In our daily life no one questions the necessity of privacy protection. Nevertheless, our privacy is often put at risk. The first problem has to do with the fact that privacy itself is a concept difficult to define. As a matter of fact, in many countries the concept has been confused with data protection, which interprets privacy in terms of the management of personal information. Nowadays, the term privacy is extended to territorial and communications protection. We will focus on the privacy of electronic communications. When referring to this type of communication, the first aspect we think about is security. In fact, this concept is widely discussed, and nowadays we often hear about threats and attacks to networks. Security attacks are usually split into active and passive attacks. We consider that an active attack takes place when an attacker injects or modifies traffic in the network with different purposes, such as denial of service or gaining unauthorized access. Unlike active attacks, a passive attack takes place whenever the attacker merely inspects the network by listening to packets, never injecting any packet. Malicious nodes hope to be ‘invisible’ in order to collect as much network information as possible just by using timing analysis and eavesdropping routing information. A way to avoid this type of attack is to anonymize both data and routing traffic. In this manner we can hide the identities of communicating nodes and avoid data flow traceability. Various scenarios can be devised where anonymity is desirable. In a commercial transactions context, if we think about an off-line purchase, we accept that some users prefer to use cash when buying some goods and services, because anonymity makes them more comfortable with the transaction. Offering anonymity to online commerce would increase the number of transactions. Military communications are another typical example where not only privacy but also anonymity are crucial for the success of the corresponding mission. Finally, if we attend a meeting where some delicate matter is being voted on, it could be necessary for the identities to remain hidden. Again, in this case, anonymity is required.
In this article we will discuss the different degrees of anonymity provided by means of different proposals found in the literature, emphasizing those issues that are still unsolved.
Key Terms in this Chapter
Undetectability: Incapability of observing an established communication. Thus, undetectability prevents that third parties can observe when a packet is being sent through the network.
Dummy Traffic: Randomly generated packets injected in the network to make the perception of real traffic difficult.
Anonymity: State of being not identifiable among other items belonging to a set. This set is called anonymity set .
Spread-Spectrum Techniques: Methods by which energy generated with a certain bandwidth is deliberately spread in the frequency domain, resulting in a signal with a wider bandwidth.
Unlinkability: Incapability of stating the relation between two observed items of the system. For example, recipient unlinkability ensures that the sending of a packet and the corresponding recipient cannot be linked by others.
Unobservability: Undetectability by external attackers plus anonymity for internal attackers.
Steganography: The art and science of writing hidden messages in such a way that no one apart from the sender and the intended recipient even realizes that there is a hidden message.
Item of the System: Any participating subject, object, or action: node, user, message, sending, and so forth.
Untraceability: Property of maintaining routes unknown to either external or internal attackers.