Anonymity Metrics Research Articles

Anonymity in Attribute-Based Access Control: Framework and Metric

Anonymous access is an effective method for preserving privacy in access control. This study assumes that anonymous access control requires both frameworks and policies. Numerous solutions have been proposed for anonymous access at the framework level. In this study, these solutions are analyzed and quantified using a unified attribute-based access control (ABAC) anonymous access reference framework. Anonymous access at the framework level is the first line of defense, and inappropriate policies may undermine subject anonymity. An anonymity metric is proposed at the policy level to prevent authorization authority from re-identification using specific attributes and policies. The anonymity metric evaluates the risk of re-identifying a subject due to inappropriate access requests, as well as subject attribute assignment schemes and policies. This study is the first to focus on anonymity at the policy level in ABAC. Furthermore, a formal definition of anonymity suitable for ABAC is proposed. The feasibility of the proposed anonymity metric is verified through simulations.

Uncovering the structures of privacy research using bibliometric network analysis and topic modelling

PurposeThis paper aims that privacy research is divided in distinct communities and rarely considered as a singular field, harming its disciplinary identity. The authors collected 119.810 publications and over 3 million references to perform a bibliometric domain analysis as a quantitative approach to uncover the structures within the privacy research field.Design/methodology/approachThe bibliometric domain analysis consists of a combined directed network and topic model of published privacy research. The network contains 83,159 publications and 462,633 internal references. A Latent Dirichlet allocation (LDA) topic model from the same dataset offers an additional lens on structure by classifying each publication on 36 topics with the network data. The combined outcomes of these methods are used to investigate the structural position and topical make-up of the privacy research communities.FindingsThe authors identified the research communities as well as categorised their structural positioning. Four communities form the core of privacy research: individual privacy and law, cloud computing, location data and privacy-preserving data publishing. The latter is a macro-community of data mining, anonymity metrics and differential privacy. Surrounding the core are applied communities. Further removed are communities with little influence, most notably the medical communities that make up 14.4% of the network. The topic model shows system design as a potentially latent community. Noteworthy is the absence of a centralised body of knowledge on organisational privacy management.Originality/valueThis is the first in-depth, quantitative mapping study of all privacy research.

K-Anonymous Query Scheme on the Internet of Things: a Zero Trust Architecture

The paper investigates query-anonymity in Internet of things (IoT) formed by a sensor cloud, where the sensor nodes provide services of sensing and are subject to user queries of sensing data. Due to the heterogeneity and multi-carrier natures of the sensor cloud, user privacy could be impaired when the queries have to go through nodes of a third party. Thus, the paper firstly introduces a novel query k-anonymity scheme that countermeasures such a privacy threat. Based on the proposed k-anonymity scheme, the trade-offs between the achieved query-anonymity and various performance measures including, communication-cost, return-on-investment metric, path-length, and location anonymity metrics, are analyzed. By adopting a hybrid approach that takes into account the average and worst-case analysis, our evaluation results show that most of the obtained bounds on various performance anonymity trade-offs can be expressed precisely in terms of the offered level-of-anonymity k and network diameter d.

A Survey on Measuring Anonymity in Anonymous Communication Systems

The popularity of Internet applications has made communication privacy an increasingly important security requirement. As an important aspect of privacy, anonymity ensures that a subject may use resources or services without disclosing user identity or corresponding relationships. Since the seminal work by Chaum for anonymous communication, many different anonymous communication systems, and anonymous protocols have been developed and investigated extensively. In recent years, anonymous communication systems have evolved from academic tools used by specialists to mass-market software used by millions of ordinary people. How to evaluate and quantify the anonymity that different anonymous communication systems can offer has been a new focus. Though some efforts have been made on anonymity metrics and measuring techniques, systematic research on measuring anonymity of anonymous communication systems is still needed. In this paper, we give a comprehensive overview of state-of-the-art research on measuring anonymity. We first summarize the anonymous mechanisms applied by different anonymous systems. We then introduce the formalization of the notion of anonymity for measuring the anonymity degree. Further, metrics based on various theories and approaches are reviewed. We particularly elaborate on the metrics based on information theory as a separate section because of its popularity and multiple branches. The metrics based on information entropy is probably of the greatest interest.

A probabilistic model for anonymity analysis of anonymous communication networks

An anonymous communication network (ACN) is supposed to provide its users with anonymity attributes. As a practical matter, we need to have a means to predict the level of the anonymity provided by ACN. In this paper, we propose a probabilistic model for the security analysis of ACNs, thereby quantifying their loss of anonymity. To be precise, we have tried to obtain the probability distribution of potential senders of a message sent from an unknown source to a specific destination. With the probability distribution in hand, it is possible to define and derive some anonymity metrics. The evaluated metrics help us to gain an understanding of how much such a network may be vulnerable to attacks aiming at revealing the identity of senders of messages. Consequently, new rerouting policies and strategies can be utilized to increase the anonymity level of the network. The quantitative analysis is performed from a general perspective and the applicability of the model is not limited to a specific network. The evaluation process of the metrics using the proposed model is clarified by an illustrative example.

A novel traffic analysis attack model and base‐station anonymity metrics for wireless sensor networks

AbstractIn applications of wireless sensor networks (WSNs), all data packets are directed toward the base‐station (BS) over multi‐hop routes. In addition to data processing, the BS can interface the WSN to remote centers. Therefore, the failure of the BS diminishes the network utility and makes the data inaccessible. An adversary would thus try to uncover the BS's location by analyzing the traffic patterns of the network in order to launch denial of service attacks. For that reason, various countermeasure techniques have been proposed to boost the anonymity of the BS. In this paper, we study the existing traffic analysis models that an adversary could apply to locate the BS and point out shortcomings that make contemporary countermeasures weaker than thought. We further present a novel attack model that increases the adversary's confidence in localizing the BS while significantly reducing the traffic analysis complexity. Additionally, we introduce two novel anonymity metrics that can be used for evaluating the network resilience to attacks and for gauging the performance of countermeasures. The simulation results confirm the effectiveness of the proposed attack model. Copyright © 2017 John Wiley & Sons, Ltd.

A system-wide anonymity metric with message multiplicities

An important goal of an anonymity system is to hide the level of communication between two users, i.e., the number of messages one user sent to another. We construct an anonymity metric that measures the extent to which the system-wide communication pattern of all users of an anonymity system is hidden, among other possible patterns, in the aftermath of an attack. Our model allows users to send or receive multiple messages via the anonymity system, and our metric handles attacks that are capable of determining infeasibility of some of the system's input-output message combinations. We also analyse two earlier attempts in the literature at arriving at such a metric, and show that one of those attempts is limited to only a small class of such attacks, while the other fails to take any attack into account. In comparison, our metric is comprehensive, as it is applicable to all attacks mentioned above.

Random Response Forest for Privacy-Preserving Classification

The paper deals with classification in privacy-preserving data mining. An algorithm, the Random Response Forest, is introduced constructing many binary decision trees, as an extension of Random Forest for privacy-preserving problems. Random Response Forest uses the Random Response idea among the anonymization methods, which instead of generalization keeps the original data, but mixes them. An anonymity metric is defined for undistinguishability of two mixed sets of data. This metric, the binary anonymity, is investigated and taken into consideration for optimal coding of the binary variables. The accuracy of Random Response Forest is presented at the end of the paper.

Exploring Extant and Emerging Issues in Anonymous Networks: A Taxonomy and Survey of Protocols and Metrics

The desire to preserve privacy in cyberspace drives research in the area of anonymous networks. Any entity operating in cyberspace is susceptible to debilitating cyber attacks. As part of the National Strategy to Secure Cyberspace, the United States acknowledges that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Indeed, today's Internet is an incredibly effective, uncontrolled weapon for eavesdropping and spying. Therefore, anonymity and privacy are increasingly important issues. A plethora of existing or proposed anonymous networks achieve diverse levels of anonymity against a variety of adversarial attacks. However, no known taxonomy provides a comprehensive classification of the varied set of wired, wireless, and hybrid anonymous communications networks. We develop a novel cubic taxonomy to facilitate the systematic definition and classification of anonymity in anonymous communications networks. Three key anonymity components: anonymity property, adversary capability, and network type are thoroughly explored. More importantly, an in-depth description of a new tree-based taxonomy for the state-of-the-art in wireless anonymous protocols is offered. For completeness, a tree-based taxonomy of wired and hybrid anonymous protocols are also provided. Lastly, several evolving anonymity metrics which quantify anonymity preservation, degradation, and elimination in existing and future anonymous networks are examined. Hence, this paper explores extant and emerging issues in anonymous networks via an intuitive taxonomy and surveys anonymous protocols and quantifiable metrics essential for any entity determined to assure anonymity and preserve privacy in cyberspace against an adversary.

A three dimensional sender anonymity metric

Measuring the degree of anonymity provided by various anonymous systems on the web, is a challenging task. We first illustrate using examples that existing measures in literature are not sufficient to fully characterise the anonymity provided by a system. We then propose a new isolation measure, based upon outliers in a distribution, and show that this measure is critical towards quantifying the overall anonymity level. We provide justification for three distinct aspects of anonymity, important from the perspectives of a user, a system designer, and an attacker, leading to a three-dimensional approach towards measuring sender anonymity. We outline various properties of the proposed three-dimensional metric and illustrate how the metric, along with adjustable weights, can be used to compare different anonymous systems. Finally, we apply the proposed metric to existing anonymous systems and discuss insights which should prove useful in the design of future anonymous systems.