Biblio

Anonymous communication networks (ACNs) are intended to protect the metadata during communication. As classic ACNs, onion mix-nets are famous for strong anonymity, in which the source defines a static path and wraps the message multi-times with the public keys of nodes on the path, through which the message is relayed to the destination. However, onion mix-nets lacks in resilience when the static on-path mixes fail. Mix failure easily results in message loss, communication failure, and even specific attacks. Therefore, it is desirable to achieve resilient routing in onion mix-nets, providing persistent routing capability even though node failure. The state-of-theart solutions mainly adopt mix groups and thus need to share secret keys among all the group members which may cause single point of failure. To address this problem, in this work we propose a hybrid routing approach, which embeds the onion mix-net with hop-by-hop routing to increase routing resilience. Furthermore, we propose the threshold hybrid routing to achieve better key management and avoid single point of failure. As for experimental evaluations, we conduct quantitative analysis of the resilience and realize a local T-hybrid routing prototype to test performance. The experimental results show that our proposed routing strategy increases routing resilience effectively, at the expense of acceptable latency.

With the development of Internet technology, the attacker gets more and more complex background knowledge, which makes the anonymous model susceptible to background attack. Although the differential privacy model can resist the background attack, it reduces the versatility of the data. In this paper, this paper proposes a differential privacy information publishing algorithm based on clustering anonymity. The algorithm uses the cluster anonymous algorithm based on KD tree to cluster the original data sets and gets anonymous tables by anonymous operation. Finally, the algorithm adds noise to the anonymous table to satisfy the definition of differential privacy. The algorithm is compared with the DCMDP (Density-Based Clustering Mechanism with Differential Privacy, DCMDP) algorithm under different privacy budgets. The experiments show that as the privacy budget increases, the algorithm reduces the information loss by about 80% of the published data.

Mobile Ad-hoc Networks (MANETs) are formed when a group of mobile nodes, communicate through wireless links in the absence of central administration. These features make them more vulnerable to several attacks like identity spoofing which leads to identity disclosure. Providing anonymity and privacy for identity are critical issues, especially when the size of such networks scales up. to avoid the centralization problem for key distribution in MANETs. This paper proposes a key distribution scheme for clustered ad-hoc networks. The network is divided into groups of clusters, and each cluster head is responsible for distributing periodically updated security keys among cluster members, for protecting privacy through encryption. Also, an authentication scheme is proposed to ensure the confidentiality of new members to the cluster. The simulation study proves the effectiveness of the proposed scheme in terms of availability and overhead. It scales well for high dense networks and gives less packet drop rate compared to its centralized counterpart in the presence of malicious nodes.

In 2008, 3GPP proposed the Long Term Evolution (LTE) in version 8. The standard is used in high-speed wireless communication standard for mobile terminal in telecommunication. It supports subscribers to access internet via specific base station after authentication. These authentication processes were defined in standard TS33.401 and TS33.102 by 3GPP. Authenticated processing standard inherits the authentication and key agreement protocol in RFC3310 and has been changed into authenticated scheme suitable for LTE. In the origin LTE authenticated scheme, subscribers need to transfer its International Mobile Subscriber Identity (IMSI) with plaintext. The IMSI might be intercepted and traced by fake stations. In this work, we propose a new scheme with a pseudo IMSI so that fake stations cannot get the real IMSI and trace the subscriber. The subscriber can keep anonymous and be confirmed by the base station for the legality. The pseudo identity is unlinkable to the subscriber. Not only does the proposed scheme enhance the security but also it just has some extra costs for signature generation and verification as compared to the original scheme.

In this paper, we propose the first identity-based broadcast encryption scheme, which can simultaneously achieves confidentiality and full anonymity against adaptive chosen-ciphertext attacks under a standard assumption. In addition, two further desirable features are also provided: one is fully-collusion resistant which means that even if all users outside of receivers S collude they cannot obtain any information about the plaintext. The other one is stateless which means that the users in the system do not need to update their private keys when the other users join or leave our system. In particular, our scheme is highly efficient, where the public parameters size, the private key size and the decryption cost are all constant and independent to the number of receivers.