anonymity in wireless networks under traffic analysis attacks...
TRANSCRIPT
FACULTY OF ENGINEERING OF UNIVERSITY OF PORTO
Anonymity in Wireless Networks underTraffic Analysis Attacks
Hugo Moreira de Sousa Pinto
Integrated Master in Electrical and Computers Engineering
Supervisor: Daniel Lucani (Professor)
Co-supervisor: João Barros (Professor)
February 2011
c© Hugo Moreira de Sousa Pinto, 2011
Contents
1 State of the Art 11.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.2 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.3 Anonymity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3.1 Type of anonymity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.3.2 Attackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.3.3 Degree of anonymity . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.4 Related work on anonymity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.5 Network Coding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2 Problem Definition 92.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.1.1 Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.1.2 Cost of Anonymity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.1.3 Measure of Anonymity . . . . . . . . . . . . . . . . . . . . . . . . . . . 102.1.4 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.2 Requirements identification and analysis . . . . . . . . . . . . . . . . . . . . . . 122.3 Work Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.3.1 Milestones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122.3.2 Adopted methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . 132.3.3 Technologies and tools to use . . . . . . . . . . . . . . . . . . . . . . . 13
References 15
i
ii CONTENTS
List of Figures
1.1 Butterfly Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61.2 3 Node Line Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71.3 3 Node Line Network - No Network Coding . . . . . . . . . . . . . . . . . . . . 71.4 3 Node Line Network - Network Coding . . . . . . . . . . . . . . . . . . . . . . 8
2.1 Line Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
iii
iv LIST OF FIGURES
List of Tables
2.1 Possible sessions in 3 node line network . . . . . . . . . . . . . . . . . . . . . . 112.2 Anonymous transmission pattern . . . . . . . . . . . . . . . . . . . . . . . . . . 112.3 Non-Anonymous Transmission Pattern . . . . . . . . . . . . . . . . . . . . . . . 11
v
vi LIST OF TABLES
Chapter 1
State of the Art
1.1 Introduction
In our work, we will be trying to provide anonymous communications in wireless networks. We
will therefore present a review of the state of the art in the topics of security and anonymity in
communications. Since our approach will be to develop transmission schedules, in which the
use of network coding might prove valuable, we will also review the state of the art concerning
network coding.
1.2 Security
With more and more communications taking place mediated by technology, security concerns are
at the top of the table. The field of network and Internet security consists of measures to deter,
prevent, detect and correct security violations that involve the transmission of information [1]. In
this context, a security mechanism is any process that is designed to detect, prevent or recover
from a security attack. Examples of mechanisms are encryption algorithms, digital signatures and
authentication protocols.
There are many security services which can be provided and are usually divided into five
categories [1]. The first one is authentication, which is the assurance that the communicating
entity is the one that it claims to be. The second one is Access Control, which is the prevention
of the unauthorized use of a resource. This service controls who can have access to a resource,
under what conditions and with what permissions. A third service is data integrity, that is, the
assurance that data received is exactly as sent by the unauthorized entity, that is, it contains no
modification, insertion, deletion or replay. Another service is nonrepudiation, which consists
in the protection against denial by one of the entities involved in a communication of having
participated in the communication. The last service is data confidentiality, that is, the protection
of data from unauthorized disclosure.
1
2 State of the Art
1.3 Anonymity
One subfield of data confidentiality is traffic-flow confidentiality, that is, the protection of the
information that might be derived from the observation of traffic flows. Not much work done up
to this point in the area of security has concentrated on this specific topic. By observing the traffic
flow, an attacker might be able to identify who sent how many messages to whom and at what time.
We therefore call this service anonymity in communications, that is, hiding the parties involved in
a communication.
As discussed in [2], we can classify anonymity according to three different aspects, which will
now be explained in detail.
1.3.1 Type of anonymity
According to [3], there are three types of anonymous communication properties that can be pro-
vided. A first one is sender anonymity, where the identity of the originator of a message is hidden.
Similarly, in receiver anonymity the identity of the recipient of a message is unknown. A weaker
possibility is to have unlinkability of sender and receiver, where even though the sender and re-
ceiver might be identified as participating in some communication, they are not identified as being
communicating with each other. We now add a fourth type of anonymous communications that
can be provided, which we call session anonymity. This is stronger than all the previous types,
since we do not know anything about which nodes are actually communicating.
1.3.2 Attackers
A second aspect is the attackers against which these properties are achieved. The attackers can
be internal or external to network and they can be active or passive [1]. An attacker is said to be
active if he is actively attacking the network and trying to participate in the flow of messages. An
active attack can be a masquerade, where an entity pretends to be a different entity, a replay, where
data is captured and retransmitted, modification of messages, where the contents of messages are
altered, or messages are delayed or reordered, and denial of service, where the normal usage of
the communication facilities are inhibited.
On the other hand, an attacker is said to be passive if it is a simple eavesdropper. The two most
important types of passive attacks are the release of message contents, where the actual message
is overheard, and traffic analysis, where the pattern of the communications is observed, revealing
the location and identity of the communication hosts, or the frequency and length of the messages
being exchanged. An eavesdropper can be global or just be able to listen to part of the messages
sent and received.
1.3.3 Degree of anonymity
The last aspect to consider is the degree of anonymity offered. There is not a unique way of
measuring the quality or degree of anonymity. One possibility is presented in [2], where the
1.4 Related work on anonymity 3
degree of anonymity is viewed as an informal continuum. This continuum will be described for
sender anonymity, but could as well be for any of the other types of anonymous communications.
In the one end of the spectrum, we have absolute privacy, where the attacker can not perceive
the presence of communication. On the other end of the spectrum is provably exposed, where the
attacker can prove the identity of the sender to others. Some intermediate points of anonymity are
also defined. The strongest one is beyond suspicion, where the attacker can see evidence of a sent
message, but the sender is no more likely to be its originator than any other potencial sender in
the system. A weaker degree is probable innocence, where the sender, from the attackers point
of view, appears no more likely to be the originator of the message than not to be it. However,
he is now more suspicious than any other potencial sender. An even weaker degree is possible
innocence, where there is non zero probability that the real sender is someone else.
One other possible way of measuring anonymity is by using information theoretic measures,
which will be explained in detail in our work. A formal definition of anonymity based on the
entropy will be presented and anonymity will be expressed as a numerical value.
A few mechanisms have already been developed in order to provide anonymity and we will be
discussing the most important ones in the next section.
1.4 Related work on anonymity
A few mechanisms to provide anonymity have already been developed. One mechanism used to
achieve destination anonymity is called k-anonymity. In k-anonymity the object of interest is
always hidden amongst k similar entities [4]. In communications, we can achieve k-anonymity
of the destination by delivering the data to a crowd of k nodes, called anonymity zone, which is
usually a circle shaped area, instead of just to a specific node. Destination anonymity is important
because a user who is receiving sensitive data might not want his peers to know about that.
This way, when a source wants to build a path to a destination, it first obtains the position
of the destination and then randomly selects a center and radius for the anonymity zone, which
should be such that the destination and other k− 1 nodes are located within it. Since only this
information will be sent over the network, even if an attacker intercepts the message, he won’t be
able to tell which node is the real destination.
In a mobile wireless ad hoc network, nodes are able to move freely and only a measure of node
density is known, not the exact network topology. This way, k-anonymity is only achieved with
a certain probability, because we do not know exactly how many nodes are within the anonymity
zone. Moreover, some problems might arise due to the node mobility. In fact, the source might
have to redefine the anonymity zone if the destination node moves out of the previous one, and a
tracer may be able to infer which is the destination node by intersecting different anonymity sets
[5].
One other system proposed in [2] for protecting users’ anonymity on the world-wide-web is
called crowds. This system, named for the notion of blending into a crowd, operates by grouping
4 State of the Art
users into a large and geographically diverse group, therefore hiding one’s actions within the
actions of many others. To execute a web transaction, a user first joins a crowd of other users and
first passes his request to a random member in the crowd. This member can then either submit
the request directly to the server or forward it to another randomly chosen member of the crowd.
When the request is submitted, the end server does not know its true initiator, and neither can the
members of the crowd, since when they receive a request it might be from a member that is simply
forwarding it. Web servers are unable to learn the true source of a request, because it is equally
likely to have originated from any member of the crowd. This is therefore an example of sender
anonymity.
Another technique for anonymous communication is called onion routing [6], which protects
the privacy of both the sender and receiver of a message, as well as its content, as it travels through
the network. In this technique, the message travels from a source to a destination through several
intermediate nodes, called onion routers. However, each node only knows who sent him the
information and to whom he should pass it, but nothing about the route as a whole.
The first step is to create this path through which many messages can be transmitted. The
sender therefore identifies a series of routing nodes forming a route through the network and con-
structs an onion which encapsulates that route. The onion data structure is composed of layer upon
layer of encryption wrapped around a payload. Based on the route chosen, the sender encrypts first
for the receiver, then for the preceding node on the route, and so on back to the first routing node,
to whom he will send the onion.
As each router receives the onion, it peels a layer by decrypting it with his own private key,
thus revealing the following information:
• Expiration time - until when should this onion remain active.
• Next hop - the next routing node to which the payload is to be sent.
• Forward Pair - key to be applied to the data moving in the forward direction.
• Backward Pair - key to be applied to the data moving in the backward direction.
• Payload - in the case of an intermediate node, this will be another onion, with one less peel;
in the case of the receiver, the payload will just be composed of padding, which is used to
make the onion always the same size, to prevent possible attackers to infer either about the
position of a specific node on the route, or about the length of the route as a whole.
Once the path has been specified, it remains active until its expiration time. Each router will
keep record of who he received the onion from and who he sent it to. Until the circuit is destroyed,
whenever he receives a message from one of the sides, he sends it to the other, applying the forward
cryptographic key to the data moving in the forward direction and the backward cryptographic
key to the data moving in the opposite one. The sender can then transmit messages encrypted
1.4 Related work on anonymity 5
by applying to the message the inverse of all the forward cryptographic functions specified in the
onion. The receiver will also be able to reply by encrypting the data using his own backward
cryptographic function. When the sender receives the message, he will be able to obtain the
plaintext by applying all the backward cryptographic functions to the message. We have therefore
established a bidirectional circuit, where each intermediate node can’t access the message and
doesn’t know anything about the route as a whole.
Until now, we have assumed that the sender was able to choose a set of nodes reaching the
destination. However, this is only possible in the case of having a stationary infrastructure. In
mobile ad-hoc networks, however, the nodes are able to move freely in an open environment. A
protocol for a dynamic and secure distributed path construction is presented in [7], which does not
require the source to gather and store information about the network topology. Instead, the source
node initiates a path discovery message, with certain trust requirements, to all of his neighbouring
nodes. The intermediate nodes satisfying these trust requirements insert their IDs and a session
key into the path discovery message and forward copies to their selected neighbours. These is
done until the message reaches the intended destination. Once the receiver receives the message,
it retrieves from it the information about all the intermediate nodes, encapsulates it into a mul-
tilayered message, and sends it along a reverse path back to the source node, similarly to what
happens in traditional onion-routing. When the protocol terminates, the source node ends up with
the information about all the intermediate nodes as well as the session keys to encrypt the data.
However, onion-routing has several weaknesses. At first, it does not provide much defense
against timing analysis attacks. If an eavesdropper can observe the traffic in and out of some
nodes, it can still correlate the incoming and outgoing packets of relay nodes, by observing how
close together in time they are received and re-sent. This way, he might be able to identify the
source and the destination or, at least, discover parts of route between them. One way to protect
against this kind of attacks is to give the nodes one additional capability known as mixing [8]. A
node with this capability is called a Mixer and is capable of buffering several the packets received
from multiple links and transmitting them using a random timing algorithm, therefore preventing
an eavesdropper to relate the incoming and outgoing packets. This is an example of a mechanism
that guarantees unlinkability of sender and receiver.
Furthermore, it is vulnerable to predecessor attacks, in which an attacker who controls an
onion router keeps track of a session as it occurs through several path reformations, which happen
because routers might periodically fail or leave the network. If an attacker observes the same
session over enough reformations, he will tend to see the sender more frequently than any other
router. Another type of attacks, called intersection attacks, rely on the fact that any communication
path that remains functioning, cannot have been routed though routers that failed or left, nor can
it involve those that recently joined the network.
One practical implementation of Onion Routing is Tor [9], which is an anocrym for The Onion
Router. Tor is actually a second-generation Onion Routing system which adresses limitations
in the original design by adding perfect forward secrecy, congestion control, directory servers,
6 State of the Art
integrity checking, configurable exit policies, and a pratical design for location-hidden services
via rendezvouz points. It works on the real world Internet and requires no special privileges,
little syncronization or coordination between nodes and a reasonable trade-off between anonymity,
usability and efficiency.
1.5 Network Coding
The concept of network coding was first introduced in [10] and has proved to be very valuable in
wireless networks. Instead of merely forwarding or replicating the information received, network
coding gives intermediate nodes in a network the opportunity to perform a set of operations on the
information received before sending it to the output links. In the case of a network with a single
source and a single sink, the maximum flow of information is given by the Max-Flow Min-Cut
theorem [11]. When we have multiple sinks, which is the case of multicast, the maximum flow
or rate at which we can deliver information to all the sinks is given by the smallest of the rates at
which we can we can deliver the information to each of the sinks.
One major finding in [10] is that in order to achieve optimality in the multicast of information
in a network, network coding might have to be employed. In other words, the maximum flow of
information in a network might not be reachable if network coding is not used.
Consider for instance the network in figure 1.1, which is called a butterfly network. We shall
consider that there are no losses in the transmissions.
Figure 1.1: Butterfly Network
This network has one source and two sinks and, on the left side of the figure, we can see that
the capacity of each edge is one. It is fairly simple to check that the maximum flow from s to each
of the sinks t1 and t2 is two. So, as explained before, the maximum flow from the source to both
sinks is also two. That is, in the best case, the source can input two bits b1 and b2 into the network
per unit of time, having them delivered with constant delay to both sinks. On the right side of the
figure we can see a scheme that achieves this throughput, where the plus sign denotes modulo 2
1.5 Network Coding 7
addition. We can see that network coding is performed at node 3, and that at sink ti bit i will be
recovered based on bi and b1 +b2. If network coding was not performed at node 3, it would have
to send first bit b1 and only then bit b2. This would not only result in a loss of throughput, because
the source could not input two bits per unit of time anymore, but also require a higher number of
transmissions, which means that more energy would be expended.
Among the simplest coding schemes is linear coding, which regards a block of data as a vector
over a certain base field and allows a node to apply a linear transformation to a vector before
passing it on. In [12] it is proved that linear coding is sufficient to achieve the optimality in
any multicast problem. An algebraic approach to the problem is actually presented in [13]. A
very interesting practical implementation of linear network coding is presented in [14], where
the network nodes independently and randomly select linear mappings from inputs onto output
links over some field. It is proved that this achieves the capacity of the network with probability
approaching one with code length. This turns possible a decentralized operation and increases
robustness to network changes or link failures.
Network coding has also proved itself valuable in the case of unicast sessions on wireless
networks, as explained in [15]. In particular, the use of network coding in wireless line networks
has been discussed in [16] and [17]. Consider the simple three node line network depicted in the
figure below:
Figure 1.2: 3 Node Line Network
Imagine that nodes A1 and A3 are willing to exchange two data packets a and b. Without
network coding, this would require four total transmissions, as represented in figure 1.3. It is
important to note that none of this transmissions can be simultaneous, since they would result in
collisions.
Figure 1.3: 3 Node Line Network - No Network Coding
Given the wireless nature of the transmission medium, the last two transmissions can be re-
placed by only one if coding is performed at node A2, as shown in figure 1.4, where the plus sign
represents the modulo 2 addition of the two packets. Nodes A1 and A3 can then easily recover the
missing packet from the initial packet which they knew and the coded packet they received. This
allows an improve in throughput, average packet delay and number of transmissions. This kind of
mechanism can be extended to a line network with a higher number of nodes.
8 State of the Art
Figure 1.4: 3 Node Line Network - Network Coding
Some previous work has already tried to relate the topics of security and network coding, but
has focused essentially on providing confidentiality in communications. In [18], a low-complexity
cryptographic scheme that takes advantage of random linear network is presented. This scheme
offers the advantage of reduced overhead in comparison to traditional end-to-end encryption of
the entire data. An Information-Theoretic Cryptanalysis of Network Coding is presented in [19].
A characterization of the mutual information between the encoded data and the two elements that
can lead to information disclosure, the matrices of random coefficients and the original data itself,
is presented.
Chapter 2
Problem Definition
2.1 Introduction
The main focus of this thesis is to provide anonymous communications in wireless networks. In a
given wireless set, there are two possible types of sessions:
• unicast sessions - when two nodes Ai and Ak are communicating with each other.
• multicast sessions - when one node Ai is trying to reach a set of other nodes.
In our work, we will be trying to provide information theoretic anonymity to the networks’
active sessions, which is the strongest type of anonymity from the ones explained in section 1.3.1.
We will assume that all sessions are equally probable and will develop transmission schedules
that serve every session equally. This way, the nodes in the network will transmit data or, if needed,
perform innocuous dummy transmissions to ensure that the transmission pattern is preserved.
Therefore, a global eavesdropper, as defined in 1.3.2, will not be able to tell which session is
in fact active, since the pattern he will observe could be serving any of the sessions.
2.1.1 Assumptions
Our analysis will be carried out considering some basic assumptions:
• the nodes are rational / efficient communications - nodes will try to transmit in the best
possible way, in order to minimize the throughput, delay and number of transmissions.
• no losses - a given transmission will always reach its destination;
• equality of service - all sessions are to be served equally, that is, with the same throughput.
2.1.2 Cost of Anonymity
The cost of anonymity will be calculated for each session by comparing the cost of this transmis-
sion pattern with the cost of a pattern that would serve only that session. This comparison will be
done in terms of three aspects:
9
10 Problem Definition
• throughput - the rate at which a given node can input a new packet into the network, having
it successfully delivered with constant delay.
• delay - the number of time slots a packet will take to reach its destination.
• number of transmissions - the number of transmissions required, which gives an idea of the
energy spent in the communications.
We shall adress mechanisms to improve energy, delay and throughput performance while
maintaining the same degree of anonymity. One promising technique to be studied is network
coding.
2.1.3 Measure of Anonymity
As explained in 1.3.3, one possible way to quantify anonymity is to use information theoretic
measures. In our case, we will be using the entropy of the possible active sessions. In information
theory, the entropy is a measure of the uncertainty of a random variable [20]. We can say that the
higher uncertainty we have in the possible active sessions, the more anonymous the communica-
tions will be.
The entropy H(X) of a discrete random variable X is defined by
H(X) =−∑x∈X
p(x)× log(p(x))
The log is usually to base two and the entropy is expressed in bits.
The term ui = − log(p(xi)) is also called surprisal, since when the probability is 1, there is
zero surprisal at seeing the result, whereas it increases as the probability gets smaller. The entropy
can then be seen as a weighted average of surprisals.
The maximum entropy of a random variable is reached when all the possible n outcomes
{xi : i = 1,2, ..,n} have the same probability p(xi) =1n and is equal to log(n). This makes sense,
since it corresponds to the situation of maximum uncertainty, since all the results are equally
probable. Therefore, in order to reach maximum anonymity, we want to find a transmission pattern
where all the possible sessions are equally probable of being active.
2.1.4 Example
Consider a simple three node line network as depicted in the figure below. If two nodes are
connected, it means that one is in the wireless transmission range of the other.
Figure 2.1: Line Network
2.1 Introduction 11
In this case, there are the following possible unicast and multicast sessions:
Unicast MulticastA1↔ A2 A1→{A2,A3}A2↔ A3 A2→{A1,A3}A1↔ A3 A3→{A1,A2}
Table 2.1: Possible sessions in 3 node line network
If we define the following transmission pattern, we can see that any of the unicast or multicast
sessions in table 2.1 could be active.
t1 t2 t3 t4A1 xA2 x xA3 x
Possible sessionsA1↔ A2A2↔ A3A1↔ A3
A1→{A2,A3}A2→{A1,A3}A3→{A1,A2}
Table 2.2: Anonymous transmission pattern
Assuming that all the sessions are equally probable, we can compute the entropy of the pattern
in table 2.2 as:
H(X) =−∑x∈X
p(x)× log(p(x)) =−6
∑x=1
p(xi)× log(p(xi)) =−6∗ 16× log(
16) = log(6)
If we instead define a pattern where only two nodes transmit, such as in table 2.3, an eaves-
dropper can easily conclude that only one of the sessions can be happening.
t1 t2 t3 t4A1 x xA2 x xA3
Possible sessionsA1↔ A2
Table 2.3: Non-Anonymous Transmission Pattern
The entropy can therefore be computed to be:
H(X) =−∑x∈X
p(x)× log(p(x)) =−1∗ log(1) = 0
The entropy is zero, which means that an eavesdropper has absolute certainty that one specific
session is happening.
12 Problem Definition
2.2 Requirements identification and analysis
• Functional Requirements
– the scheduling pattern should account for session anonymity in wireless networks in
the face of a global eavesdropper
– the scheduling pattern should be useful in different network topologies
• Non-Functional Requirements
– the scheduling pattern shoud achieve as high throughput as possible
– the scheduling pattern shoud achieve as low delay as possible
– the scheduling pattern should minimize the energy expended in communications
2.3 Work Plan
2.3.1 Milestones
• Milestone 1 - Review of the state of the art - Deadline 15th February
– familiarization with security concepts and challenges
– review of the state of the art on anonymity and network coding
• Milestone 2 - Analysis of special network topologies - Deadline 15th March
– development of transmission schedules for perfect anonymity
– global eavesdropping attacks
– measurement of the cost of anonymity
– study of the benefits of using network coding
• Milestone 3 - Analysis of more complex network topologies - Deadline 1st May
• Milestone 4 - Trade-offs between anonymity and performance - Deadline 15th May
– anonymity and throughput
– anonymity and delay
– anonymity and energy
• Milestone 4 - Anonymity under active attacks - Deadline 1st June
• Milestone 5 - Simulation with MATLAB - Deadline 15th June
2.3 Work Plan 13
2.3.2 Adopted methodology
At an initial stage, the analysis will be performed for some special and simple network topologies,
such as the line network, and based on some assumptions and simplifications. We will aim for
perfect session anonymity from an information theoretic perspective. A mathematical formulation
of the problem will be presented and the cost of anonymity will be quantified in terms throughput,
delay and energy in communications. From this analysis, we will build on to more complex
topologies, introducing more contraints and dropping some assumptions. Particularly, the trade-
offs between anonymity and performance will be explored. After this theoretical work, some
numerical evaluations and simulations on MATLAB may be performed.
2.3.3 Technologies and tools to use
Given the theoretical nature of the thesis, we will only require MATLAB in order to perform some
simulations and numerical evaluations.
14 Problem Definition
References
[1] William Stallings. Cryptography and network security: Principles and practice. 2002.
[2] Michael K. Reiter and Aviel D. Rubin. Crowds: anonymity for web transactions. ACMTrans. Inf. Syst. Secur., 1:66–92, November 1998.
[3] A Pfitzmann and M Waidner. Networks without user observability. Comput. Secur., 6:158–166, May 1987.
[4] Latanya Sweeney. k-anonymity: a model for protecting privacy. Int. J. Uncertain. FuzzinessKnowl.-Based Syst., 10:557–570, October 2002.
[5] Xiaoxin Wu and E. Bertino. Achieving k-anonymity in mobile ad hoc networks. In SecureNetwork Protocols, 2005. (NPSec). 1st IEEE ICNP Workshop on, pages 37 – 42, nov. 2005.
[6] David M. Goldschlag, Michael G. Reed, and Paul F. Syverson. Hiding routing information.In Proceedings of the First International Workshop on Information Hiding, pages 137–150,London, UK, 1996. Springer-Verlag.
[7] Azzedine Boukerche, Khalil El-Khatib, Li Xu, and Larry Korba. A novel solution for achiev-ing anonymity in wireless ad hoc networks. In Proceedings of the 1st ACM internationalworkshop on Performance evaluation of wireless ad hoc, sensor, and ubiquitous networks,PE-WASUN ’04, pages 30–38, New York, NY, USA, 2004. ACM.
[8] Javad Ghaderi and R. Srikant. Towards a theory of anonymous networking. CoRR,abs/0908.1805, 2009.
[9] Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: the second-generation onionrouter. In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13,SSYM’04, pages 21–21, Berkeley, CA, USA, 2004. USENIX Association.
[10] R. Ahlswede, Ning Cai, S.-Y.R. Li, and R.W. Yeung. Network information flow. InformationTheory, IEEE Transactions on, 46(4):1204 –1216, July 2000.
[11] Bela. Bollobas. Graph theory : an introductory course / Bela Bollobas. Springer Verlag„New York, 1979. Includes index.
[12] S.-Y.R. Li, R.W. Yeung, and Ning Cai. Linear network coding. Information Theory, IEEETransactions on, 49(2):371 –381, 2003.
[13] R. Koetter and M. Medard. An algebraic approach to network coding. Networking,IEEE/ACM Transactions on, 11(5):782 – 795, 2003.
15
16 REFERENCES
[14] T. Ho, M. Medard, R. Koetter, D.R. Karger, M. Effros, Jun Shi, and B. Leong. A randomlinear network coding approach to multicast. Information Theory, IEEE Transactions on,52(10):4413 –4430, 2006.
[15] Sun-Yuan Kung Yunnan Wu, Philip A. Chou. Information exchange in wireless networkswith network coding and physical-layer broadcast. In Conference on Information Sciencesand Systems, 2005.
[16] P. Pakzad, C. Fragouli, and A. Shokrollahi. Coding schemes for line networks. In Informa-tion Theory, 2005. ISIT 2005. Proceedings. International Symposium on, pages 1853 –1857,2005.
[17] U. Niesen, C. Fragouli, and D. Tuninetti. On capacity of line networks. Information Theory,IEEE Transactions on, 53(11):4039 –4058, 2007.
[18] J.P. Vilela, L. Lima, and J. Barros. Lightweight security for network coding. In Communi-cations, 2008. ICC ’08. IEEE International Conference on, pages 1750 –1754, May 2008.
[19] L. Lima, J.P. Vilela, J. Barros, and M. Medard. An information-theoretic cryptanalysis ofnetwork coding - is protecting the code enough? In Information Theory and Its Applications,2008. ISITA 2008. International Symposium on, pages 1 –6, 2008.
[20] Thomas M. Cover and Joy A. Thomas. Elements of information theory. Wiley-Interscience,New York, NY, USA, 1991.