In recent years, there have been several proposals for anonymous communication systems that provide intentional weaknesses to allow anonymity to be circumvented in special cases. These anonymity revocation schemes attempt to retain the properties of strong anonymity systems while granting a special class of people the ability to selectively break through their protections. We evaluate the two d...

A user is only anonymous within a set of other users. Hence, the core functionality of an anonymity providing technique is to establish an anonymity set. In open environments, such as the Internet, the established anonymity sets in the whole are observable and change with every anonymous communication. We use this fact of changing anonymity sets and present a model where we can determine the pr...

Anonymity technologies have gained more and more attention for communication privacy. In general, users obtain anonymity at a certain cost in an anonymous communication system, which uses rerouting to increase the system’s robustness. However, a long rerouting path incurs large overhead and decreases the quality of service (QoS). In this paper, we propose the Scalar Anonymity System (SAS) in or...

We introduce the notion of parameterised anonymity, to formalize the anonymity property of protocols with an arbitrary number of participants. This definition is an extension of the well known CSP anonymity formalization of Schneider and Sidiropoulos [23]. Using recently developed invariant techniques for solving parameterised boolean equation systems, we then show that the Dining Cryptographer...

A common function of anonymity systems is the embedding of subjects that are associated to some attributes in a set of subjects, the anonymity set. Every subject within the anonymity set appears to be possibly associated to attributes of every other subject within it. The anonymity set covers the associations between the subjects and their attributes. The limit of anonymity protection basically...

We provide a framework for reasoning about information-hiding requirements in multiagent systems and for reasoning about anonymity in particular. Our framework employs the modal logic of knowledge within the context of the runs and systems framework, much in the spirit of our earlier work on secrecy [Halpern and O’Neill 2002]. We give several definitions of anonymity with respect to agents, act...

According to international law, anonymity of the voter is a fundamental precondition for democratic elections. In electronic voting, several aspects of voter anonymity have been identified. In this paper, we re-examine anonymity with respect to voting, and generalise existing notions of anonymity in e-voting. First, we identify and categorise the types of attack that can be a threat to anonymit...

Anonymity means that the identity of the user performing a certain action is maintained secret. The protocols for ensuring anonymity often use random mechanisms which can be described probabilistically. In this paper we propose a notion of weak probabilistic anonymity, where weak refers to the fact that some amount of probabilistic information may be revealed by the protocol. This information c...

We examine experimentally how a person's generosity depends on the sex of that person, on the sex of the person who is the target of the generous act, and on the degree of anonymity between the interacting parties. In our data fewer men than women give non-zero amounts; men receive less than women; and less is given when subjects receive money publicly on stage than when payments are private. T...

Ensuring anonymity in wireless and hoc networks is a major security goal. Using traffic analysis, the attacker can compromise the network functionality by correlating data flow patterns to event locations/active areas. In this paper we present a novel Scalable Anonymous Protocol that hides the location of nodes and obscure the correlation between event zones and data flow from snooping adversar...