作者：Xinwen Fu（Department of Computer Science University of Massachusetts Lowell）
Anonymity protects the identity of a participant in a networked application. Sender anonymity protects the identity of the sender. Anonymous web browsing is such an application. Receiver anonymity protects the identity of the receiver. Broadcasting achieves receiver anonymity. Mutual anonymity guarantees that both parties of a communication remain anonymous to each other. Tor’s hidden service provides mutual anonymity . One popular strategy for anonymity is pseudonyms. However, pseudonyms alone cannot achieve anonymity since traceback strategies can be applied to trace communication traffic from a pseudonym to the origin, the entity with that pseudonym.
There are various anonymous communication systems, including Mixes , DC-Net , Anonymizer , Crowds , Onion Routing , Mixminion , Tor . DC-Net is the only non-rerouting-based anonymous communication system for sender anonymity. In a DC-Net, each participant shares secret coin flips (bits) with other pairs and announces the parity (an XOR sum of the bits) of the observed flips to all other participants and to the receiver. The sender manipulates the parity to send an anonymous message. A Mix is a kind of proxy that accepts a number of fixed-length messages from different sources, performs a cryptographic transformation on the messages, and shuffles the order of these messages before sending them. The shuffling is to defeat correlation although the effect can be limited. Messages can be sent over a series of independent mix nodes, forming a mix network. Most anonymous communication systems use the similar idea to that of the mix network. The term onion routing refers to the layered encryption of a message by keys of nodes along the message forwarding path. Such encryption strategy, which was implemented by public key cryptography before Tor, is to prevent intermediate nodes from knowing the content of the message. Mixminion is designed for high latency anonymous email communication while Tor is designed for low latency TCP applications. A client needs to negotiate secret keys with Tor nodes and Tor uses symmetric key encryption for onion routing in order to improve the performance.
We want to evaluate the degree of anonymity that a system provides. Entropy based metrics were proposed . Take sender anonymity as an example. Given an attack and a system with its clients, some clients may be clearly excluded as possible senders. The set of possible senders is called anonymity set. However, the probability that an entity in the set is the sender can be different. Entropy based metrics give an overall evaluation of the whole system providing anonymity.
Researchers have performed extensive security analysis of existing anonymity system. The greatest challenge is confirmation attacks . Take Tor as an example. A client chooses three Tor nodes as the message forwarding path, called a circuit. The first node is called entry, the second is middle and the last is exit. The entry knows the sender and the exit knows the receiver. If attackers control the entry and exit, they may correlate the traffic at the entry and exit nodes to find the communication relationship.
Anonymous communication systems are often slow given the employed random routing mechanisms or requirement of collecting messages and shuffling them before sending out. Our investigation shows that Tor’s bandwidth weighted path selection algorithm can only improve the performance to a very limited extent since low bandwidth Tor nodes will be selected and become performance bottlenecks . Because of the design principle of Tor, strategies tuning the parameters of Tor achieve limited performance improvement . Other issues of anonymous communication systems include abuse of the anonymity service such as running various attacks through Tor  and censorship against Tor .
Overlier, P. Syverson, Locating hidden servers, in Proceedings of IEEE Symposium on Security and Privacy, 2006.
Chaum, Untraceable Electronic Mail, Return Ad- dresses, and Digital Pseudonyms, Communication of the ACM, 24(2), pp. 84-88, 1981.
Chaum, The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability,Journal of Cryptology, 1/1 (1988), pp. 65-75.
The Anonymizer, http:/www.anonymizer.com/, 2016.
K. Reiter and A. D. Rubin, Crowds: Anonymity for Web Transactions, ACM Transactions on Information and System Security, 1(1), pp. 66-92, 1998.
Goldschlag, M. Reed, and P. Syverson, Onion Routing for Anonymous and Private Internet Connections, Communications of the ACM, 42(2), pp. 39-41, 1999.
George Danezis, Roger Dingleding and Nick Mathewson, Mixminion: Design of a Type III Anonymous Remailer Protocol, in Proceeding of the IEEE Symposium on Security and Privacy, 2003.
Dingledine, N. Mathewson, and P. Syverson, “Tor: The Second- Generation Onion Router,” in Proceedings of the 13th USENIX Security Symposium, August 2004.
Serjantov, and G. Danezis, Towards an Information Theoretic Metric for Anonymity, Dingledine and Syverson (Eds.), Designing Privacy Enhancing Technologies, LNCS 2482, pp. 41-53, 2002.
Guan, Xinwen Fu, R. Bettati, and Wei Zhao, An Optimal Strategy for Anonymous Communication Protocols, in Proceedings of the IEEE International Conference on Distributed Computing Systems(ICDCS), Jul. 2002.
Zhu, Xinwen Fu, B. Graham, R. Bettati and Wei Zhao, On Flow Correlation Attacks and Countermeasures in Mix Networks, in Proceedings of Workshop on Privacy Enhancing Technologies(PET), May 2004.
Pries,W. Yu, S. Graham, and Xinwen Fu, On Performance Bottleneck of Anonymous Communication Networks, In Proceedings of the 22nd IEEE International Parallel and Distributed Processing Symposium(IPDPS), Miami, Florida, April 14-28, 2008.
Joel Reardon, Ian Goldberg, Improving Tor Using a TCP-over-DTLS Tunnel, in Proceedings of 18th USENIX Security Symposium, August 2009.
Can Tang, Ian Goldberg, An Improved Algorithm for Tor Circuit Scheduling, in Proceedings of 17th ACM Conference on Computer and Communications Security, October 2010.
Zhen Ling, Luo Junzhou, Kui Wu, Wei Yu, and Xinwen Fu, TorWard: Discovery of Malicious Traffic over Tor, in Prooceedings of Infocom, , April 27th – May 2nd, 2014.
Zhen Ling, Junzhou Luo, Kui Wu, and Xinwen Fu, Protocol-level Hidden Server Discovery, in Proceedings of IEEE Infocom, 2013.
Zhen Ling, Junzhou Luo, Wei Yu, Ming Yang and Xinwen Fu, Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery, in Proceedings of Infocom, 2012.
Dr. Xinwen Fu is an associate professor in the Department of Computer Science, University of Massachusetts Lowell. He received B.S. (1995) and M.S. (1998) in Electrical Engineering from Xi’an Jiaotong University, China and University of Science and Technology of China respectively. He obtained Ph.D. (2005) in Computer Engineering from Texas A&M University. Dr. Fu’s current research interests are in network security and privacy, network forensics, computer forensics, information assurance, system reliability and networking QoS. Dr. Fu has been publishing papers in conferences such as IEEE Symposium on Security and Privacy (S&P), and ACM Conference on Computer and Communications Security (CCS), journals such as ACM/IEEE Transactions on Networking (ToN), and IEEE Transactions on Dependable and Secure Computing (TDSC). Dr. Fu won the best paper award at International Conference on Communications (ICC) 2008, 2013, International Conference on Wireless Algorithms, Systems, and Applications (WASA) 2013. His students won the best student paper at the Colloquium for Information Security Education (CISSE) 2016 and the silver medal at the ACM Student Research Competition at ACM MobiCom 2011. Dr. Fu spoke at various technical security conferences including Black Hat. His research was reported by various Media including CNN, Wired, Huffington Post, Forbes, Yahoo, MIT Technology Review, PC Magazine and aired on CNN Domestic and International and the State Science and Education Channel of China (CCTV 10).