Currently known basic anonymity techniques depend on identity verification. If verification of user identities is not possible due to the related management overhead or a general lack of information (e.g.

The amount of mobile and nomadic computing is expected to increase dramatically in the near future. Hand in hand with this ubiquitous mobile computing security and privacy problems show up, which have not been dealt with sufficently up to now. The main problems are traffic analysis and the easy access to location information, for example in the popular Internet just by looking at the address headers of messages. In this paper the need for security and privacy supporting networks is discussed. We present the Non-Disclosure Method (NDM) as a way to provide the user with variable and scalable security and privacy. We exemplarily demonstrate the applicability of NDM in an existing network by presenting an upward compatible protocol extension to the Internet Protocol (IP), the Secure IP in IP Protocol. Its main design goal is the untraceability of network connections in mobile environments. I. Introduction Today, the TCP/IP protocol suite provides little or almost no security to the user...

Abstract not found

Abstract. The technique Private Information Retrieval (PIR) perfectly protects a user’s access pattern to a database. An attacker cannot observe (or determine) which data element is requested by a user and so cannot deduce the interest of the user. We discuss the application of PIR on the World Wide Web and compare it to the MIX approach. We demonstrate particularly that in this context the method does not provide perfect security, and we give a mathematical model for the amount of information an attacker could obtain. We provide an extension of the method under which perfect security can still be achieved. 1

With the increasing use of mobile and nomadic communication devices requirements for security and privacy are rising as well. Following brief surveys of existing approaches to mobility management, general security considerations for UMTS and confidential storing of location information we introduce the ideas and concepts behind the new ‘anonymous subscriber ’ method for UMTS, largely based on extended MIX networks. Finally, an application of this method conveniently employing the X.500 directory service infrastructure is described in some detail.

Abstract. A user is only anonymous within a set of other users. Hence, the core functionality of an anonymity providing technique is to establish an anonymity set. In open environments, such as the Internet, the established anonymity sets in the whole are observable and change with every anonymous communication. We use this fact of changing anonymity sets and present a model where we can determine the protection limit of an anonymity technique, i.e. the number of observations required for an attacker to “break ” uniquely a given anonymity technique. In this paper, we use the popular MIX method to demonstrate our attack. The MIX method forms the basis of most of the today’s deployments of anonymity services (e.g. Freedom, Onion Routing, Webmix). We note that our approach is general and can be applied equally well to other anonymity providing techniques. 1

Introduction The increasing use of mobile communication networks results in ever more stringent security requirements. In an information society, availability, integrity and confidentiality are essential. Especially the provision of the latter is hard to demonstrate. If someone or some component is able to collect and store personal data, one cannot be sure that this data is not gathered and not (mis)used. But this "being sure" is essential with respect to privacy and data protection. Therefore, legal means alone are insufficient and have to be complemented by technical means we are going to describe in the sequel. This first part is introductory and reflects the structure of future mobile communication networks. When users communicate in such networks there is much data generated which needs to be handled in a secure way. We present data protection and security requirements which we believe are the strongest ever presented. 1.1 Structure of Future Mobile Telecommuni