Anonymity and its Discontents presented at BlackHatDC 2007

by Len Sassaman,


Summary : In recent years, an increasing amount of academic research has been focused on secure anonymous communication systems. In this talk, we briefly review the state of the art in theoretical anonymity systems as well as the several deployed and actively used systems, and explain their strengths and limitations.
We will then describe the pseudonym system we are developing based on an information-theoretic secure private information retrieval protocol, designed to be secure against an adversary with unbounded computing power, as long as (as little as) a single honest server exists in the network of servers operating this system. We will explain the design decisions behind the architecture of the system, intended to be operated by volunteers with a limited resource pool. We will discuss the usability considerations in designing a system intended to be accessible to a more naive user-base than simply "hackers and cypherpunks", and explain why user accessibility is critical to the security of anonymity systems in general.
Finally, we'll present an attack on the original design of the system whereby an attacker could cause a denial of service attack untraceable to the attacker, and explain the solution we have implemented to prevent this attack.