Abstract
This work presents a cryptographic analysis of AN.ON's anonymization protocols. We have discovered three flaws of differing severity. The first is caused by the fact that the freshness of the session key was not checked by the mix. This flaw leads to a situation where an external attacker is able to perform a replay attack against AN.ON. A second, more severe, error was found in the encryption scheme of AN.ON. An internal attacker controlling the first mix in a cascade of length two is able to de-anonymize users with high probability. The third flaw results from the lack of checks to ensure that a message belongs to the current session. This enables an attacker to impersonate the last mix in a cascade. The flaws we discovered represent errors that, unfortunately, still occur quite often and show the importance of either using standardized crytpographic protocols or performing detailed security analyses. © 2010 Springer-Verlag Berlin Heidelberg.
Cite
CITATION STYLE
Westermann, B., Wendolsky, R., Pimenidis, L., & Kesdogan, D. (2010). Cryptographic protocol analysis of AN.ON. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6052 LNCS, pp. 114–128). https://doi.org/10.1007/978-3-642-14577-3_11
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
