Onion Routing is an infrastructure for private communication over a public network. It provides anonymous connections that are strongly resistant to both eavesdropping and tra c analysis. Onion routing's anonymous connections are bidirectional and near realtime, and can be used anywhere a socket connection can be used. Any identifying information must be in the data stream carried over an anonymous connection. An onion is a data structure that is treated as the destination address by onion routers; thus, it is used to establish an anonymous connection. Onions themselves appear di erently to each onion router as well as to network observers. The same goes for data carried over the connections they establish. Proxy aware applications, such as web browsing and e-mail, require no modi cation to use onion routing, and do so through a series of proxies. Aprototype onion routing network is running between our lab and other sites. This paper describes anonymous connections and their implementation using onion routing. This paper also describes several application proxies for onion routing, as well as con gurations of onion routing networks. 1

Currently known basic anonymity techniques depend on identity verification. If verification of user identities is not possible due to the related management overhead or a general lack of information (e.g.

This paper describes a communications primitive, anonymous connections, that supports bidirectional and near real-time channels that are resistant to both eavesdropping and traffic analysis. The connections are made anonymous, although communication need not be. These anonymous connections are versatile and support private use of many different Internet services. For our purposes, privacy means maintaining the confidentiality of both the data stream and the identity of communicating parties. These are both kept confidential from network elements as well as external observers. Private Web browsing is achieved by unmodified Web browsers using anonymous connections by means of HTTP proxies. Private Web browsing may be made anonymous too by a specialized proxy that removes identifying information from the HTTP data stream. This article specifies anonymous connections, describes our implementation, and discusses its application to Web browsing via HTTP proxies. Keywords: Security, privacy,...

The goal of everyday privacy is to make it easy for endusers to share information with the right people at the right level of detail in ubiquitous computing environments. In this paper, we describe a conceptual model we have developed for everyday privacy, consisting of control over and feedback about disclosure. We also describe a prototype we have created for helping end-users manage their personal privacy, an evaluation of that prototype, and a revised prototype based on feedback from the evaluation. Keywords Privacy, Ubiquitous Computing, Privacy User Interfaces, Conceptual Models, Everyday Privacy

Privacy concerns remain a major barrier to adoption of location-based services. Users demand significant, concrete benefits before they are willing to allow an outside party to track their movements. We propose Place Lab, a trustworthy, secure location infrastructure that gives users control over the degree of personal information they release. Place Lab allows service providers to design services that provide basic benefits to all users, and expanded benefits as users release personal location information. This position paper discusses privacy and security issues arising in Place Lab, a multi-organization initiative to bootstrap the location-enhanced web.

Data protection and privacy is rapidly becoming one of the most important issues on the Internet today. Larger number of Internet sites are collecting personal information from users through forms, cookies, online registrations, or surveys than ever before. New commercial services are springing up that can exploit the ability of mobile communication service providers to determine the geographic location of their users. The new wireless technologies o#er mobility; at the same time they o#er location information that is being used to provide new location-aware services.

In this paper we present a novel architecture to protect the location and the identification of a mobile user. This architecture, called “Share the Secret-STS”, simply divides the secret i.e., the location of a user, and uses totally un-trusted entities to distribute portions of this anonymous location information. STS avoids cryptography methods. As a lightweight scheme it can be applied to network of nodes illustrating low processing and computational power, such as nodes of an ad-hoc network and sensors. 1.

User mobility is rapidly becoming an important and popular network feature. This is especially evident in wireless/cellular networks where user mobility raises a number of important security issues and concerns. Foremost among them is the ability to track mobile users' movements and whereabouts. Ideally, no entity other than the user himself and a responsible authority in the user's home domain (if any) should know both the real identity and the current location of the mobile user. At present, most environments supporting user mobility either do not address the problem at all or base their solutions on assumptions that are specific to today's cellular phone networks. This paper discusses a number of issues related to anonymity and location privacy in mobile networks. It reviews current state-of-the-art approaches, identifies their exposures of anonymity and proposes several low-cost solutions which vary in complexity, degree of protection and assumptions about the underlying environmen...

This paper addresses possible Distributed Denial-of-Service (DDoS) attacks toward the wireless Internet including the Wireless Extended Internet, the Wireless Portal Network, and the Wireless Ad Hoc network. We propose a conceptual model for defending against DDoS attacks on the wireless Internet, which incorporates both cooperative technological solutions and economic incentive mechanisms built on usage-based fees. Cost-effectiveness is also addressed through an illustrative implementation scheme using Policy Based Networking (PBN). By investigating both technological and economic difficulties in defense of DDoS attacks which have plagued the wired Internet, our aim here is to foster further development of wireless Internet infrastructure as a more secure and efficient platform for mobile commerce.