Cebit 2015: Saarland computer scientists present guarantees for online anonymity

Posted: March 12, 2015 at 7:47 pm

IMAGE:Sebastian Meiser and Esfandiar Mohammadi provide guarantees of users' anonymity within the Tor network. view more

Credit: Oliver Dietze

This news release is available in German.

Anonymity on the Internet is possible only up to a certain degree. Therefore, it is possible that others may see who is visiting an online advice site on sexual abuse, or who frequently looks up information about a certain disease, for example. Seeing that this kind of private information can be linked to their identity, users will often resort to special online anonymization services. One of the most popular tools is Tor. Since the beginning of the year, alone more than two million users have used it to anonymize their Internet connection data. These services will not only conceal browsing behavior, but also the identity of the user, and that of any other recipients. These will usually be other websites, but could also be another person. Tor works in a way that allows users to establish a connection that is then upheld through its own network. The Tor network comprises up to 6,000 servers, mostly run by volunteers, which computer scientists refer to as "nodes". And since every node only receives the minimal amount of data necessary to relay the information in question, it becomes far more difficult to de-anonymize both the transmitter and the recipient of the data.

"The Tor network isn't perfect, however," says Esfandiar Mohammadi, a researcher at the Research Center for IT Security, CISPA, and a doctoral candidate at the Graduate School for Computer Science in Saarbrcken. "For one, unanticipated attacks at a network level can endanger anonymity. Also, the degree of anonymity the network achieves is highly variable, since volunteers don't necessarily operate their nodes continually or regularly," says Mohammadi.

In collaboration with CISPA researcher Sebastian Meiser, who is also a postgraduate at the Saarbrcken Graduate School for Computer Science, Mohammadi developed a program that can provide an accurate assessment of the level of anonymity an individual user achieves, even while basing the estimate on the fluctuations of the Tor network. According to the researchers, this feature is a worldwide first.

"An attacker that compromises Tor servers can derive the identity of a user with a certain probability. This is exactly what our system calculates," Sebastian Meiser explains. The two Saarbrcken researchers based their technique, which they named "MATor", on a mathematical model that they extended to include different categories of possible attacks. "In order to indicate the probability of de-anonymization, our program performs its calculations using data that is aggregated once an hour and published on the network immediately. MATor also takes the specifics of the respective Internet connection into account, as well as the individual configurations of the Tor software," Meiser says. This feature is also intended as a basis for a so-called plugin, a small extension program for the software "Tor Browser" that the researchers now want to develop. Integrated into the Tor software, this could run in the background and simply notify users as soon as their connection became too unsafe.

Computer science and informatics at Saarland University

The Department of Computer Science forms the core of the informatics landscape at Saarland University. A further seven internationally renowned research institutes are located in the immediate vicinity on campus. As well as the two Max Planck Institutes for Informatics and for Software Systems, the Saarbrcken campus is also home to the German Research Center for Artificial Intelligence, the Intel Visual Computing Institute, the Center for IT Security, Privacy and Accountability (CISPA) and the Cluster of Excellence 'Multimodal Computing and Interaction'.

###

Read more:
Cebit 2015: Saarland computer scientists present guarantees for online anonymity

Related Posts