Article Preview
TopIntroduction
The Internet user’s data become easier to be collected, used, and stored either legally or illegally. The improvement of data storage tools and traceability mechanisms has a great influence on the “invasion of privacy”. According to ISO (2005), Traceability is an ability to trace the history, application or location of an entity or activity using a recorded identification. In other words, traceability helps to control and track the user’s behavior (purchases, participation in discussion forums, download, cookies, etc.). Thereby, users’ personal data is spread freely in a world without borders either on a voluntary (e.g. data filled in a form) or involuntary way (e.g. hacked data). Despite the implementation of many tools to protect privacy, there is practically no system that can be considered as intangible and completely reliable.
An electronic service provides Internet users with a set of interactions in different sectors through the Information and Communication Technologies (ICT) (Goblet, 2009). Examples of e-services include e-commerce, e-business, e-sourcing, e-mall, e-learning, e-government, e-democracy, e-health, e-banking, etc. It is thus the users’ intention to make online transactions using a kind of masks (i.e. pseudonyms) to hide their true identity in order to surf anonymously and without being identified. The anonymity is one of the fundamental properties for the users’ privacy protection in online services. The e-service users need to know about their level of privacy protection and particularly their level of anonymity, which makes the anonymity quantification in the context of e-services a crucial issue. The studies related to the anonymity have been initiated at the beginning of the 80s with David Chaum (1981) in his paper entitled: The non-traceability of electronic mail. The studies carried out at that time were not comprehensive enough. However in 2000, this property (anonymity) has drawn the attention of many researchers. In (Pfitzmann and Hansen, 2000), the authors have proposed the following definition: Anonymity is the state of being not identifiable within a set of subjects, the anonymity set (senders and receivers represent the subjects). In other words, if a sender is seen as an anonymous entity, then, the whole of the anonymity senders cannot identify this sender (the same in the case of a receiver). Therefore, the more the anonymity set is large, the more the subject is anonymous. Anonymity isn’t related only to the subject identity but also to all information that can identify the subject. Thus, the purpose of the anonymity property is to ensure that the link between the user and his real identity is hidden. In some specific e-services, the anonymity becomes a fundamental requirement where the identity of the user cannot be revealed in any cases. For example, in e-voting, it should be impossible to discover the real identity of the voter. The major problem in this case, is that e-service entities must ensure that a voter has the right to vote and it should be impossible to reveal and prove the relationship between a voter and his cast vote (Diaz, Claessens, & Preneel, 2003). A service that provides a secure and confidential use of data does not necessarily guarantee the user anonymity. The entities that use this service need to know at which level, it respects their anonymity.
In open environments with dynamic and mobile characteristics, anonymity quantification can no longer be based on certain and precise data. Most existing studies are limited to handle only the case where the number of service users is fixed in advance without considering any kind of knowledge about the attackers. In this context, we propose a new approach to quantify anonymity that considers the following criteria:
- •
The number of users is not fixed in advance.
- •
The service may learn some priori knowledge about the internal and external attackers.
- •
The service may learn some posteriori knowledge about the internal and external attackers.