Hang With Your Buddies to Resist Intersection Attacks
This addresses the issue of pseudonymity exposure in dynamic networks for users needing linkable messages without sender identification, offering a systematic solution to resist intersection attacks.
The paper tackles the problem of intersection attacks in practical anonymity systems by introducing Buddies, a design that groups users into buddy sets to make them behaviorally indistinguishable under traffic analysis. The result shows that Buddies can guarantee non-trivial anonymity set sizes in realistic chat and microblogging scenarios, as validated through trace-based simulations and a prototype.
Some anonymity schemes might in principle protect users from pervasive network surveillance - but only if all messages are independent and unlinkable. Users in practice often need pseudonymity - sending messages intentionally linkable to each other but not to the sender - but pseudonymity in dynamic networks exposes users to intersection attacks. We present Buddies, the first systematic design for intersection attack resistance in practical anonymity systems. Buddies groups users dynamically into buddy sets, controlling message transmission to make buddies within a set behaviorally indistinguishable under traffic analysis. To manage the inevitable tradeoffs between anonymity guarantees and communication responsiveness, Buddies enables users to select independent attack mitigation policies for each pseudonym. Using trace-based simulations and a working prototype, we find that Buddies can guarantee non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for both short-lived and long-lived pseudonyms.