Onion Routing is an infrastructure for private communication over a public network. It provides anonymous connections that are strongly resistant to both eavesdropping and tra c analysis. Onion routing's anonymous connections are bidirectional and near realtime, and can be used anywhere a socket connection can be used. Any identifying information must be in the data stream carried over an anonymous connection. An onion is a data structure that is treated as the destination address by onion routers; thus, it is used to establish an anonymous connection. Onions themselves appear di erently to each onion router as well as to network observers. The same goes for data carried over the connections they establish. Proxy aware applications, such as web browsing and e-mail, require no modi cation to use onion routing, and do so through a series of proxies. Aprototype onion routing network is running between our lab and other sites. This paper describes anonymous connections and their implementation using onion routing. This paper also describes several application proxies for onion routing, as well as con gurations of onion routing networks. 1

Onion Routing provides anonymous connections that are strongly resistant to both eavesdropping and tra c analysis. Unmodi ed Internet applications can use these anonymous connections by means of proxies. The proxies may also make communication anonymous by removing identifying information from the data stream. Onion routing has been implemented on Sun Solaris 2.X with proxies for Web browsing, remote logins, and e-mail. This paper's contribution is a detailed speci cation of the implemented onion routing system, a vulnerability analysis based on this speci cation, and performance results. 1

Permission is granted for noncommercial reproduction of the work for educational or research purposes.

With the growth and acceptance of the Internet, there has been increased interest in maintaining anonymity in the network. This paper presents a new protocol for initiator anonymity called Hordes, which uses forwarding mechanisms similar to those used in previous protocols for sending data, but is the first protocol to make use of the anonymity inherent in multicast routing to receive data. We show this results in shorter transmission latencies and requires less work of the protocol participants, in terms of the messages processed. We also present a comparison of the security and anonymity of Hordes with previous protocols, using the first quantitative definition of anonymity and unlinkability. Our analysis shows that Hordes provides anonymity in a degree similar to that of Crowds and Onion Routing. We find that Onion Routing best maintains anonymity of the three protocols examined, but also that Hordes has numerous performance advantages.

Data transfer over TCP/IP provides no privacy for network users. Previous research in anonymity has focused on the provision of initiator anonymity. We explore methods of adapting existing initiator-anonymous protocols to provide responder anonymity and mutual anonymity. We present Anonymous Peer-to-peer File Sharing (APFS) protocols, which provide mutual anonymity for peer-to-peer file sharing. APFS addresses the problem of long-lived Internet services that may outlive the degradation present in current anonymous protocols. One variant of APFS makes use of unicast communication, but requires a central coordinator to bootstrap the protocol. A second variant takes advantage of multicast routing to remove the need for any central coordination point. We compare the TCP performance of APFS protocol to existing overt file sharing systems such as Napster. In providing anonymity, APFS can double transfer times and requires that additional traffic be carried by peers, but this overhead is constant with the size of the session. 1

Abstract. This paper describes how anonymity is achieved in gnunet, a framework for anonymous distributed and secure networking. The main focus of this work is gap, a simple protocol for anonymous transfer of data which can achieve better anonymity guarantees than many traditional indirection schemes and is additionally more efficient. gap is based on a new perspective on how to achieve anonymity. Based on this new perspective it is possible to relax the requirements stated in traditional indirection schemes, allowing individual nodes to balance anonymity with efficiency according to their specific needs. 1

Mobile agent paradigm evolves as a promising distributed computing paradigm. Di#erent from the existing paradigms like message passing, remote procedure calls, and distributed objects, mobile agent paradigm o#ers two properties: client customization, and self-contained-ness. End users virtually install new software on the agent platform by dispatching personalized agents, and the agents are self-contained programs that encompass the whole decision logic delegated by the end users. Mobile agents moving around the network are not safe. The remote hosts that accommodate the agents can initiate all kinds of attacks and attempt to analyze the agents' decision logic, and agents' accumulated data. Among the many security requirements, con#dentiality and anonymity are two of the most important issues that have not been solved satisfactorily. This thesis examines these two security requirements. First, we introduce the notion of entropy to measure the intention brought by each agent. By pertur...

With widespread acceptance of the Internet as a public medium for communication and information retrieval, there has been rising concern that the personal privacy of users can be eroded by cooperating network entities. A technical solution to maintaining privacy is to provide anonymity. We present a protocol for initiator anonymity called Hordes, which uses forwarding mechanisms similar to those used in previous protocols for sending data, but is the first protocol to make use of multicast routing to anonymously receive data. We show this results in shorter transmission latencies and requires less work of the protocol participants, in terms of the messages processed. We also present a comparison of the security and anonymity of Hordes with previous protocols, using the first quantitative definition of anonymity and unlinkability.

This paper describes security protocols that use anonymous channels as primitive, much in the way that key distribution protocols take encryption as primitive. This abstraction allows us to focus on high level anonymity goals of these protocols much as abstracting away from encryption clarifies and emphasizes high level security goals of key distribution protocols. The protocols described here are for mobile applications that protect the location information of the participating principals. 1 Introduction As mobile devices for communication and computation gain more widespread acceptance, where a person is located when processing digital information or sending and receiving messages or phone calls is increasingly under individual control. Relatedly, individuals no longer tied to an office have enjoyed increasing privacy over their location information. If one can conduct business from anywhere, then one can be anywhere when conducting business. However, this is not an entirely ...

Abstract. In this paper we demonstrate how to reduce the overhead and delay of circuit establishment in the Tor anonymizing network by using predistributed Diffie-Hellman values. We eliminate the use of RSA encryption and decryption from circuit setup, and we reduce the number of DH exponentiations vs. the current Tor circuit setup protocol while maintaining immediate forward secrecy. We also describe savings that can be obtained by precomputing during idle cycles values that can be determined before the protocol starts. We introduce the distinction of eventual vs. immediate forward secrecy and present protocols that illustrate the distinction. These protocols are even more efficient in communication and computation than the one we primarily propose, but they provide only eventual forward secrecy. We describe how to reduce the overhead and the complexity of hidden server connections by using our DH-values to implement valet nodes and eliminate the need for rendezvous points as they exist today. We also discuss the security of the new elements and an analysis of efficiency improvements. 1