Publications about JonDonym
Abstract: A diploma thesis of L. Braune about design goals and implementation of ANONdroid, a JonDo proxy client for Andoid smartphones.
Download: PDF 3,9 MB, 113 pages, German only, released 2012-February
Malice versus AN.ON: Possible Risks of Missing Replay and Integrity Protection
Benedikt Westermann and Dogan Kesdogan. Malice versus AN.ON: Possible Risks of Missing Replay and Integrity Protection. To appear in the proceedings of Financial Cryptography and Data Security 2011.
Development and providing an anonymous service
Paper about Internet anonymisation, includes JAP and JonDo history, by Dr. Stefan Köpsell, Technische Universität Dresden, Fakultät Informatik.
Introducing perfect forward secrecy for AN.ON
Benedikt Westermann and Dogan Kesdogan. Introducing perfect forward secrecy for AN.ON. In Finn Arve Aagesen and Svein J. Knapskog, editors, EUNICE, volume 6164 of Lecture Notes in Computer Science, pages 132-142. Springer, June 2010. PDF (local cache)
Cryptographic protocol analysis of AN.ON
Benedikt Westermann, Rolf Wendolsky, Lexi Pimenidis, and Dogan Kesdogan. Cryptographic protocol analysis of AN.ON. In Radu Sion, editor, Financial Cryptography, volume 6052 of Lecture Notes in Computer Science, pages 114-128. Springer, January 2010. PDF (local cache)
Security analysis of AN.ON’s payment scheme
Benedikt Westermann. Security analysis of AN.ON’s payment scheme. In Audun Jøsang, Torleiv Maseng, and Svein J. Knapskog, editors, NordSec, volume 5838 of Lecture Notes in Computer Science, pages 255-270. Springer, October 2009. PDF (local cache)
Abstract: All users logged into the system appear under a group pseudonym (Threshold group signature scheme) that is related to their IP address, but in a way that only all mixes together may uncover it (in order to conceal the IP in the group pseudonym, the first mix issues blind signatures). In order to use the service, they have to do signatures with their pseudonym, that can be verified by the last mix. These signatures may be assigned to a user IP, if a law enforcement agency presents a valid court order to all mixes for the surveillance of one or more URLs and the user visits one of these URLs, but only if all mixes work together. Even in this case, only this single IP is uncovered, which is not even visible by the mix operators, but by the law enforcement agency only (threshold atomic proxy reencryption). This revocation may be done in real-time or via data logged in the past.
Stefan Köpsell, Rolf Wendolsky, Hannes Federrath. Revocable Anonymity In: Günter Müller (Ed.): Proc. Emerging Trends in Information and Communication Security: International Conference, ETRICS 2006, Freiburg, Germany, June 6-9, 2006, LNCS 3995, Springer-Verlag, Heidelberg 2006, 206--220. PDF (local cache)
Strafverfolgung trotz Anonymität (Law enforcement and Anonymity in Germany)
Abstract: Erfahrungen mit dem Betrieb eines Anonymisierungsdienstes zeigen, dass ein solcher Dienst auch für Straftaten missbraucht wird. Das Paper beschäftigt sich damit, wie eine datenschutzgerechte Deanonymiserung in konkreten Einzelfällen durchgeführt werden kann, ohne die Anonymität der anderen Teilnehmer zu gefährden.
Download: Stefan Köpsell, Tobias Mioska: Technische Universität Dresden, local cache German, 12 pages
Low Latency Anonymous Communication - How long are users willing to wait?
Abstract: In the course of some practical research we realised the correlation between latency in the anonymisation system and the number of users logged into it is linear, at least for the Dresden-Dresden cascade. This insight may help designing technical measures to strengthen anonymity that need a higher latency without diminishing the expected user numbers too strong. A performance measurement of different anonymisation services (Tor, AN.ON) gave some clues that the users might have a common tolerance level regarding latency (about 4 seconds), that adjusts itself if the users are randomly distributed on the servers of a service. This was concluded from the unverifiable latency difference between the very frequented Dresden-Dresden cascade and Tor. An analysis of the URLs requested via AN.ON has shown that 33% of them had erotic content, 26% were web-based services (including e-mail), 8% were corporate sites and the rest had very mixed content. Surprisingly, no URLs of web-shops or health portals have been observed. 60% of the users who requested these contents came from Europe, 27% from Asia and 12% from America, whereas the origin of some was not detectable because of the use of JAP-Forwarding-Servers. This means that AN.ON is still a primary inner-european anonymisation service.Users and requested URLs have not been linked together for these studies.
Stefan Köpsell: Low Latency Anonymous Communication - How long are users willing to wait? In: Günter Müller (Ed.): Proc. Emerging Trends in Information and Communication Security: International Conference, ETRICS 2006, Freiburg, Germany, June 6-9, 2006, LNCS 3995, Springer-Verlag, Heidelberg 2006, 221--237.
Abstract: Old paper about Internet anonymisation and early JAP.
The disadvantages of free MIX routes and how to overcome them
Oliver Berthold, Andreas Pfitzmann, Ronny Standtke. The disadvantages of free MIX routes and how to overcome them. In the Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, July 2000 (local cache)
"Einführung Anon Dienste" Introduction to Anon services
Introduction to Anonymisaton services, targeting especially the Police, explaining how it works and that a simple Mail to JonDos will not result in deanonymisation.
Download: einfuehrung_anon_dienste.pdf 200 KiB PDF, 9 pages, German only, updated 2010-January