Conference Paper

PAR: Payment for Anonymous Routing.

DOI: 10.1007/978-3-540-70630-4_14 Conference: Privacy Enhancing Technologies, 8th International Symposium, PETS 2008, Leuven, Belgium, July 23-25, 2008, Proceedings
Source: DBLP

ABSTRACT Despite the growth of the Internet and the increasing con- cern for privacy of online communications, current deployments of anon- ymization networks depend on a very small set of nodes that volunteer their bandwidth. We believe that the main reason is not disbelief in their ability to protect anonymity, but rather the practical limitations in bandwidth and latency that stem from limited participation. This limited participation, in turn, is due to a lack of incentives to participate. We propose providing economic incentives, which historically have worked very well. In this paper, we demonstrate a payment scheme that can be used to compensate nodes which provide anonymity in Tor, an existing onion routing, anonymizing network. We show that current anonymous pay- ment schemes are not suitable and introduce a hybrid payment system based on a combination of the Peppercoin Micropayment system and a new type of "one use" electronic cash. Our system claims to maintain users' anonymity, although payment techniques mentioned previously - when adopted individually - provably fail.

  • [Show abstract] [Hide abstract]
    ABSTRACT: We present a novel hybrid communication protocol that guarantees mobile users’ anonymity against a wide-range of adversaries by exploiting the capability of handheld devices to connect to both WiFi and cellular networks. Unlike existing anonymity schemes, we consider all parties that can intercept communications between a mobile user and a server as potential privacy threats. We formally quantify the privacy exposure and the protection of our system in the presence of malicious neighboring peers, global WiFi eavesdroppers, and omniscient mobile network operators, which possibly collude to breach user’s anonymity or disrupt the communication. We also describe how a micropayment scheme that suits our mobile scenario can provide incentives for peers to collaborate in the protocol. Finally, we evaluate the network overhead and attack resiliency of our protocol using a prototype implementation deployed in Emulab and Orbit, and our probabilistic model.
    ACM Transactions on Internet Technology 05/2013; 12(3). · 0.58 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: The continuing advancements in microprocessor technologies are putting more and more computing power into small devices. Today smartphones are especially popular. Nevertheless, for resource intensive tasks such devices are still too constrained. However, the simultaneous trend of providing computing resources as a commodity on a pay-as-you-go basis (cloud computing) combined with such mobile devices facilitates interesting applications: Mobile clients can simply outsource resource intensive tasks to the cloud. Since clients have to pay a cloud provider (CP) for consumed resources, e.g. instance hours of virtual machines, clients may consider it as privacy intrusive that the CP is able to record the activity pattern of users, i.e. how often and how much resources are consumed by a specific client. In this paper we present a solution to this dilemma which allows clients to anonymously consume resources of a CP such that the CP is not able to track users' activity patterns. We present a scenario which integrates up-to-date security enhanced platforms as processing nodes and a recent cloud payment scheme together with a concrete implementation supporting the practicality of the proposed approach.
    Proceedings of the 12th international conference on Privacy Enhancing Technologies; 07/2012
  • [Show abstract] [Hide abstract]
    ABSTRACT: Bitcoin is a decentralized payment system that relies on Proof-of-Work (PoW) to verify payments. Nowadays, Bitcoin is increasingly used in a number of fast payment scenarios, where the time between the exchange of currency and goods is short (in the order of few seconds). While the Bitcoin payment verification scheme is designed to prevent double-spending, our results show that the system requires tens of minutes to verify a transaction and is therefore inappropriate for fast payments. An example of this use of Bitcoin was recently reported in the media: Bitcoins were used as a form of \emph{fast} payment in a local fast-food restaurant. Until now, the security of fast Bitcoin payments has not been studied. In this paper, we analyze the security of using Bitcoin for fast payments. We show that, unless appropriate detection techniques are integrated in the current Bitcoin implementation, double-spending attacks on fast payments succeed with overwhelming probability and can be mounted at low cost. We further show that the measures recommended by Bitcoin developers for the use of Bitcoin in fast payments are not always effective in detecting double-spending; we show that if those recommendations are integrated in future Bitcoin implementations, double-spending attacks on Bitcoin will still be possible. Finally, we propose and implement a modification to the existing Bitcoin implementation that ensures the detection of double-spending attacks against fast payments.
    Proceedings of the 2012 ACM conference on Computer and communications security; 10/2012