搜索结果：Anonymous

Here is the ultimate book on the worldwide movement of hackers, pranksters, and activists that operates under the non-name Anonymous, by the writer the Huffington Post says knows all of Anonymous deepest, darkest secrets. Half a dozen years ago, anthropologist Gabriella Coleman set out to study the rise of this global phenomenon just as some of its members were turning to political protest and dangerous disruption (before Anonymous shot to fame as a key player in the battles over WikiLeaks, the Arab Spring, and Occupy Wall Street). She ended up becoming so closely connected to Anonymous that the tricky story of her inside outside status as Anon confidante, interpreter, and erstwhile mouthpiece forms one of the themes of this witty and entirely engrossing book. The narrative brims with details unearthed from within a notoriously mysterious subculture, whose semi-legendary tricksters such as Topiary, tflow, Anachaos, and Sabu emerge as complex, diverse, politically and culturally sophisticated people. Propelled by years of chats and encounters with a multitude of hackers, including imprisoned activist Jeremy Hammond and the double agent who helped put him away, Hector Monsegur, Hacker, Hoaxer, Whistleblower, Spy is filled with insights into the meaning of digital activism and little understood facets of culture in the Internet age, including the history of trolling, the ethics and metaphysics of hacking, and the origins and manifold meanings of the lulz.

Providing an efficient anonymous authentication scheme in vehicular ad hoc networks (VANETs) with low computational cost is a challenging issue. Even though, there are some existing schemes to provide anonymous authentication, the existing schemes suffer from high computational cost in the certificate and the signature verification process, which leads to high message loss. Therefore, they fail to meet the necessity of verifying hundreds of messages per second in VANETs. In our scheme, we propose an efficient anonymous authentication scheme to avoid malicious vehicles entering into the VANET. In addition, the proposed scheme offers a conditional tracking mechanism to trace the vehicles or roadside units that abuse the VANET. As a result, our scheme revokes the privacy of misbehaving vehicles to provide conditional privacy in a computationally efficient way through which the VANET entities will be anonymous to each other until they are revoked from the VANET system. Moreover, the proposed scheme is implemented and the performance analysis shows that our scheme is computationally efficient with respect to the certificate and the signature verification process by keeping conditional privacy in VANETs.

February 2011 saw the emergence of Silk Road, the first successful online anonymous marketplace, in which buy-ers and sellers could transact with anonymity properties far superior to those available in alternative online or of-fline means of commerce. Business on Silk Road, pri-marily involving narcotics trafficking, rapidly boomed, and competitors emerged. At the same time, law enforce-ment did not sit idle, and eventually managed to shut down Silk Road in October 2013 and arrest its operator. Far from causing the demise of this novel form of com-merce, the Silk Road take-down spawned an entire, dy-namic, online anonymous marketplace ecosystem, which has continued to evolve to this day. This paper presents a long-term measurement analysis of a large portion of this online anonymous marketplace ecosystem, including 16 different marketplaces, over more than two years (2013– 2015). By using long-term measurements, and combin-ing our own data collection with publicly available pre-vious efforts, we offer a detailed understanding of the growth of the online anonymous marketplace ecosystem. We are able to document the evolution of the types of goods being sold, and assess the effect (or lack thereof) of adversarial events, such as law enforcement operations or large-scale frauds, on the overall size of the economy. We also provide insights into how vendors are diversi-fying and replicating across marketplaces, and how ven-dor security practices (e.g., PGP adoption) are evolving. These different aspects help us understand how tradi-tional, physical-world criminal activities are developing an online presence, in the same manner traditional com-merce diversified online in the 1990s. 1

We define and propose an efficient and provably secure construction of blind signatures with attributes. Prior notions of blind signatures did not yield themselves to the construction of anonymous credential systems, not even if we drop the unlinkability requirement of anonymous credentials. Our new notion in contrast is a convenient building block for anonymous credential systems. The construction we propose is efficient: it requires just a few exponentiations in a prime-order group in which the decisional Diffie-Hellman problem is hard. Thus, for the first time, we give a provably secure construction of anonymous credentials that can work in the elliptic group setting without bilinear pairings and is based on the DDH assumption. In contrast, prior provably secure constructions were based on the RSA group or on groups with pairings, which made them prohibitively inefficient for mobile devices, RFIDs and smartcards. The only prior efficient construction that could work in such elliptic curve groups, due to Brands, does not have a proof of security.

Anonymous credential systems [8, 9, 12, 24] allow anonymous yet authenticated and accountable transactions between users and service providers. As such, they represent a powerful technique for protecting users' privacy when conducting Internet transactions. In this paper, we describe the design and implementation of an anonymous credential system based on the protocols developed by [6]. The system is based on new high-level primitives and interfaces allowing for easy integration into access control systems. The prototype was realized in Java. We demonstrate its use and some deployment issues with the description of an operational demonstration scenario.

Despite two decades of intensive research, it remains a challenge to design a practical anonymous two-factor authentication scheme, for the designers are confronted with an impressive list of security requirements (e.g., resistance to smart card loss attack) and desirable attributes (e.g., local password update). Numerous solutions have been proposed, yet most of them are shortly found either unable to satisfy some critical security requirements or short of a few important features. To overcome this unsatisfactory situation, researchers often work around it in hopes of a new proposal (but no one has succeeded so far), while paying little attention to the fundamental question: whether or not there are inherent limitations that prevent us from designing an “ideal” scheme that satisfies all the desirable goals? In this work, we aim to provide a definite answer to this question. We first revisit two foremost proposals, i.e. Tsai et al.'s scheme and Li's scheme, revealing some subtleties and challenges in designing such schemes. Then, we systematically explore the inherent conflicts and unavoidable trade-offs among the design criteria. Our results indicate that, under the current widely accepted adversarial model, certain goals are beyond attainment. This also suggests a negative answer to the open problem left by Huang et al. in 2014. To the best of knowledge, the present study makes the first step towards understanding the underlying evaluation metric for anonymous two-factor authentication, which we believe will facilitate better design of anonymous two-factor protocols that offer acceptable trade-offs among usability, security and privacy.

Bit coin is the first digital currency to see widespread adoption. While payments are conducted between pseudonyms, Bit coin cannot offer strong privacy guarantees: payment transactions are recorded in a public decentralized ledger, from which much information can be deduced. Zero coin (Miers et al., IEEE S&P 2013) tackles some of these privacy issues by unlinking transactions from the payment's origin. Yet, it still reveals payments' destinations and amounts, and is limited in functionality. In this paper, we construct a full-fledged ledger-based digital currency with strong privacy guarantees. Our results leverage recent advances in zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARKs). First, we formulate and construct decentralized anonymous payment schemes (DAP schemes). A DAP scheme enables users to directly pay each other privately: the corresponding transaction hides the payment's origin, destination, and transferred amount. We provide formal definitions and proofs of the construction's security. Second, we build Zero cash, a practical instantiation of our DAP scheme construction. In Zero cash, transactions are less than 1 kB and take under 6 ms to verify - orders of magnitude more efficient than the less-anonymous Zero coin and competitive with plain Bit coin.

OBJECTIVES: Medical errors cause significant morbidity and mortality in hospitalized patients. Specialty-based, voluntary reporting of medical errors by health care providers is an important strategy that may enhance patient safety. We developed a voluntary, anonymous, Internet-based reporting system for medical errors in neonatal intensive care, evaluated its feasibility, and identified errors that affect high-risk neonates and their families. METHODS: Health professionals (n = 739) from 54 hospitals in the Vermont Oxford Network received access to a secure Internet site for anonymous reporting of errors, near-miss errors, and adverse events. Reports used free-text entry in phase 1 (17 months) and a structured form in phase 2 (10 months). The number and types of reported events and factors that contributed to the events were measured. RESULTS: Of 1230 reports--522 in phase 1 (17 months) and 708 in phase 2 (10 months)--the most frequent event categories were wrong medication, dose, schedule, or infusion rate (including nutritional agents and blood products; 47%); error in administration or method of using a treatment (14%); patient misidentification (11%); other system failure (9%); error or delay in diagnosis (7%); and error in the performance of an operation, procedure, or test (4%). The most frequent contributory factors were failure to follow policy or protocol (47%), inattention (27%), communications problem (22%), error in charting or documentation (13%), distraction (12%), inexperience (10%), labeling error (10%), and poor teamwork (9%). In 24 reports, family members assisted in discovery, contributed to the cause, or themselves were victims of the error. Serious patient harm was reported in 2% and minor harm in 25% of phase 2 events. CONCLUSIONS: Specialty-based, voluntary, anonymous Internet reporting by health care professionals identified a broad range of medical errors in neonatal intensive care and promoted multidisciplinary collaborative learning. Similar specialty-based systems have the potential to enhance patient safety in a variety of clinical settings.

Smart grids equipped with bi-directional communication flow are expected to provide more sophisticated consumption monitoring and energy trading. However, the issues related to the security and privacy of consumption and trading data present serious challenges. In this paper we address the problem of providing transaction security in decentralized smart grid energy trading without reliance on trusted third parties. We have implemented a proof-of-concept for decentralized energy trading system using blockchain technology, multi-signatures, and anonymous encrypted messaging streams, enabling peers to anonymously negotiate energy prices and securely perform trading transactions. We conducted case studies to perform security analysis and performance evaluation within the context of the elicited security and privacy requirements.

Due to the broadcast nature of radio transmissions, communications in mobile ad hoc networks (MANETs) are more susceptible to malicious traffic analysis. In this paper we propose a novel anonymous on-demand routing protocol, termed MASK, to enable anonymous communications thereby thwarting possible traffic analysis attacks. Based on a new cryptographic concept called pairing, we first propose an anonymous neighborhood authentication protocol which allows neighboring nodes to authenticate each other without revealing their identities. Then utilizing the secret pairwise link identifiers and keys established between neighbors during the neighborhood authentication process, MASK fulfills the routing and packet forwarding tasks nicely without disclosing the identities of participating nodes under a rather strong adversarial model. MASK provides the desirable sender and receiver anonymity, as well as the relationship anonymity of the sender and receiver. It is also resistant to a wide range of adversarial attacks. Moreover, MASK preserves the routing efficiency in contrast to previous proposals. Detailed anonymity analysis and simulation studies are carried out to validate and justify the effectiveness of MASK.

Abstract. Consider a system of multiple mobile robots in which each robot, at infinitely many unpredictable time instants, observes the positions of all the robots and moves to a new position determined by the given algorithm. The robots are anonymous in the sense that they all execute the same algorithm and they cannot be distinguished by their appearances. Initially they do not have a common x-y coordinate system. Such a system can be viewed as a distributed system of anonymous mobile processes in which the processes (i.e., robots) can “communicate ” with each other only by means of their moves. In this paper we investigate a number of formation problems of geometric patterns in the plane by the robots. Specifically, we present algorithms for converging the robots to a single point and moving the robots to a single point in finite steps. We also characterize the class of geometric patterns that the robots can form in terms of their initial configuration. Some impossibility results are also presented.

Article Share on Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking Authors: Marco Gruteser View Profile , Dirk Grunwald View Profile Authors Info & Claims MobiSys '03: Proceedings of the 1st international conference on Mobile systems, applications and servicesMay 2003Pages 31–42https://doi.org/10.1145/1066116.1189037Published:05 May 2003Publication History 1,618citation6,645DownloadsMetricsTotal Citations1,618Total Downloads6,645Last 12 Months247Last 6 weeks14 Get Citation AlertsNew Citation Alert added!This alert has been successfully added and will be sent to:You will be notified whenever a record that you have chosen has been cited.To manage your alert preferences, click on the button below.Manage my AlertsNew Citation Alert!Please log in to your account Save to BinderSave to BinderCreate a New BinderNameCancelCreateExport CitationPublisher SiteGet Access

This paper presents PrivacyGrid - a framework for supporting anonymous location-based queries in mobile information delivery systems. The PrivacyGrid framework offers three unique capabilities. First, it provides a location privacy protection preference profile model, called location P3P, which allows mobile users to explicitly define their preferred location privacy requirements in terms of both location hiding measures (e.g., location k-anonymity and location l-diversity) and location service quality measures (e.g., maximum spatial resolution and maximum temporal resolution). Second, it provides fast and effective location cloaking algorithms for location k-anonymity and location l-diversity in a mobile environment. We develop dynamic bottom-up and top-down grid cloaking algorithms with the goal of achieving high anonymization success rate and efficiency in terms of both time complexity and maintenance cost. A hybrid approach that carefully combines the strengths of both bottom-up and top-down cloaking approaches to further reduce the average anonymization time is also developed. Last but not the least, PrivacyGrid incorporates temporal cloaking into the location cloaking process to further increase the success rate of location anonymization. We also discuss PrivacyGrid mechanisms for supporting anonymous location queries. Experimental evaluation shows that the PrivacyGrid approach can provide close to optimal location k-anonymity as defined by per user location P3P without introducing significant performance penalties.

Vehicular ad hoc networks (VANETs) have recently received significant attention in improving traffic safety and efficiency. However, communication trust and user privacy still present practical concerns to the deployment of VANETs, as many existing authentication protocols for VANETs either suffer from the heavy workload of downloading the latest revocation list from a remote authority or cannot allow drivers on the road to decide the trustworthiness of a message when the authentication on messages is anonymous. In this paper, to cope with these challenging concerns, we propose a new authentication protocol for VANETs in a decentralized group model by using a new group signature scheme. With the assistance of the new group signature scheme, the proposed authentication protocol is featured with threshold authentication, efficient revocation, unforgeability, anonymity, and traceability. In addition, the assisting group signature scheme may also be of independent interest, as it is characterized by efficient traceability and message linkability at the same time. Extensive analyses indicate that our proposed threshold anonymous authentication protocol is secure, and the verification of messages among vehicles can be accelerated by using batch message processing techniques.

To fully support information management among various stakeholders in smart grid domains, how to establish secure communication sessions has become an important issue for smart grid environments. In order to support secure communications between smart meters and service providers, key management for authentication becomes a crucial security topic. Recently, several key distribution schemes have been proposed to provide secure communications for smart grid. However, these schemes do not support smart meter anonymity and possess security weaknesses. This paper utilizes an identity-based signature scheme and an identity-based encryption scheme to propose a new anonymous key distribution scheme for smart grid environments. In the proposed scheme, a smart meter can anonymously access services provided by service providers using one private key without the help of the trusted anchor during authentication. In addition, the proposed scheme requires only a few of computation operations at the smart meter side. Security analysis is conducted to prove the proposed scheme is secure under random oracle model.

In anonymous networks, the processors do not have identity numbers. We investigate the following representative problems on anonymous networks: (a) the leader election problem, (b) the edge election problem, (c) the spanning tree construction problem, and (d) the topology recognition problem. On a given network, the above problems may or may not be solvable, depending on the amount of information about the attributes of the network made available to the processors. Some possibilities are: (1) no network attribute information at all is available, (2) an upper bound on the number of processors in the network is available, (3) the exact number of processors in the network is available, and (4) the topology of the network is available. In terms of a new graph property called "symmetricity", in each of the four cases (1)-(4) above, we characterize the class of networks on which each of the four problems (a)(d) is solvable. We then relate the symmetricity of a network to its 1- and 2-factors.

Bitcoin is the first e-cash system to see widespread adoption. While Bitcoin offers the potential for new types of financial interaction, it has significant limitations regarding privacy. Specifically, because the Bitcoin transaction log is completely public, users' privacy is protected only through the use of pseudonyms. In this paper we propose Zerocoin, a cryptographic extension to Bitcoin that augments the protocol to allow for fully anonymous currency transactions. Our system uses standard cryptographic assumptions and does not introduce new trusted parties or otherwise change the security model of Bitcoin. We detail Zerocoin's cryptographic construction, its integration into Bitcoin, and examine its performance both in terms of computation and impact on the Bitcoin protocol.

This paper describes the direct anonymous attestation scheme (DAA). This scheme was adopted by the Trusted Computing Group (TCG) as the method for remote authentication of a hardware module, called Trusted Platform Module (TPM), while preserving the privacy of the user of the platform that contains the module. DAA can be seen as a group signature without the feature that a signature can be opened, i.e., the anonymity is not revocable. Moreover, DAA allows for pseudonyms, i.e., for each signature a user (in agreement with the recipient of the signature) can decide whether or not the signature should be linkable to another signature. DAA furthermore allows for detection of "known" keys: if the DAA secret keys are extracted from a TPM and published, a verifier can detect that a signature was produced using these secret keys. The scheme is provably secure in the random oracle model under the strong RSA and the decisional Diffie-Hellman assumption.

Recently, highly accurate positioning devices enable us to provide various types of location-based services. On the other hand, because such position data include deeply personal information, the protection of location privacy is one of the most significant problems in location-based services. In this paper, we propose an anonymous communication technique to protect the location privacy of the users of location-based services. In our proposed technique, such users generate several false position data (dummies) to send to service providers with the true position data of users. Because service providers cannot distinguish the true position data, user location privacy is protected. We also describe a cost reduction technique for communication between a client and a server. Moreover, we conducted performance study experiments on our proposed technique using practical position data. As a result of the experiments, we observed that our proposed technique protects the location privacy of people and can sufficiently reduce communication costs so that our communication techniques can be applied in practical location-based services.