分布式环境下匿名通信机制及可控技术研究
|
摘要
随着计算机网络的发展,Internet上的安全和隐私越来越受到人们的关注。为了解决网络安全问题以及人们关注的隐私问题,匿名通信关键技术的研究逐渐为人们所重视,成为当前本学科领域国内外研究的热点之一。
本文在对当前匿名通信研究情况进行综述的基础上,对匿名通信中的关键技术及其在大规模网络应用中存在的问题展开研究,重点研究了分布式环境下的匿名通信机制、可控性以及匿名性能衡量方法,主要研究工作包括:
针对典型的基于密钥基础设施的匿名通信机制存在的需要可信中心为节点事先分配密钥或者密钥参数,而不适用于分布式环境中的问题,基于信息分割机制,综合网络编码和源路由的思想,提出了一种基于多路径网络编码的信息分割传输策略ITNC,并将该策略应用到匿名通信的建路机制中,提出了一种新的匿名通信策略AC-ITNC。AC-ITNC实现了无密钥基础设施下匿名传输路径的建立,采用中间节点参与编码,编码信息片和编码系数分离传送策略,提高了系统的抗合谋攻击能力,优化了匿名性能,为在无密钥基础设施的分布式环境中实现匿名通信提供了新的思路。
针对匿名的滥用问题,提出了一种新的可撤销匿名通信模型,采用地址分割技术、签名技术和分组管理机制来保证合法用户匿名性的同时追踪出匿名滥用者的源IP地址;考虑实际网络环境中恶意节点具有按地理区域集中分布的特点,引入基于地理区域的分组机制,提出一种结合地理分区的可撤销匿名通信方案,通过限制匿名路径上同一地理区域内的节点个数来降低恶意节点在路径上出现的次数,从而提高匿名性,理论分析和模拟实验结果表明该方案能有效提高可控匿名系统的抗合谋攻击能力。
针对目前的匿名衡量方法不能反映匿名概率集中的概率突出且接近者会影响攻击判定的问题,给出相近匿名集的概念,设计了一种新的基于部分熵值的匿名性能衡量方法。该方法基于相近匿名集的元素个数、概率总和以及概率分布来定义匿名性衡量的指标,在保持熵值衡量概率均匀度特性的同时,能很好地反映攻击者从匿名概率集中找出目标的难易程度,理论分析和计算结果表明该标准能更好地衡量系统的匿名性能。
本文提出的无密钥基础设施的匿名通信模型、匿名滥用控制协议以及匿名性能衡量方法从不同的角度出发,有效地解决了匿名通信在实际应用中存在的一些问题,为其在分布式环境下大规模网络中的实际应用提供了良好的理论基础和应用依据。
With the development of computer network, security and privacy on Internet are drawing more and more people's attention. In order to resolve the network security and the privacy issues which are concerned by most of the people, key technologies of anonymous communication are gradually gaining in importance as one of the hot domestic and international researches.
In this paper, based on the overview of the current research in anonymous communication, we have undertaken a study on the key technologies of anonymous communication and their application problems in large-scale network, focusing on the anonymous communication mechanism, controllability and anonymity measure in distributed environment. The main research work includes:
In the typical anonymous communication mechanisms based on key infrastructure, the trusted third party is needed to pre-distribute keys or the key parameters, which can not be applied in complete distributed environment. By using the mechanism of information slicing and the thought of network coding and source routing, a new strategy named ITNC which based on the multi-path network coding is proposed. Then a novel anonymous communication mechanism AC-ITNC without key infrastructure, which uses ITNC to set up the anonymous path, is presented. In the new mechanism, the intermediate nodes involved in coding, the coding coefficients and coded information pieces are delivered separately. It not only improves the security against conspiracy attack but also optimizes the performance of anonymous system. It also provides a new way to achieve anonymous communication in the distributed environment without key infrastructure.
Considering the abuse of anonymity, we propose a new revocable anonymous communication model which uses address slicing, signature technology and group management mechanism. It can trace the source IP address of the anonymous abuser while ensuring the anonymity of legitimate users. By introducing group mechanism based on geographic regions, this paper proposes a revocable anonymous communication measure based on location partition, which can improve the anonymity by limiting the nodes within the same geographic region to reduce the number of malicious nodes in the anonymous path. The theoretical analysis and experimental results show that the new measure can effectively improve the anti-collusion attack capability of the system.
In this paper some typical anonymity measures are analyzed and limitations of these measures will be highlighted. Then a new anonymity measure based on partial entropy is proposed, in which the anonymity is measured by using the entropy of the probability distribution of some distinct subjects in anonymity set. The new measure can keep the characteristic of entropy measure, and works well on reflecting the degree of difficulty for the attacker to find the targets from the anonymity set. The results of analysis and calculation show that the new measure is preferable for anonymity evaluation.
As this paper proposed, the new anonymous communication model, the anonymous abuse control protocol as well as the anonymity measure effectively resolved some of the problems that exist in the practical application of anonymous communication. They also provide the theoretical basis and applied foundation for the application of anonymous communication in distributed environment.
本文在对当前匿名通信研究情况进行综述的基础上,对匿名通信中的关键技术及其在大规模网络应用中存在的问题展开研究,重点研究了分布式环境下的匿名通信机制、可控性以及匿名性能衡量方法,主要研究工作包括:
针对典型的基于密钥基础设施的匿名通信机制存在的需要可信中心为节点事先分配密钥或者密钥参数,而不适用于分布式环境中的问题,基于信息分割机制,综合网络编码和源路由的思想,提出了一种基于多路径网络编码的信息分割传输策略ITNC,并将该策略应用到匿名通信的建路机制中,提出了一种新的匿名通信策略AC-ITNC。AC-ITNC实现了无密钥基础设施下匿名传输路径的建立,采用中间节点参与编码,编码信息片和编码系数分离传送策略,提高了系统的抗合谋攻击能力,优化了匿名性能,为在无密钥基础设施的分布式环境中实现匿名通信提供了新的思路。
针对匿名的滥用问题,提出了一种新的可撤销匿名通信模型,采用地址分割技术、签名技术和分组管理机制来保证合法用户匿名性的同时追踪出匿名滥用者的源IP地址;考虑实际网络环境中恶意节点具有按地理区域集中分布的特点,引入基于地理区域的分组机制,提出一种结合地理分区的可撤销匿名通信方案,通过限制匿名路径上同一地理区域内的节点个数来降低恶意节点在路径上出现的次数,从而提高匿名性,理论分析和模拟实验结果表明该方案能有效提高可控匿名系统的抗合谋攻击能力。
针对目前的匿名衡量方法不能反映匿名概率集中的概率突出且接近者会影响攻击判定的问题,给出相近匿名集的概念,设计了一种新的基于部分熵值的匿名性能衡量方法。该方法基于相近匿名集的元素个数、概率总和以及概率分布来定义匿名性衡量的指标,在保持熵值衡量概率均匀度特性的同时,能很好地反映攻击者从匿名概率集中找出目标的难易程度,理论分析和计算结果表明该标准能更好地衡量系统的匿名性能。
本文提出的无密钥基础设施的匿名通信模型、匿名滥用控制协议以及匿名性能衡量方法从不同的角度出发,有效地解决了匿名通信在实际应用中存在的一些问题,为其在分布式环境下大规模网络中的实际应用提供了良好的理论基础和应用依据。
With the development of computer network, security and privacy on Internet are drawing more and more people's attention. In order to resolve the network security and the privacy issues which are concerned by most of the people, key technologies of anonymous communication are gradually gaining in importance as one of the hot domestic and international researches.
In this paper, based on the overview of the current research in anonymous communication, we have undertaken a study on the key technologies of anonymous communication and their application problems in large-scale network, focusing on the anonymous communication mechanism, controllability and anonymity measure in distributed environment. The main research work includes:
In the typical anonymous communication mechanisms based on key infrastructure, the trusted third party is needed to pre-distribute keys or the key parameters, which can not be applied in complete distributed environment. By using the mechanism of information slicing and the thought of network coding and source routing, a new strategy named ITNC which based on the multi-path network coding is proposed. Then a novel anonymous communication mechanism AC-ITNC without key infrastructure, which uses ITNC to set up the anonymous path, is presented. In the new mechanism, the intermediate nodes involved in coding, the coding coefficients and coded information pieces are delivered separately. It not only improves the security against conspiracy attack but also optimizes the performance of anonymous system. It also provides a new way to achieve anonymous communication in the distributed environment without key infrastructure.
Considering the abuse of anonymity, we propose a new revocable anonymous communication model which uses address slicing, signature technology and group management mechanism. It can trace the source IP address of the anonymous abuser while ensuring the anonymity of legitimate users. By introducing group mechanism based on geographic regions, this paper proposes a revocable anonymous communication measure based on location partition, which can improve the anonymity by limiting the nodes within the same geographic region to reduce the number of malicious nodes in the anonymous path. The theoretical analysis and experimental results show that the new measure can effectively improve the anti-collusion attack capability of the system.
In this paper some typical anonymity measures are analyzed and limitations of these measures will be highlighted. Then a new anonymity measure based on partial entropy is proposed, in which the anonymity is measured by using the entropy of the probability distribution of some distinct subjects in anonymity set. The new measure can keep the characteristic of entropy measure, and works well on reflecting the degree of difficulty for the attacker to find the targets from the anonymity set. The results of analysis and calculation show that the new measure is preferable for anonymity evaluation.
As this paper proposed, the new anonymous communication model, the anonymous abuse control protocol as well as the anonymity measure effectively resolved some of the problems that exist in the practical application of anonymous communication. They also provide the theoretical basis and applied foundation for the application of anonymous communication in distributed environment.
引文
[1]Pfitzmann A, Kohntopp M. Anonymity, Unobservability, and Pseudonymity:A Proposal for Terminology. In:H. Federrath, Ed. Designing Privacy Enhancing Technologies:Design Issues in Anonymity and Observability. Springer-Verlag, LNCS 2009,2000:1-9.
[2]Zhu B, Wan Z, Kankanhalli MS, et al. Anonymous Secure Routing in Mobile Ad-hoc Networks. In Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks (LCN 2004),2004:102-108.
[3]王继林,伍前红,陈德人,等.匿名技术的研究进展.通信学报,2005,26(2):112-118.
[4]陆天波,时金桥,程学旗.基于互联网的匿名技术研究.计算机科学与探索,2009,3(1):1-17.
[5]Penet remailer[EB/OL]. http://en.wikipedia.org/wiki/Penet_remailer.
[6]Cottrell L. The Anonymizer[EB/OL].http://www.anonymizer.com.
[7]Boyan J. The Anonymizer:Protecting User Privacy on the Web. Computer-Mediated Communication Magazine,1997,4(9):2951-2957.
[8]Gabber E,Gibbons PB,Kristol DM,et al.Consistent, yet Anonymous,Web Access with LPWA.Communications of the ACM,1999,42(2):42-47.
[9]Gabber E, Gibbons PB, Matias Y, et al. How to make personalized web browsing simple,secure,and anonymous. In:Financial Cryptography'97, Springer Berlin, Heidelberg,LNCS1318,1997:17-31.
[10]Chaum D. Untraceable electronic mail, return addresses and digital pseudonyms. Communications of the ACM,1981,24(2):84-88.
[11]Dingledine R, Syverson P. Reliable MIX Cascade Networks through Reputation. In:Proceedings of Financial Cryptography (FC'02),Springer Berlin,Heidelberg, LNCS2357,2003:253-268.
[12]何高峰,罗军舟.G-Hordes:一种安全的匿名通信系统.东南大学学报(自然科学版),2009,39(2):220-224.
[13]Reiter M, Rubin A. Crowds:Anonymity for web transactions. ACM Trans. on Information and System Security,1998, 1(1):66-92.
[14]Freedman MJ, Morris R. Tarzan:A peer-to-peer anonymizing network layer. In: Proc. of the 9th ACM Conf. on Computer and Communications Security (CCS '02). Washington:ACM Press,2002:193-206.
[15]陈新,胡华平,刘波,等.分层基于地理多样性的低延迟匿名通信架构.通信学报,2009,30(5):54-61.
[16]Goldschlag D, Reed M, Syverson P. Onion Routing for anonymous and private internet connections. Communications of the ACM,1999,42(2):39-41.
[17]Shields C,Levine BN. A protocol for anonymous communication over the Internet. In:Proc. Of the 7th ACM Conf. On Computer and Communication Security,ACM Press,New York,USA,2000:33-42.
[18]Diaz C, Serjantov A. Generalising mixes. In:Proceedings of Privacy Enhancing Technologies Workshop (PET'03),Dingledine R(Ed.):LNCS 2760,Germany, Springer-Verlag,2003:18-31.
[19]Kesdogan D,Egner J,Buschkes R. Stop-and-Go MIXes:Providing Probabilistic Anonymity in an Open System. In:Proceedings of Information Hiding Workshop(IH'98),LNCS1525,1998:83-98.
[20]Berthold O, Federrath H, Kopsell S. Web MIXes:A System for Anonymous and Unobservable Internet Access. In Hannes Federath(Ed.), Designing Privacy Enhancing Technologies, LNCS 2009, Berlin:Springer-Verlag,2001:115-129.
[21]Danezis G, Dingledine R, Mathewson N. Mixminion:Design of a Type Ⅲ Anonymous Remailer Protocol.In:Proceedings of the 2003 IEEE Symposium on Security and Privacy,Berkeley,CA,USA,2003:2-15.
[22]Danezis G, Sassaman L. Heartbeat Traffic to Counter (n-1) Attacks:Red-green-black Mixes. In:Proceedings of the Workshop on Privacy in the Electronic Society(WPES'03),Washington,DC,USA,2003:89-93.
[23]Gulcu C,Tsudik G. Mixing E-mail with BABEL. In:Proceedings of the Symposium on Network and Distributed System Security(NDSS'96),San Diego, California,USA,1996:2-16.
[24]Moller U,Cottrell L,Palfrader P, et al. Mixmaster Protocol-Version 3.2003,6, http://www.citeulike.org/user/mrkoot/article/2580258.
[25]Rennhard M,Plattner B. Introducing MorphMix:Peer-to-Peer based Anonymous Internet Usage with Collusion Detection.In:Proc. of ACM Workshop on Privacy in the Electronic Society (WPES'02). Washington:ACM Press,2002:91-102.
[26]Lu TB, Fang BX, Sun YZ, et al. Performance Analysis of WonGoo System. In: Proceedings of the Fifth International Conference on Computer and Information Technology (CIT'05), Shanghai, China,2005:716-722.
[27]陆天波,方滨兴,孙毓忠,等.匿名协议WonGoo的概率模型验证分析.小型微型计算机系统.2006,27(4):646-650.
[28]王伟平,陈建二,王建新,等.基于群组的有限路长匿名通信协议.计算机研究与发展,2004,41(4):609-614.
[29]眭鸿飞,陈松乔,陈建二.Crowds系统中基于递减转发概率的路长控制策略.小型微型计算机系统,2005,26(3):387-391.
[30]王伟平,陈建二,陈松乔,等.匿名通信中短距离优先分组重路由方法的研究.软件学报,2004,15(4):561-570.
[31]睢鸿飞,陈建二,陈松乔,等.重路由匿名通信系统中基于秘密共享的重路由算法.计算机研究与发展,2005,42(10):1660-1666.
[32]睢鸿飞,陈松乔,陈建二,等.基于重路由匿名通信系统的负载分析.软件学报,2004,15(2):278-285.
[33]Shi Jinqiao, Fang Binxing, Li Bin. Towards an Analysis of Source-rewriting Anonymous Systems in a Lossy Environment. In:Proceedings of the 5th International Conference on Parallel and Distribution Computing, Applications and Technologies (PDCAT'04),LNCS 3320,Singapore,2004:613-618.
[34]时金桥,程晓明.匿名通信系统中自私行为的惩罚机制研究.通信学报,2006,27(2):80-86.
[35]吴艳辉,王伟平,陈建二.一种结合支付机制的匿名通信策略.高技术通讯,2008,18(11):1117-1122.
[36]Chaum D. The dining cryptographers' problem:unconditional sender and recipient untraceability. Journal of Cryptology,1988,1(1):65-75.
[37]Waidner M.Unconditional Sender and Recipient Untraceability in spite of Active Attacks.In:Proceedings of Eurocrypt'89,LNCS434,Springer Berlin,Heidelberg,
1990:302-319.
[38]Golle P,Juels A. Dining cryptographers revisited. In:Cachin J and Camenisch J (Eds.),Eurocrypt'04,LNCS3027,Heidelberg:Springer-Verlag,2004:456-473.
[39]李龙海,肖国镇.一种防破坏广播型匿名通信网的多路访问协议.西安交通大学学报,2007,41(6):674-678.
[40]Goel S, Robson M, Polte M, et al. Herbivore:A Scalable and Efficient Protocol for Anonymous Communication, TR2003-1890, Cornell University,2003.
[41]Sirer EG, Polte M, Robson M. CliqueNet:A Self-organizing,Scalable,Peer-to-Peer Anonymous Communication Substrate. http://www.cs.cornell.edu/people/ egs/papers/cliquenet-iptp.pdf.
[42]Ahn L,Bortz A,Hopper NJ. K-anonymous Message Transmission.In:Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS'03),Washingtion,DC,USA,2003:122-130.
[43]Sherwood R, Bhattacharjee B, Srinivasan A. P5:A Protocol for Scalable Anonymous Communication.Journal of Computer Security,2005,13(6):839-876.
[44]Parekh S. Prospects for Remailers:Where is Anonymity Heading on the Internet?. http://www.firstmonday.dk/issues/issue2/remailers/index.html,1996.
[45]Syverson P, Tsudik G, Reed M, et al.Towards an Analysis of Onion Routing Security. In:Anonymity 2000, Federrath(Ed.), LNCS2009, Spring Berlin,2001: 96-114.
[46]Dingledine R, Mathewson N, Syverson P. Tor:The second-generation onion router. In:Proc. of the 13th USENIX Security Symposium. Berkeley:USENIX Association,2004:303-320.
[47]Kate A, Zaverucha GM, Goldberg I. Pairing-Based Onion Routing. In:Borisov N, Golle P, Eds. Proc. of the 7th Privacy Enhancing Technologies (PET2007). LNCS 4776, Berlin:Springer,2007:95-112.
[48](?)verlier L, Syverson P. Improving Efficiency and Simplicity of Tor Circuit Establishment and Hidden Services. In:Borisov N, Golle P, Eds. Proc. of the 7th Privacy Enhancing Technologies (PET2007). LNCS 4776, Berlin:Springer, 2007:134-152.
[49]陆天波.P2P匿名通信协议WonGoo研究[博士学位论文].北京:中国科学院计 算技术研究所,2006.
[50]Anderson R. The eternity dervice. In:Proc.of Pragocrypt'96. http://cs.uccs.edu/-cs591/securityEngineering/eternity.pdf.
[51]Waldman M, Rubin AD, Cranor LF. Publius:A Robust, Tamper-evident, Censorship-resistant Web Publishing System. In:Proceedings of 9th USENIX Security Symposium, Denver, Colorado, USA,2000:59-72.
[52]Clarke I, Sandberg O, Wiley B, et al. Freenet:A Distributed Anonymous Information Storage and Retrieval System. In:Proceedings of International Workshop on Designing Privaey Enhancing Technologies:Design Issues in Anonymnity and Unobservability. Berkeley, CA:Springer Verlag,2001:46-66.
[53]Searlata V, Levine BN, Shields C.Responder anonymity and anonymous peer to peer file sharing.In:Proceedings of the 9th International Conference on Network Protocols(ICNP2001). Riverside,CA:IEEE Computer society,2001:272-280.
[54]叶保留,顾铁成,吴敏强,等.Mapper一种基于组播的Peer-to-Peer文件匿名访问协议.电子学报,2004,32(5):754-758.
[55]Pfitzmann A,Pfitzmann B. How to Break the Direct RSA-implementation of MIXes. In:Santis AD(Ed.):Advances in Cryptology(Eurocrypt'89),LNCS 434, Spring Berlin/Heidlberg,1990:373-381.
[56]Pfitzmann B. Breaking Efficient Anonymous Channel. In:Santis AD (Ed.): Advances in Cryptology(Eurocrypt'94), LNCS 950, Spring Berlin/Heidlberg, 1995:332-340.
[57]Danezis G. Breaking Four Mix-related Schemes Based on Universal Re-encryption.International Journal of Information Security,2007,6(6):393-402.
[58]Danezis QLaurie B.Minx:a Simple and Efficient Anonymous Packet Format.In: Atluri V, Syverson PF(Eds.):WPES'04,ACM,New York,2004:59-65.
[59]Levine BN,Reiter MK,Wang C, Wright M. Timing Attacks in Low-latency Mix Systems.In:Juels A(Ed.):FC2004,LNCS3110,Springer Berlin/Heidelberg,2004: 251-265.
[60]Hopper N, Vasserman EY, Chan-Tin E.How Much Anonymity Does Network Latency Leak?. In:Proceedings of the 14th ACM Conference on Computer and Communications Security,ACM,New York,USA,2007:82-91.
[61]Shmatikov V, Wang MH.Timing Analysis in Low-latency Mix Networks: Attacks and Defenses. Gollmann D, Meier J, and Sabelfeld A(Eds.):ESORICS 2006, LNCS 4189,2006:18-33.
[62]Raymond JF. Traffic Analysis:Protocols, Attacks, Design Issues, and Open Problems. In:Federrath H (Ed.):Anonymity2000, LNCS2009, Springer Berlin/ Heidelberg,2000:10-29.
[63]Diaz C, Preneel B. Anonymous communication[EB/OL]. http://www.sics.se/ privacy/wholes2004/papers/diaz_preneel.pdf.
[64]Wright CV, SE Coull, Monrose F. Traffic Morphing:An Efficient Defense Against Statistical Traffic Analysis. In Proceedings of the 16th Network and Distributed Security Symposium(NDSS'09), IEEE Press,2009:237-250.
[65]时金桥,方滨兴,郭莉,等.抵御MUX 重放攻击的混合结构消息报文机制.通信学报.2009,30(3):21-26.
[66]陆天波,秦宝山,李洋,等.重加密匿名通道WGRe.通信学报,2009,30(4):66-73.
[67]Serjantov A,Murdoch SJ. Message Splitting Against the Partial Adversary. In: Danezis G, Martin D(Eds.):PET2005,LNCS3856, Springer Berlin/Heidelberg, 2006:26-39.
[68]Serjantov A,Dingledine R,Syverson P.From a Trickle to a Flood:Active Attacks on Several Mix Types. Petitcolas F(Ed.):IH2002, LNCS 2578, Springer Berlin/ Heidelberg,2003:36-52.
[69]Zhu Y,Bettati R. Anonymity vs. Information Leakage in Anonymity Systems.In: Proceedings of the 25th IEEE Int'l Conference on Distributed Computing Systems (ICDCS'05),Washington DC,USA,2005:514-524.
[70]Shi Jinqiao,Fang Binxing,Shao Lijie. Regroup-And-Go MIXes to counter the (n-1) attack.Internet Research,2006,16(2):213-223.
[71]Berthold O,Pfitzmann A,Standtke R. The Disadvantages of Free MIX Routes and How to Overcome Them. In:Federrath H(Ed.):Anonymity2000, LNCS2009, Springer Berlin/Heidelberg,2001:30-45.
[72]Kesdogan D,Agrawal D,Penz S. Limits of Anonymity in Open Environments. In: Petitcolas F(Ed.):IH2002, LNCS2578, Springer Berlin/Heidelberg,2003:53-69.
[73]Kesdogan D,Pimenidis L. The Hitting Set Attack on Anonymity Protocols. In:
Fridrich J(Ed.):IH2004,LNCS3200, Springer Berlin/Heidelberg,2004:326-339.
[74]Mathewson N,Dingledine R.Practical Traffic Analysis:Extending and Resisting statistical disclosure. Martin D and Serjantov A(Eds.):PET2004, LNCS3424, Springer Berlin/Heidelberg,2005:17-34.
[75]Danezis G,Diaz C,Troncoso C.Two-sided Statistical Disclosure Attack. Borisov N and Golle P(Eds.):PET2007, LNCS4776, Springer Berlin/Heidelberg,2007: 30-44.
[76]Wright MK, Adler M, Levine BN, et al. The Predecessor Attack:An Analysis of a Threat to Anonymous Communications Systems. ACM Trans. on Information and System Security,2004,7(4):489-522.
[77]Steven SJ, Danezis G. Low-cost Traffic Analysis of Tor. In:Proceedings of the 2005 IEEE Symposium on Security and Privacy (SP'05),IEEE Computer Society, Washington,DC,USA,2005:183-195.
[78]Bauer K,McCoy D,Grunwald D,et al. Low-Resource Routing Attacks Against Tor. In Proc. of the ACM Workshop on Privacy in Electronic Society(WPES'07), Alexandria, Virginia, USA,2007:11-20.
[79]Douceur J.The Sybil Attack.In:Druschel P,Kaashoek F,and Rowstron A(Eds.): IPTPS 2002,LNCS2429, Springer Berlin/Heidelberg,2002:251-260.
[80]Mittal P, Borisov N. Shadow Walker:Peer-to-peer Anonymous Communication Using Redundant Structured Topologies. In:ACM conference on Computer and communications security(CCS'09),2009:161-172.
[81]Mittal P, Borisov N. Information Leaks in Structured Peer-to-Peer Anonymous Communication Systems. In Proc. of the 15th ACM Conference on Computer and Communications Security,ACM Press,New York,NY,USA,2008:267-278.
[82]Pappas V,Athanasopoulos E,Ioannidis S,et al. Compromising Anonymity Using Packet Spinning.In Proc. of the 11th Information Security Conference(ISC'08), Springer Berlin/Heidelberg, LNCS 5222,2008:161-174.
[83]Chan CB, Nita-Rotaru C. DAISY:Increasing Scalability and Robustness of Anonymity Systems. Technical Report CSD TR #04-018,2004. http://homes. cerias.purdue.edu/-crisn/papers/daisy-tr.pdf.
[84]Danezis G. The Traffic Analysis of Continuous-time Mixes. In Proceedings of
Privacy Enhancing Technologies workshop (PET'04), LNCS3424,2005:35-50.
[85]Xiao RY. Survey on Anonymity in Unstructured Peer-to-Peer Systems. Journal of Computer Science and Technology,2008,23(4):660-671.
[86]Scarlata V, Levine BN, Shields C. Responder Anonymity and Anonymous Peer-to-Peer File Sharing. In Proc. the 9th International Conference of Network Protocol(ICNP),Riverside,CA,USA,2001:272-280.
[87]陆天波,程晓明,张冰.MIX匿名通信技术研究.通信学报,2007,28(12):108-115
[88]Han J, Liu Y. Rumor Riding:Anonymizing Unstructured Peer-to-Peer Systems. In Proc. IEEE International Conference on Network Protocol(ICNP),Santa Barbara, California,2006:22-31.
[89]Lu TB,Fang BX,Sun YZ,et al. WonGoo:A Peer-to-Peer protocol for anonymous communication.In:Proc. of the 2004 International Conference on Parallel and Distributed Proces sing Techniques and Applications (PDPTA'04), Las Vegas, Nevada,USA,2004:1102-1106.
[90]Katti S, Katabi D, Puchala K. Slicing the Onion:Anonymous Routing without PKI. Technical Report, MIT-CSAIL-TR-2005-053, Massachusetts Institute of Technology, Cambridge,2005.
[91]Katti S, Cohen J, Katabi D. Information Slicing:Anonymity Using Unreliable Overlays. In:Proc. of the 4th USENIX Symposium on Network Systems Design and Implementation (NSDI2007). Berkeley:USENIX Association,2007:43-56.
[92]T6th G, Hornak Z, Vajda F. Measuring Anonymity Revisited. Nordsec 2004 Konferencia, Helsinki, November,2004:4-5.
[93]Diaz C, Claessens J, Seys S,et al.Information Theory and Anonymity. In Macq B and Quisquater J (Ed.), Proceedings of the 23rd Symposium on Information Theory in the Benelux, Louvain la Neuve, Belgium, May,2002:179-186.
[94]Diaz C, Seys S, Claessens J, et al.Towards Measuring Anonymity. Privacy Enhancing Technologies 2002, San Francisco,CA,USA, April,2002:54-68.
[95]Serjantov A, Danezis G.Towards an Information Theoretic Metric for Anonymity. Privacy Enhancing Technologies 2002, San Francisco, USA, April,2002:41-53.
[96]Guan Y, Fu XW, Bettati R, et al. An Optimal Strategy for Anonymous Communication Protocols.In Proc. of the 22nd IEEE Int'l Conf. Distributed
Computing Systems(ICDCS'02), Vienna, Austria,2002:257-266.
[97]吴振强,马建峰.基于联合熵的多属性匿名度量模型.计算机研究与发展,2006,43(7):1240-1245.
[98]Kopsell S, Wendolsky R, Federrath H.Revocable Anonymity. In:Muller G(Ed.): Emerging Trends in Information and Communication Security(ETRICS'06), Springer-Verlag, Berlin Heidelberg,LNCS 3995,2006:206-220.
[99]Diaz C,Preneel B.Accountable Anonymous Communication.In:Security, Privacy and Trust in Modern Data Management. Springer Berlin Heidelberg,2007:239-253.
[100]Claessens J, Diaz C, Goemans C, et al. Revocable Anonymous Access to the Internet. Journal of Internet Research:Electronic Networking Applications and Policy,2003,13(4):242-258.
[101]Camenisch J. Efficient Anonymous Fingerprinting with Group Signatures. In: Advances in Cryptology-Asiacrypt 2000, LNCS 1976, Berlin:Springer Verlag, 2000:415-428.
[102]Bao F, Deng RH. A New Type of "Magic Ink" Signatures-Towards Transcript-Irrelevant Anonymity Revocation. In:H. Imai and Y. Zheng (Eds.):PKC'99, LNCS 1560, Springer-Verlag, Berlin Heidelberg,1999:1-11.
[103]Von Ahn L, Bortz A, Hopper NJ, et al.Selectively Traceable Anonymity. In: Danezis G, Golle P(Eds.) Privacy Enhancing Technologies(PET2006), Springer-Verlag, Berlin Heidelberg,LNCS4258,2006:208-222.
[104]Hu CY, Liu PT, Li DX.A New Type of Proxy Ring Signature Scheme with Revocable Anonymity and No Info Leaked. In:Sebe N, Liu Y, Zhuang Y(Eds.): MCAM2007, LNCS4577,2007:262-266.
[105]Akagi N,Manabe Y,Okamoto T. An Efficient Anonymous Credential System. In: the 12th International Conference on Financial Cryptography and Data Security (FC'2008), Springer-Verlag, Berlin, Heidelberg,2008:272-286.
[106]Tsang PP,Au MH,Kapadia A,et al. Smith.Blacklistable Anonymous Credentials: Blocking Misbehaving Users without TTPs. CCS'07,Alexandria,Virginia, USA, 2007:72-81.
[107]Lin XD,Sun XT, Ho PH, et al. GSIS:A Secure and Privacy-preserving Protocol for Vehicular Communications. IEEE Transactions on Vehicular Technology, 2007,56(6):3442-3456.
[108]王常吉,蒋文保,裴定一.用限制性群盲签名构造电子现金系统.通信学报,2001,22(12):63-69.
[109]徐钊,杨义先.一种安全公平的离线电子现金体制.电子学报,2003,31(7):1078-1079.
[110]Davida G, Frankel Y, Tsiounis Y, et al. Anonymity Control in E-cash Systems. In:Hirschfeld R(Eds.):FC'97, LNCS1318, Anguilla, British West Indies: Springer-Verlag,1997:1-16.
[111]Yeung WKY, Han S. Revocable Anonymity of Undeniable Signature Scheme. In:Liu J,et al.(Eds.):IDEAL2003,LNCS2690,Springer-Verlag Berlin Heidelberg, 2003:76-83.
[112]Suriadi S, Foo E, Smith J.A user-centric protocol for conditional anonymity revocation. Furnell SM, Katsikas SK, Lioy A(Eds.):TrustBus2008,Springer-Verlag, Berlin Heidelberg,LNCS 5185,2008:185-194.
[113]Kong J, Hong X. ANODR:Anonymous on Demand Routing with Untraceable Routes for Mobile Ad-hoc Networks. In Proceedings of the 4th ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc'03), Annapolis, MD, USA,2003:291-302.
[114]章洋.一种UC匿名的移动自组网概率组播策略.软件学报,2008,19(9):2403-2412.
[115]吴振强,马建峰.一种无线Ad Hoc网络动态混淆匿名算法.计算机研究与发展,2007,44(4):560-566.
[116]Zhang YC, Liu W, Lou WJ, et al.MASK:Anonymous On-Demand Routing in Mobile Ad Hoc Networks.IEEE Transactions on Wireless Communications, 2006,5(9):2376-2385.
[117]Zhang YC, Liu W, Lou WJ. Anonymous Communications in Mobile Ad Hoc Networks.In IEEE INFOCOM'05,Miami,FL,2005:1940-1951.
[118]Venkitasubramaniam P, Tong L.Throughput Anonymity Trade-off in Wireless Networks under Latency Constraints.In:IEEE INFOCOM2008,2008:807-815.
[119]Toth G.General-purpose Secure Anonymity Architecture[EB/OL]. http://www. mit.bme.hu/hun/events/minisy2004/papers/ms04_gergely_TOTH.pdf.
[120]吴振强,杨波.基于葱头路由技术和MPLS的隐匿通信模型.西安电子科技大学学报,2002,29(4):513-517.
[121]Leszczyna R. Anonymity Architecture for Mobile Agent Systems.Marik V, Vyatkin V, Colombo AW(Eds.):HoloMAS2007, LNAI4659, Springer-Verlag, Berlin, Heidelberg,2007:93-103.
[122]宋虹,杨路明,王伟平,等.通用匿名系统结构的研究与设计.计算机工程,2006,32(20):114-116,131.
[123]McLachlan J,Tran A,Hopper N, et al. Scalable Onion Routing with Torsk. In: ACM Conference on Computer and communications security(CCS'09),2009: 590-599.
[124]Ahlswede R, Cai N, Li SY, et al. Network Information Flow. IEEE Transaction on Information Theory,2000,46(4):1204-1216.
[125]Chou PA, Wu Y, Jain K. Practical Network Coding. In:Proc. of the 41st Annual Allerton Conference on Communication,Control,and Computing,Monticello, IL,2003. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.11.697
[126]肖潇,王伟平,杨路明,等.基于网络编码的无线网络广播重传方法.通信学报,2009,30(9):69-75.
[127]Gkantsidis C, Rodriguez P. Cooperative Security for Network Coding File Distribution.In:Proceeding of IEEE International Conference on Computer Communications (INFOCOM2006). Washington:IEEE Press,2006:1-13.
[128]Charles D, Jain K, Lauter K. Signatures for Network Coding. In:Proc. of the IEEE Conf. on Information Sciences and Systems(CISS2006). Washington: IEEE Press,2006:857-863.
[129]高虎明,王继林,王育民.一种基于Mix net的电子投票方案.电子学报,2004,32(6):1047-1049.
[130]毛剑,杨波,王育民.保护隐私的数字产品网上交易方案.电子学报,2005,33(6):1053-1055.
[131]M'Raihi D, Pointcheval D. Distributed Trustees and Revocability:A Framework for Internet Payment. Financial Cryptography,1998:28-42
[132]杨波,刘胜利,王育民.利用Smart卡的可撤销匿名性的电子支付系统.电子 学报,1999,27(10):83-86.
[133]Camenisch J, Maurer U, Stadler M. Digital Payment Systems with Passive Anonymity-revoking Trustee.Eetal B(Ed.):LNCS 1146, Berlin:Springer-Verlag, 1996:33-43.
[134]Liu JK, Tsang PP, Wong DS. Recoverable and Untraceable E-cash.David W, et al. (Eds.):EuroPKI 2005, LNCS 3545, Springer Berlin,2005:206-214.
[135]Kgler D,Vogt H. Off-line Payments with Auditable Tracing. Blaze M(Ed.): FC'02, LNCS 2357,Springer Berlin/Heidelberg,2003:269-281.
[136]李梦东,杨义先.无可信第三方的离线电子现金匿名性控制.电子学报,2005,33(3):456-458.
[137]Shamir A. How to Share a Secret. Communications of ACM,1979,22(11):612-613.
[138]卢开澄.计算机密码学(第2版).北京:清华大学出版社,2002:211-212.
[139]Wang Wei-ping,Wang Jian-xin. Design and Analysis of Two-layer Anonymous Communication System. Journal of Central South University of Technology, 2007,14(3):380-385.
[140]王伟平,罗熹,王建新.PGACS:一种基于P2P架构的分组匿名通信系统模型.高技术通讯,2007,17(9):912-918.
[141]Feamster N, Dingledine R. Location Diversity in Anonymity Networks. In: Proceedings of the 2004 ACM workshop on Privacy in the Electronic Society (WPES'04),2004:66-76.
[142]Chen Xin, Hu Hua-ping, Lu Bo, et al. HLLACF:A Hierarchical Location-diversity-based Low-delay Anonymous Communication Framework. In the 4th International Conference on Wireless Communications,Networking and Mobile Computing(WiCOM'08),2008:1-5.
[143]Douglas Kelly, Richard Raines, Rusty Baldwin,et al.Towards a Taxonomy of Wired and Wireless Anonymous Networks.In ICC2009, http://ieeexplore.ieee. org/stamp/stamp.jsp?arnumber=05199535.
[144]Mittal P,Borisov N. Information Leaks in Structured Peer-to-Peer Anonymous Communication Systems. In:Proceedings of the 15th ACM conference on Computer and communications security(CCS'08),2008:267-278.
[145]Flinn B, Maurer H. Levels of Anonymity. Journal of Universal Computer Science,1995,1(1):35-47.
[146]Kesdogan D.Evaluation of Anonymity Providing Techniques using Queuing Theory. In:the 26th Annual IEEE Conference on Local Computer Networks (LCN2001),2001:316-322.
[147]Shmatikov V, Wang MH.Measuring Relationship Anonymity in Mix networks. In:Proceedings of the 5th ACM workshop on Privacy in electronic society (WPES'06),Alexandria,Virginia,USA,2006:59-62.
[148]Clauβ S,Schiffner S. Structuring Anonymity Metrics. In:Proceedings of the Second ACM Workshop on Digital Identity Management(DIM'06), Alexandria, Virginia,USA:ACM Press,2006:55-62.
[149]Deng Y, Pang J, Wu P. Measuring Anonymity with Relative Entropy. In: Proceedings of the 4th International Workshop on Formal Aspects in Security and Trust(FAST'06),LNCS 4691,2006:59-77.
[150]Wright M, Adler M, Levine BN, et al. An Analysis of the Degradation of Anonymous Protocols. In:Proceedings of the Network and Distributed Security Symposium (NDSS'02),2002:38-50.
[2]Zhu B, Wan Z, Kankanhalli MS, et al. Anonymous Secure Routing in Mobile Ad-hoc Networks. In Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks (LCN 2004),2004:102-108.
[3]王继林,伍前红,陈德人,等.匿名技术的研究进展.通信学报,2005,26(2):112-118.
[4]陆天波,时金桥,程学旗.基于互联网的匿名技术研究.计算机科学与探索,2009,3(1):1-17.
[5]Penet remailer[EB/OL]. http://en.wikipedia.org/wiki/Penet_remailer.
[6]Cottrell L. The Anonymizer[EB/OL].http://www.anonymizer.com.
[7]Boyan J. The Anonymizer:Protecting User Privacy on the Web. Computer-Mediated Communication Magazine,1997,4(9):2951-2957.
[8]Gabber E,Gibbons PB,Kristol DM,et al.Consistent, yet Anonymous,Web Access with LPWA.Communications of the ACM,1999,42(2):42-47.
[9]Gabber E, Gibbons PB, Matias Y, et al. How to make personalized web browsing simple,secure,and anonymous. In:Financial Cryptography'97, Springer Berlin, Heidelberg,LNCS1318,1997:17-31.
[10]Chaum D. Untraceable electronic mail, return addresses and digital pseudonyms. Communications of the ACM,1981,24(2):84-88.
[11]Dingledine R, Syverson P. Reliable MIX Cascade Networks through Reputation. In:Proceedings of Financial Cryptography (FC'02),Springer Berlin,Heidelberg, LNCS2357,2003:253-268.
[12]何高峰,罗军舟.G-Hordes:一种安全的匿名通信系统.东南大学学报(自然科学版),2009,39(2):220-224.
[13]Reiter M, Rubin A. Crowds:Anonymity for web transactions. ACM Trans. on Information and System Security,1998, 1(1):66-92.
[14]Freedman MJ, Morris R. Tarzan:A peer-to-peer anonymizing network layer. In: Proc. of the 9th ACM Conf. on Computer and Communications Security (CCS '02). Washington:ACM Press,2002:193-206.
[15]陈新,胡华平,刘波,等.分层基于地理多样性的低延迟匿名通信架构.通信学报,2009,30(5):54-61.
[16]Goldschlag D, Reed M, Syverson P. Onion Routing for anonymous and private internet connections. Communications of the ACM,1999,42(2):39-41.
[17]Shields C,Levine BN. A protocol for anonymous communication over the Internet. In:Proc. Of the 7th ACM Conf. On Computer and Communication Security,ACM Press,New York,USA,2000:33-42.
[18]Diaz C, Serjantov A. Generalising mixes. In:Proceedings of Privacy Enhancing Technologies Workshop (PET'03),Dingledine R(Ed.):LNCS 2760,Germany, Springer-Verlag,2003:18-31.
[19]Kesdogan D,Egner J,Buschkes R. Stop-and-Go MIXes:Providing Probabilistic Anonymity in an Open System. In:Proceedings of Information Hiding Workshop(IH'98),LNCS1525,1998:83-98.
[20]Berthold O, Federrath H, Kopsell S. Web MIXes:A System for Anonymous and Unobservable Internet Access. In Hannes Federath(Ed.), Designing Privacy Enhancing Technologies, LNCS 2009, Berlin:Springer-Verlag,2001:115-129.
[21]Danezis G, Dingledine R, Mathewson N. Mixminion:Design of a Type Ⅲ Anonymous Remailer Protocol.In:Proceedings of the 2003 IEEE Symposium on Security and Privacy,Berkeley,CA,USA,2003:2-15.
[22]Danezis G, Sassaman L. Heartbeat Traffic to Counter (n-1) Attacks:Red-green-black Mixes. In:Proceedings of the Workshop on Privacy in the Electronic Society(WPES'03),Washington,DC,USA,2003:89-93.
[23]Gulcu C,Tsudik G. Mixing E-mail with BABEL. In:Proceedings of the Symposium on Network and Distributed System Security(NDSS'96),San Diego, California,USA,1996:2-16.
[24]Moller U,Cottrell L,Palfrader P, et al. Mixmaster Protocol-Version 3.2003,6, http://www.citeulike.org/user/mrkoot/article/2580258.
[25]Rennhard M,Plattner B. Introducing MorphMix:Peer-to-Peer based Anonymous Internet Usage with Collusion Detection.In:Proc. of ACM Workshop on Privacy in the Electronic Society (WPES'02). Washington:ACM Press,2002:91-102.
[26]Lu TB, Fang BX, Sun YZ, et al. Performance Analysis of WonGoo System. In: Proceedings of the Fifth International Conference on Computer and Information Technology (CIT'05), Shanghai, China,2005:716-722.
[27]陆天波,方滨兴,孙毓忠,等.匿名协议WonGoo的概率模型验证分析.小型微型计算机系统.2006,27(4):646-650.
[28]王伟平,陈建二,王建新,等.基于群组的有限路长匿名通信协议.计算机研究与发展,2004,41(4):609-614.
[29]眭鸿飞,陈松乔,陈建二.Crowds系统中基于递减转发概率的路长控制策略.小型微型计算机系统,2005,26(3):387-391.
[30]王伟平,陈建二,陈松乔,等.匿名通信中短距离优先分组重路由方法的研究.软件学报,2004,15(4):561-570.
[31]睢鸿飞,陈建二,陈松乔,等.重路由匿名通信系统中基于秘密共享的重路由算法.计算机研究与发展,2005,42(10):1660-1666.
[32]睢鸿飞,陈松乔,陈建二,等.基于重路由匿名通信系统的负载分析.软件学报,2004,15(2):278-285.
[33]Shi Jinqiao, Fang Binxing, Li Bin. Towards an Analysis of Source-rewriting Anonymous Systems in a Lossy Environment. In:Proceedings of the 5th International Conference on Parallel and Distribution Computing, Applications and Technologies (PDCAT'04),LNCS 3320,Singapore,2004:613-618.
[34]时金桥,程晓明.匿名通信系统中自私行为的惩罚机制研究.通信学报,2006,27(2):80-86.
[35]吴艳辉,王伟平,陈建二.一种结合支付机制的匿名通信策略.高技术通讯,2008,18(11):1117-1122.
[36]Chaum D. The dining cryptographers' problem:unconditional sender and recipient untraceability. Journal of Cryptology,1988,1(1):65-75.
[37]Waidner M.Unconditional Sender and Recipient Untraceability in spite of Active Attacks.In:Proceedings of Eurocrypt'89,LNCS434,Springer Berlin,Heidelberg,
1990:302-319.
[38]Golle P,Juels A. Dining cryptographers revisited. In:Cachin J and Camenisch J (Eds.),Eurocrypt'04,LNCS3027,Heidelberg:Springer-Verlag,2004:456-473.
[39]李龙海,肖国镇.一种防破坏广播型匿名通信网的多路访问协议.西安交通大学学报,2007,41(6):674-678.
[40]Goel S, Robson M, Polte M, et al. Herbivore:A Scalable and Efficient Protocol for Anonymous Communication, TR2003-1890, Cornell University,2003.
[41]Sirer EG, Polte M, Robson M. CliqueNet:A Self-organizing,Scalable,Peer-to-Peer Anonymous Communication Substrate. http://www.cs.cornell.edu/people/ egs/papers/cliquenet-iptp.pdf.
[42]Ahn L,Bortz A,Hopper NJ. K-anonymous Message Transmission.In:Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS'03),Washingtion,DC,USA,2003:122-130.
[43]Sherwood R, Bhattacharjee B, Srinivasan A. P5:A Protocol for Scalable Anonymous Communication.Journal of Computer Security,2005,13(6):839-876.
[44]Parekh S. Prospects for Remailers:Where is Anonymity Heading on the Internet?. http://www.firstmonday.dk/issues/issue2/remailers/index.html,1996.
[45]Syverson P, Tsudik G, Reed M, et al.Towards an Analysis of Onion Routing Security. In:Anonymity 2000, Federrath(Ed.), LNCS2009, Spring Berlin,2001: 96-114.
[46]Dingledine R, Mathewson N, Syverson P. Tor:The second-generation onion router. In:Proc. of the 13th USENIX Security Symposium. Berkeley:USENIX Association,2004:303-320.
[47]Kate A, Zaverucha GM, Goldberg I. Pairing-Based Onion Routing. In:Borisov N, Golle P, Eds. Proc. of the 7th Privacy Enhancing Technologies (PET2007). LNCS 4776, Berlin:Springer,2007:95-112.
[48](?)verlier L, Syverson P. Improving Efficiency and Simplicity of Tor Circuit Establishment and Hidden Services. In:Borisov N, Golle P, Eds. Proc. of the 7th Privacy Enhancing Technologies (PET2007). LNCS 4776, Berlin:Springer, 2007:134-152.
[49]陆天波.P2P匿名通信协议WonGoo研究[博士学位论文].北京:中国科学院计 算技术研究所,2006.
[50]Anderson R. The eternity dervice. In:Proc.of Pragocrypt'96. http://cs.uccs.edu/-cs591/securityEngineering/eternity.pdf.
[51]Waldman M, Rubin AD, Cranor LF. Publius:A Robust, Tamper-evident, Censorship-resistant Web Publishing System. In:Proceedings of 9th USENIX Security Symposium, Denver, Colorado, USA,2000:59-72.
[52]Clarke I, Sandberg O, Wiley B, et al. Freenet:A Distributed Anonymous Information Storage and Retrieval System. In:Proceedings of International Workshop on Designing Privaey Enhancing Technologies:Design Issues in Anonymnity and Unobservability. Berkeley, CA:Springer Verlag,2001:46-66.
[53]Searlata V, Levine BN, Shields C.Responder anonymity and anonymous peer to peer file sharing.In:Proceedings of the 9th International Conference on Network Protocols(ICNP2001). Riverside,CA:IEEE Computer society,2001:272-280.
[54]叶保留,顾铁成,吴敏强,等.Mapper一种基于组播的Peer-to-Peer文件匿名访问协议.电子学报,2004,32(5):754-758.
[55]Pfitzmann A,Pfitzmann B. How to Break the Direct RSA-implementation of MIXes. In:Santis AD(Ed.):Advances in Cryptology(Eurocrypt'89),LNCS 434, Spring Berlin/Heidlberg,1990:373-381.
[56]Pfitzmann B. Breaking Efficient Anonymous Channel. In:Santis AD (Ed.): Advances in Cryptology(Eurocrypt'94), LNCS 950, Spring Berlin/Heidlberg, 1995:332-340.
[57]Danezis G. Breaking Four Mix-related Schemes Based on Universal Re-encryption.International Journal of Information Security,2007,6(6):393-402.
[58]Danezis QLaurie B.Minx:a Simple and Efficient Anonymous Packet Format.In: Atluri V, Syverson PF(Eds.):WPES'04,ACM,New York,2004:59-65.
[59]Levine BN,Reiter MK,Wang C, Wright M. Timing Attacks in Low-latency Mix Systems.In:Juels A(Ed.):FC2004,LNCS3110,Springer Berlin/Heidelberg,2004: 251-265.
[60]Hopper N, Vasserman EY, Chan-Tin E.How Much Anonymity Does Network Latency Leak?. In:Proceedings of the 14th ACM Conference on Computer and Communications Security,ACM,New York,USA,2007:82-91.
[61]Shmatikov V, Wang MH.Timing Analysis in Low-latency Mix Networks: Attacks and Defenses. Gollmann D, Meier J, and Sabelfeld A(Eds.):ESORICS 2006, LNCS 4189,2006:18-33.
[62]Raymond JF. Traffic Analysis:Protocols, Attacks, Design Issues, and Open Problems. In:Federrath H (Ed.):Anonymity2000, LNCS2009, Springer Berlin/ Heidelberg,2000:10-29.
[63]Diaz C, Preneel B. Anonymous communication[EB/OL]. http://www.sics.se/ privacy/wholes2004/papers/diaz_preneel.pdf.
[64]Wright CV, SE Coull, Monrose F. Traffic Morphing:An Efficient Defense Against Statistical Traffic Analysis. In Proceedings of the 16th Network and Distributed Security Symposium(NDSS'09), IEEE Press,2009:237-250.
[65]时金桥,方滨兴,郭莉,等.抵御MUX 重放攻击的混合结构消息报文机制.通信学报.2009,30(3):21-26.
[66]陆天波,秦宝山,李洋,等.重加密匿名通道WGRe.通信学报,2009,30(4):66-73.
[67]Serjantov A,Murdoch SJ. Message Splitting Against the Partial Adversary. In: Danezis G, Martin D(Eds.):PET2005,LNCS3856, Springer Berlin/Heidelberg, 2006:26-39.
[68]Serjantov A,Dingledine R,Syverson P.From a Trickle to a Flood:Active Attacks on Several Mix Types. Petitcolas F(Ed.):IH2002, LNCS 2578, Springer Berlin/ Heidelberg,2003:36-52.
[69]Zhu Y,Bettati R. Anonymity vs. Information Leakage in Anonymity Systems.In: Proceedings of the 25th IEEE Int'l Conference on Distributed Computing Systems (ICDCS'05),Washington DC,USA,2005:514-524.
[70]Shi Jinqiao,Fang Binxing,Shao Lijie. Regroup-And-Go MIXes to counter the (n-1) attack.Internet Research,2006,16(2):213-223.
[71]Berthold O,Pfitzmann A,Standtke R. The Disadvantages of Free MIX Routes and How to Overcome Them. In:Federrath H(Ed.):Anonymity2000, LNCS2009, Springer Berlin/Heidelberg,2001:30-45.
[72]Kesdogan D,Agrawal D,Penz S. Limits of Anonymity in Open Environments. In: Petitcolas F(Ed.):IH2002, LNCS2578, Springer Berlin/Heidelberg,2003:53-69.
[73]Kesdogan D,Pimenidis L. The Hitting Set Attack on Anonymity Protocols. In:
Fridrich J(Ed.):IH2004,LNCS3200, Springer Berlin/Heidelberg,2004:326-339.
[74]Mathewson N,Dingledine R.Practical Traffic Analysis:Extending and Resisting statistical disclosure. Martin D and Serjantov A(Eds.):PET2004, LNCS3424, Springer Berlin/Heidelberg,2005:17-34.
[75]Danezis G,Diaz C,Troncoso C.Two-sided Statistical Disclosure Attack. Borisov N and Golle P(Eds.):PET2007, LNCS4776, Springer Berlin/Heidelberg,2007: 30-44.
[76]Wright MK, Adler M, Levine BN, et al. The Predecessor Attack:An Analysis of a Threat to Anonymous Communications Systems. ACM Trans. on Information and System Security,2004,7(4):489-522.
[77]Steven SJ, Danezis G. Low-cost Traffic Analysis of Tor. In:Proceedings of the 2005 IEEE Symposium on Security and Privacy (SP'05),IEEE Computer Society, Washington,DC,USA,2005:183-195.
[78]Bauer K,McCoy D,Grunwald D,et al. Low-Resource Routing Attacks Against Tor. In Proc. of the ACM Workshop on Privacy in Electronic Society(WPES'07), Alexandria, Virginia, USA,2007:11-20.
[79]Douceur J.The Sybil Attack.In:Druschel P,Kaashoek F,and Rowstron A(Eds.): IPTPS 2002,LNCS2429, Springer Berlin/Heidelberg,2002:251-260.
[80]Mittal P, Borisov N. Shadow Walker:Peer-to-peer Anonymous Communication Using Redundant Structured Topologies. In:ACM conference on Computer and communications security(CCS'09),2009:161-172.
[81]Mittal P, Borisov N. Information Leaks in Structured Peer-to-Peer Anonymous Communication Systems. In Proc. of the 15th ACM Conference on Computer and Communications Security,ACM Press,New York,NY,USA,2008:267-278.
[82]Pappas V,Athanasopoulos E,Ioannidis S,et al. Compromising Anonymity Using Packet Spinning.In Proc. of the 11th Information Security Conference(ISC'08), Springer Berlin/Heidelberg, LNCS 5222,2008:161-174.
[83]Chan CB, Nita-Rotaru C. DAISY:Increasing Scalability and Robustness of Anonymity Systems. Technical Report CSD TR #04-018,2004. http://homes. cerias.purdue.edu/-crisn/papers/daisy-tr.pdf.
[84]Danezis G. The Traffic Analysis of Continuous-time Mixes. In Proceedings of
Privacy Enhancing Technologies workshop (PET'04), LNCS3424,2005:35-50.
[85]Xiao RY. Survey on Anonymity in Unstructured Peer-to-Peer Systems. Journal of Computer Science and Technology,2008,23(4):660-671.
[86]Scarlata V, Levine BN, Shields C. Responder Anonymity and Anonymous Peer-to-Peer File Sharing. In Proc. the 9th International Conference of Network Protocol(ICNP),Riverside,CA,USA,2001:272-280.
[87]陆天波,程晓明,张冰.MIX匿名通信技术研究.通信学报,2007,28(12):108-115
[88]Han J, Liu Y. Rumor Riding:Anonymizing Unstructured Peer-to-Peer Systems. In Proc. IEEE International Conference on Network Protocol(ICNP),Santa Barbara, California,2006:22-31.
[89]Lu TB,Fang BX,Sun YZ,et al. WonGoo:A Peer-to-Peer protocol for anonymous communication.In:Proc. of the 2004 International Conference on Parallel and Distributed Proces sing Techniques and Applications (PDPTA'04), Las Vegas, Nevada,USA,2004:1102-1106.
[90]Katti S, Katabi D, Puchala K. Slicing the Onion:Anonymous Routing without PKI. Technical Report, MIT-CSAIL-TR-2005-053, Massachusetts Institute of Technology, Cambridge,2005.
[91]Katti S, Cohen J, Katabi D. Information Slicing:Anonymity Using Unreliable Overlays. In:Proc. of the 4th USENIX Symposium on Network Systems Design and Implementation (NSDI2007). Berkeley:USENIX Association,2007:43-56.
[92]T6th G, Hornak Z, Vajda F. Measuring Anonymity Revisited. Nordsec 2004 Konferencia, Helsinki, November,2004:4-5.
[93]Diaz C, Claessens J, Seys S,et al.Information Theory and Anonymity. In Macq B and Quisquater J (Ed.), Proceedings of the 23rd Symposium on Information Theory in the Benelux, Louvain la Neuve, Belgium, May,2002:179-186.
[94]Diaz C, Seys S, Claessens J, et al.Towards Measuring Anonymity. Privacy Enhancing Technologies 2002, San Francisco,CA,USA, April,2002:54-68.
[95]Serjantov A, Danezis G.Towards an Information Theoretic Metric for Anonymity. Privacy Enhancing Technologies 2002, San Francisco, USA, April,2002:41-53.
[96]Guan Y, Fu XW, Bettati R, et al. An Optimal Strategy for Anonymous Communication Protocols.In Proc. of the 22nd IEEE Int'l Conf. Distributed
Computing Systems(ICDCS'02), Vienna, Austria,2002:257-266.
[97]吴振强,马建峰.基于联合熵的多属性匿名度量模型.计算机研究与发展,2006,43(7):1240-1245.
[98]Kopsell S, Wendolsky R, Federrath H.Revocable Anonymity. In:Muller G(Ed.): Emerging Trends in Information and Communication Security(ETRICS'06), Springer-Verlag, Berlin Heidelberg,LNCS 3995,2006:206-220.
[99]Diaz C,Preneel B.Accountable Anonymous Communication.In:Security, Privacy and Trust in Modern Data Management. Springer Berlin Heidelberg,2007:239-253.
[100]Claessens J, Diaz C, Goemans C, et al. Revocable Anonymous Access to the Internet. Journal of Internet Research:Electronic Networking Applications and Policy,2003,13(4):242-258.
[101]Camenisch J. Efficient Anonymous Fingerprinting with Group Signatures. In: Advances in Cryptology-Asiacrypt 2000, LNCS 1976, Berlin:Springer Verlag, 2000:415-428.
[102]Bao F, Deng RH. A New Type of "Magic Ink" Signatures-Towards Transcript-Irrelevant Anonymity Revocation. In:H. Imai and Y. Zheng (Eds.):PKC'99, LNCS 1560, Springer-Verlag, Berlin Heidelberg,1999:1-11.
[103]Von Ahn L, Bortz A, Hopper NJ, et al.Selectively Traceable Anonymity. In: Danezis G, Golle P(Eds.) Privacy Enhancing Technologies(PET2006), Springer-Verlag, Berlin Heidelberg,LNCS4258,2006:208-222.
[104]Hu CY, Liu PT, Li DX.A New Type of Proxy Ring Signature Scheme with Revocable Anonymity and No Info Leaked. In:Sebe N, Liu Y, Zhuang Y(Eds.): MCAM2007, LNCS4577,2007:262-266.
[105]Akagi N,Manabe Y,Okamoto T. An Efficient Anonymous Credential System. In: the 12th International Conference on Financial Cryptography and Data Security (FC'2008), Springer-Verlag, Berlin, Heidelberg,2008:272-286.
[106]Tsang PP,Au MH,Kapadia A,et al. Smith.Blacklistable Anonymous Credentials: Blocking Misbehaving Users without TTPs. CCS'07,Alexandria,Virginia, USA, 2007:72-81.
[107]Lin XD,Sun XT, Ho PH, et al. GSIS:A Secure and Privacy-preserving Protocol for Vehicular Communications. IEEE Transactions on Vehicular Technology, 2007,56(6):3442-3456.
[108]王常吉,蒋文保,裴定一.用限制性群盲签名构造电子现金系统.通信学报,2001,22(12):63-69.
[109]徐钊,杨义先.一种安全公平的离线电子现金体制.电子学报,2003,31(7):1078-1079.
[110]Davida G, Frankel Y, Tsiounis Y, et al. Anonymity Control in E-cash Systems. In:Hirschfeld R(Eds.):FC'97, LNCS1318, Anguilla, British West Indies: Springer-Verlag,1997:1-16.
[111]Yeung WKY, Han S. Revocable Anonymity of Undeniable Signature Scheme. In:Liu J,et al.(Eds.):IDEAL2003,LNCS2690,Springer-Verlag Berlin Heidelberg, 2003:76-83.
[112]Suriadi S, Foo E, Smith J.A user-centric protocol for conditional anonymity revocation. Furnell SM, Katsikas SK, Lioy A(Eds.):TrustBus2008,Springer-Verlag, Berlin Heidelberg,LNCS 5185,2008:185-194.
[113]Kong J, Hong X. ANODR:Anonymous on Demand Routing with Untraceable Routes for Mobile Ad-hoc Networks. In Proceedings of the 4th ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc'03), Annapolis, MD, USA,2003:291-302.
[114]章洋.一种UC匿名的移动自组网概率组播策略.软件学报,2008,19(9):2403-2412.
[115]吴振强,马建峰.一种无线Ad Hoc网络动态混淆匿名算法.计算机研究与发展,2007,44(4):560-566.
[116]Zhang YC, Liu W, Lou WJ, et al.MASK:Anonymous On-Demand Routing in Mobile Ad Hoc Networks.IEEE Transactions on Wireless Communications, 2006,5(9):2376-2385.
[117]Zhang YC, Liu W, Lou WJ. Anonymous Communications in Mobile Ad Hoc Networks.In IEEE INFOCOM'05,Miami,FL,2005:1940-1951.
[118]Venkitasubramaniam P, Tong L.Throughput Anonymity Trade-off in Wireless Networks under Latency Constraints.In:IEEE INFOCOM2008,2008:807-815.
[119]Toth G.General-purpose Secure Anonymity Architecture[EB/OL]. http://www. mit.bme.hu/hun/events/minisy2004/papers/ms04_gergely_TOTH.pdf.
[120]吴振强,杨波.基于葱头路由技术和MPLS的隐匿通信模型.西安电子科技大学学报,2002,29(4):513-517.
[121]Leszczyna R. Anonymity Architecture for Mobile Agent Systems.Marik V, Vyatkin V, Colombo AW(Eds.):HoloMAS2007, LNAI4659, Springer-Verlag, Berlin, Heidelberg,2007:93-103.
[122]宋虹,杨路明,王伟平,等.通用匿名系统结构的研究与设计.计算机工程,2006,32(20):114-116,131.
[123]McLachlan J,Tran A,Hopper N, et al. Scalable Onion Routing with Torsk. In: ACM Conference on Computer and communications security(CCS'09),2009: 590-599.
[124]Ahlswede R, Cai N, Li SY, et al. Network Information Flow. IEEE Transaction on Information Theory,2000,46(4):1204-1216.
[125]Chou PA, Wu Y, Jain K. Practical Network Coding. In:Proc. of the 41st Annual Allerton Conference on Communication,Control,and Computing,Monticello, IL,2003. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.11.697
[126]肖潇,王伟平,杨路明,等.基于网络编码的无线网络广播重传方法.通信学报,2009,30(9):69-75.
[127]Gkantsidis C, Rodriguez P. Cooperative Security for Network Coding File Distribution.In:Proceeding of IEEE International Conference on Computer Communications (INFOCOM2006). Washington:IEEE Press,2006:1-13.
[128]Charles D, Jain K, Lauter K. Signatures for Network Coding. In:Proc. of the IEEE Conf. on Information Sciences and Systems(CISS2006). Washington: IEEE Press,2006:857-863.
[129]高虎明,王继林,王育民.一种基于Mix net的电子投票方案.电子学报,2004,32(6):1047-1049.
[130]毛剑,杨波,王育民.保护隐私的数字产品网上交易方案.电子学报,2005,33(6):1053-1055.
[131]M'Raihi D, Pointcheval D. Distributed Trustees and Revocability:A Framework for Internet Payment. Financial Cryptography,1998:28-42
[132]杨波,刘胜利,王育民.利用Smart卡的可撤销匿名性的电子支付系统.电子 学报,1999,27(10):83-86.
[133]Camenisch J, Maurer U, Stadler M. Digital Payment Systems with Passive Anonymity-revoking Trustee.Eetal B(Ed.):LNCS 1146, Berlin:Springer-Verlag, 1996:33-43.
[134]Liu JK, Tsang PP, Wong DS. Recoverable and Untraceable E-cash.David W, et al. (Eds.):EuroPKI 2005, LNCS 3545, Springer Berlin,2005:206-214.
[135]Kgler D,Vogt H. Off-line Payments with Auditable Tracing. Blaze M(Ed.): FC'02, LNCS 2357,Springer Berlin/Heidelberg,2003:269-281.
[136]李梦东,杨义先.无可信第三方的离线电子现金匿名性控制.电子学报,2005,33(3):456-458.
[137]Shamir A. How to Share a Secret. Communications of ACM,1979,22(11):612-613.
[138]卢开澄.计算机密码学(第2版).北京:清华大学出版社,2002:211-212.
[139]Wang Wei-ping,Wang Jian-xin. Design and Analysis of Two-layer Anonymous Communication System. Journal of Central South University of Technology, 2007,14(3):380-385.
[140]王伟平,罗熹,王建新.PGACS:一种基于P2P架构的分组匿名通信系统模型.高技术通讯,2007,17(9):912-918.
[141]Feamster N, Dingledine R. Location Diversity in Anonymity Networks. In: Proceedings of the 2004 ACM workshop on Privacy in the Electronic Society (WPES'04),2004:66-76.
[142]Chen Xin, Hu Hua-ping, Lu Bo, et al. HLLACF:A Hierarchical Location-diversity-based Low-delay Anonymous Communication Framework. In the 4th International Conference on Wireless Communications,Networking and Mobile Computing(WiCOM'08),2008:1-5.
[143]Douglas Kelly, Richard Raines, Rusty Baldwin,et al.Towards a Taxonomy of Wired and Wireless Anonymous Networks.In ICC2009, http://ieeexplore.ieee. org/stamp/stamp.jsp?arnumber=05199535.
[144]Mittal P,Borisov N. Information Leaks in Structured Peer-to-Peer Anonymous Communication Systems. In:Proceedings of the 15th ACM conference on Computer and communications security(CCS'08),2008:267-278.
[145]Flinn B, Maurer H. Levels of Anonymity. Journal of Universal Computer Science,1995,1(1):35-47.
[146]Kesdogan D.Evaluation of Anonymity Providing Techniques using Queuing Theory. In:the 26th Annual IEEE Conference on Local Computer Networks (LCN2001),2001:316-322.
[147]Shmatikov V, Wang MH.Measuring Relationship Anonymity in Mix networks. In:Proceedings of the 5th ACM workshop on Privacy in electronic society (WPES'06),Alexandria,Virginia,USA,2006:59-62.
[148]Clauβ S,Schiffner S. Structuring Anonymity Metrics. In:Proceedings of the Second ACM Workshop on Digital Identity Management(DIM'06), Alexandria, Virginia,USA:ACM Press,2006:55-62.
[149]Deng Y, Pang J, Wu P. Measuring Anonymity with Relative Entropy. In: Proceedings of the 4th International Workshop on Formal Aspects in Security and Trust(FAST'06),LNCS 4691,2006:59-77.
[150]Wright M, Adler M, Levine BN, et al. An Analysis of the Degradation of Anonymous Protocols. In:Proceedings of the Network and Distributed Security Symposium (NDSS'02),2002:38-50.