The results from the survey where surprising since the population that responded to the call can not be labeled as
accurate sample of the US population since the participants have studied or were studying at the time of the survey
and as such the population could be deemed as more sophisticated and more informed as far as matters of protection
of privacy is concerned.
Scientists are working towards the development of models that are going to be used in the individual decision making
process taking into account the factors that influence that process such as incomplete information, bounded
rationality, and various forms of psychological deviations from rationality.
In addition there are other factors that play an important role in the decision process and greatly influence the
decision making. Personal attitudes, knowledge of risks and protection, trust in others, believe in the ability of
protection of personal information, and monetary considerations. The initial data that are gathered have shown that
the attitude and the behavior as far as privacy is concerned are very complex but at the same time there is a level of
compatibility indicating that the underprotection and the easiness in which private information is released is directly
involved with the so called opportunities that are offered to the individual such as discounts.
On the other hand through the observations the conclusion that has been reached is that even the concerned and
motivated individuals encounter difficulties when they try to protect their private information. So individuals have to
be given the right to be the sole manager of his/her privacy trade-offs or the government has to come up with ways so
as that the individual’s privacy is protected.
A interesting result that the survey came up with is that the respondent’s were not very informed regarding law and
legislative recommendations about privacy issues but interesting enough more than half of the respondent gave some
sort of a vote of confidence that the government intervene and through legislation provide protection facilities for the
individuals privacy.
None of the respondents supported the lack of any means that would offer protection and from the group only one
suggested that the protection should be entrusted in the hand of the private sector. This results indicate that the

 file:///C|/Documents%20and%20Settings/Socratis/Desktop/Privacy%20and%20Anonymity.htm (5 of 7)28/3/2006 7:03:06 ¼¼
 sv-lncs

educated members of the US society believe that the government intervention in matters of privacy is preferable than
the solutions that the industry offers. However there are many examples indicating that many times the governments
act in favor of the industry leaders since they are the ones that support their political campaigns with huge amounts of
money.


2. Conclusion

Everybody agrees that individual privacy anonymity and decisions regarding them should be protected and many
believe that the state should take appropriate measures for their assurance. In the past years many techniques have
been introduced for the establishment of safety regarding information exchange but every single attempt for complete
safety has failed sooner or later.
The majority of the citizens base their hopes for protection on the governments believing that they will act with
respect to the protection of the individual. However the lack of knowledge about security issues in the general public
makes this task very difficult.
In addition there exist many occasions when the state has to rely in certain private companies for the adoption of
technological advances and that may result in exposure of information that should have been kept hidden. Moreover
the fact that many government officials base their entire campaigns in money that come from corporate individuals
raises questions regarding protection of interests and whether the one that in essence is protected is the citizen or the
main political campaign contributor.


3. References

[1] B. Walters, E. Felten, A. Sahai, “Receiver Anonymity via Incomparable Public Keys”,
Conference on Computer and Communications Security, Proceedings of the 10th ACM
conference on Computer and communications security, pp112-121, 2003

[2] F. Garcia, et al, “Provable Anonymity”, http://www.cs.ru.nl/~flaviog/publications/
anonymity.pdf

[3] Findnot. URL. http://www.findnot.com

[4] Anonymizer. URL. http://www.anonymizer.com

[5] Skype - the Global Internet Telephony Company. URL. http://www.skype.org

[6] D. Goldschlag, M. Reed and P. Syverson. Onion Routing for Anonymous and Private Internet
Connections In Communications of ACM, volume 42(2), Febrary 1999.

[7] A. Acquisti, J. Grossklags, “Privacy and Rationality in Individual Decision Making”, IEEE
Security and Privacy, January/February 2005


 file:///C|/Documents%20and%20Settings/Socratis/Desktop/Privacy%20and%20Anonymity.htm (6 of 7)28/3/2006 7:03:06 ¼¼
 sv-lncs




4. Appendix




Figure 1 Tracing Model




Figure 2 Tracking Model with embedded Watermark Engine




 file:///C|/Documents%20and%20Settings/Socratis/Desktop/Privacy%20and%20Anonymity.htm (7 of 7)28/3/2006 7:03:06 ¼¼

								
To top