article

Free access

Crowds: anonymity for Web transactions

Authors:

Michael K. Reiter,

Aviel D. RubinAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 1, Issue 1

Pages 66 - 92

https://doi.org/10.1145/290163.290168

Published: 01 November 1998 Publication History

PDF eReader

Abstract

In this paper we introduce a system called Crowds for protecting users' anonymity on the world-wide-web. Crowds, named for the notion of “blending into a crowd,” operates by grouping users into a large and geographically diverse group (crowd) that collectively issues requests on behalf of its members. Web servers are unable to learn the true source of a request because it is equally likely to have originated from any member of the crowd, and even collaborating crowd members cannot distinguish the originator of a request from a member who is merely forwarding the request on behalf of another. We describe the design, implementation, security, performance, and scalability of our system. Our security analysis introduces degrees of anonymity as an important tool for describing and proving anonymity properties.

References

[1]

BRIER, S. 1997. How to keep your privacy: Battle lines get clearer. New York Times (Jan. 13).

Google Scholar

[2]

CHAUM, D. 1981. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24, 2 (Feb.), 84-88.

Digital Library

Google Scholar

[3]

CRISTIAN, F. 1991. Reaching agreement on processor group membership in synchronous distributed systems. Distrib. Comput. 4, 175-187.

Digital Library

Google Scholar

[4]

DESWARTE, Y., BLAIN, L., AND FABRE, J. 1991. Intrusion tolerance in distributed computing systems. In Proceedings of the 1991 IEEE Symposium on Research on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 110-121.

Google Scholar

[5]

DIFFIE, W. AND HELLMAN, M. E. 1976. New directions in cryptography. IEEE Trans. Inf. Theor. 22, 6.

Digital Library

Google Scholar

[6]

GABBER, E., GIBBONS, P., MATIAS, Y., AND MAYER, A. 1997. How to make personalized web browsing simple, secure, and anonymous. In Proceedings of the Conference on Financial Cryptography. Springer-Verlag, New York, NY.

Crossref

Google Scholar

[7]

GARFINKEL, S. AND SPAFFORD, a. 1997. Web Security and Commerce. O'Reilly and Associates.

Crossref

Google Scholar

[8]

GONG, L. 1993. Increasing availability and security of an authentication service. IEEE J. Sel. Areas Commun. 5, 11 (June), 657-662.

Google Scholar

[9]

GULCU, C. AND TSUDIK, a. 1996. Mixing e-mail with BABEL. In Proceedings of the Symposium on Network and Distributed System Security. 2-16.

Crossref

Google Scholar

[10]

MILLER, L. 1997. No solitude in cyberspace. USA Today (June 9).

Google Scholar

[11]

MOSER, L. E., MELLIAR-SMITH, P. M., AND AGRAWALA, V. 1991. Membership algorithms for asynchronous distributed systems. In Proceedings of the 11th IEEE International Conference on Distributed Computing Systems (Arlington, TX, May). IEEE Computer Society Press, Los Alamitos, CA, 480-488.

Google Scholar

[12]

MOTWANI, R. AND RAGHAVAN, P. 1995. Randomized Algorithms. Cambridge University Press, New York, NY.

Crossref

Google Scholar

[13]

PFITZMANN, A. AND PFITZMANN, B. 1989. How to break the direct RSA-implementation of mixes. In Proceedings of the Conference on Advances in Cryptology (EUROCRYPT '89).

Crossref

Google Scholar

[14]

PFITZMANN, A., PFITZMANN, B., AND WAIDNER, M. 1991. ISDN-mixes: Untraceable communication with very small bandwidth overhead. In Proceedings of the GI/ITG Conference on Communication in Distributed Systems. 451-463.

Crossref

Google Scholar

[15]

PFITZMANN, A. AND WAIDNER, M. 1987. Networks without user observability. Comput. Secur. 2, 6, 158-166.

Digital Library

Google Scholar

[16]

REITER, M. K. 1996. Distributing trust with the Rampart toolkit. Commun. ACM 39, 4 (Apr.), 71-74.

Digital Library

Google Scholar

[17]

REITER, M. K. 1996. A secure group membership protocol. IEEE Trans. Softw. Eng. 22 (Jan.), 31-42.

Digital Library

Google Scholar

[18]

REITER, M. K., BIRMAN, K. P., AND VAN RENESSE, R. 1994. A security architecture for fault-tolerant systems. ACM Trans. Comput. Syst. 12, 4 (Nov.), 340-371.

Digital Library

Google Scholar

[19]

RICCIARDI, A. M. AND BIRMAN, K. P. 1991. Using process groups to implement failure detection in asynchronous environments. In Proceedings of the lOth Annual ACM Symposium on Principles of Distributed Computing (PODC '91, Montreal, Que., Canada, Aug. 19-21, 1991). ACM Press, New York, NY, 341-353.

Digital Library

Google Scholar

[20]

SCHLICHTING, R. D. AND SCHNEIDER, F. B. 1983. Fail stop processors: An approach to designing fault-tolerant computing systems. ACM Trans. Comput. Syst. 1,222-238.

Digital Library

Google Scholar

[21]

SYVERSON, P. F., GOLDSCHLAG, D. M., AND REED, M. G. 1997. Anonymous connections and onion routing. In Proceedings of the 1997 IEEE Symposium on Security and Privacy. IEEE Press, Piscataway, NJ.

Crossref

Google Scholar

Cited By

View all

Lazzaro SBuccafurri F(2024)Achieving Accountability and Data Integrity in Message Queuing Telemetry Transport Using Blockchain and Interplanetary File SystemFuture Internet10.3390/fi1607024616:7(246)Online publication date: 13-Jul-2024
https://doi.org/10.3390/fi16070246
Saxena RArora DNagar VChaurasia B(2024)Blockchain transaction deanonymization using ensemble learningMultimedia Tools and Applications10.1007/s11042-024-19233-5Online publication date: 26-Apr-2024
https://doi.org/10.1007/s11042-024-19233-5
Eskeland SBoudko S(2024)Efficient Non-interactive Anonymous CommunicationICT Systems Security and Privacy Protection10.1007/978-3-031-56326-3_8(102-116)Online publication date: 24-Apr-2024
https://doi.org/10.1007/978-3-031-56326-3_8
Show More Cited By

Index Terms

Crowds: anonymity for Web transactions

Recommendations

CoverUp: Privacy Through "Forced" Participation in Anonymous Communication Networks
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Many privacy-enhancing technologies, in particular anonymous communication networks (ACNs) as a key building block, suffer from a lack of a sufficient number of participants. Without high user participation, ACNs are vulnerable to traffic analysis ...
Refereed paper: A secure world-wide-web daemon

In this paper we begin by discussing some of the protection-related history of World-Wide-Web servers and clients, some of their betterknown vulnerabilities, and the need for a more secure server environment. We then discuss the protection goals we ...
Crowds: Anonymity for Web Transactions

Reviews

Reviewer: Valentin Cristea

The Crowds system implements a new approach to protecting users' privacy when they retrieve information on the Web. The approach is based on the idea of grouping Web users into a geographically diverse collection, called a crowd, and hiding each user's actions among the actions of many other members of the group. To execute Web transactions, a user first joins a group of users. The user's request to a Web server is transmitted by way of a simple randomized routing protocol, to protect the user against attackers. Several degrees of anonymity are defined, ranging from no anonymity to complete anonymity, with several interesting intermediate degrees. The design of the Crowds system is described, with emphasis on the measures it takes to defend against various attacks that result from the way the Web works. The performance, scalability, and limitations of the system are also presented. After the introduction, section 2 presents the anonymity goals of the system and introduces the notion of degree of anonymity. Three intermediate points in the anonymity spectrum are defined: beyond suspicion, probable innocence, and possible innocence. What Crowds does and does not achieve in terms of these degrees of anonymity is discussed. Based on these definitions, in the following section the authors compare Crowds with other approaches to anonymity. The basic Crowds mechanisms are described in section 4 with the help of graphs and pseudocode. The security of Crowds is analyzed in section 5, based on probabilities. The performance and scalability of the system are presented in the next two sections. Response latency as a function of path length, page size, and number of embedded images is presented using diagrams and an analytic model. Section 8 is devoted to crowd membership, and section 9 describes the user interface. The obstacles that firewalls present to wide adoption of Crowds are briefly presented in s ection 10. Section 11 contains conclusions. The organization of the topics is good, and the level of detail is suitable. The reference list includes both recent works and important older papers. This work may be useful to many people interested in Internet security and especially in how to hide their identity from the servers they access.

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

ACM Transactions on Information and System Security Volume 1, Issue 1

Nov. 1998

132 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/290163

Editor:
Ravi Sanhu
George Mason University, Fairfax, VA

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 November 1998

Published in TISSEC Volume 1, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1,277
Total Citations
View Citations
4,608
Total Downloads

Downloads (Last 12 months)344
Downloads (Last 6 weeks)36

Reflects downloads up to 26 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lazzaro SBuccafurri F(2024)Achieving Accountability and Data Integrity in Message Queuing Telemetry Transport Using Blockchain and Interplanetary File SystemFuture Internet10.3390/fi1607024616:7(246)Online publication date: 13-Jul-2024
https://doi.org/10.3390/fi16070246
Saxena RArora DNagar VChaurasia B(2024)Blockchain transaction deanonymization using ensemble learningMultimedia Tools and Applications10.1007/s11042-024-19233-5Online publication date: 26-Apr-2024
https://doi.org/10.1007/s11042-024-19233-5
Eskeland SBoudko S(2024)Efficient Non-interactive Anonymous CommunicationICT Systems Security and Privacy Protection10.1007/978-3-031-56326-3_8(102-116)Online publication date: 24-Apr-2024
https://doi.org/10.1007/978-3-031-56326-3_8
Khan RUllah MShafi B(2023)Web Search Privacy Evaluation MetricsProtecting User Privacy in Web Search Utilization10.4018/978-1-6684-6914-9.ch003(46-62)Online publication date: 3-Mar-2023
https://doi.org/10.4018/978-1-6684-6914-9.ch003
Khan RUllah MShafi BIhsan I(2023)A Survey on Performance Evaluation Mechanisms for Privacy-Aware Web Search SchemesProtecting User Privacy in Web Search Utilization10.4018/978-1-6684-6914-9.ch002(26-45)Online publication date: 3-Mar-2023
https://doi.org/10.4018/978-1-6684-6914-9.ch002
Ullah MAbbas ARukh LUllah KHaq M(2023)State of the Art in Distributed Privacy-Preserving Protocols in Private Web SearchProtecting User Privacy in Web Search Utilization10.4018/978-1-6684-6914-9.ch001(1-25)Online publication date: 3-Mar-2023
https://doi.org/10.4018/978-1-6684-6914-9.ch001
Cheval VCrubillé RKremer S(2023)Symbolic protocol verification with dice1Journal of Computer Security10.3233/JCS-23003731:5(501-538)Online publication date: 13-Oct-2023
https://doi.org/10.3233/JCS-230037
Neves FSouza RSousa JBonfim MGarcia V(2023)Data privacy in the Internet of Things based on anonymizationJournal of Computer Security10.3233/JCS-21008931:3(261-291)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.3233/JCS-210089
Cui JHuang CMeng HWei R(2023)Tor network anonymity evaluation based on node anonymityCybersecurity10.1186/s42400-023-00191-86:1Online publication date: 8-Nov-2023
https://doi.org/10.1186/s42400-023-00191-8
Kordyaka BLaato SJahn KHamari JNiehaves B(2023)The Cycle of Toxicity: Exploring Relationships between Personality and Player Roles in Toxic Behavior in Multiplayer Online Battle Arena GamesProceedings of the ACM on Human-Computer Interaction10.1145/36110437:CHI PLAY(611-641)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3611043
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

CoverUp: Privacy Through "Forced" Participation in Anonymous Communication Networks

Refereed paper: A secure world-wide-web daemon