Re: [ietf-privacy] anonymity definition in"draft-hansen-privacy-terminology-03"

["Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>]

Hi Zhou, 

Thank you for your questions. 

I guess you are looking at the terminology document from the point of view of writing draft-zhang-hip-privacy-protection-04. You are trying to find the right words to describe the properties of the solution you have been working on. 

When you look at the privacy consideration draft (see http://tools.ietf.org/html/draft-iab-privacy-considerations-01) then the first thing is to think about a threat model. In your communication protocol you may consider the following adversaries:
(Note that I am saying this without having followed HIP for a long time and so I might be missing something here.)

* responders who get to see identity information,
* eavesdroppers who observe the exchanges and may want to learn about the communication relationships and the identities of the initiator and / or the responders, and 
* HIP-based intermediaries (e.g., these HIP-based firewalls).  

Could you explain me what the focus of your draft is with respect to hiding identities? 

I believe you are not trying to provide a mechanism to prevent disclosing the identity of the HIP initiator to the HIP responder. I think you care about eavesdroppers in the middle. Is this correct?

Ciao
Hannes


From: ietf-privacy-bounces@ietf.org [mailto:ietf-privacy-bounces@ietf.org] On Behalf Of ext zhou.sujing@zte.com.cn
Sent: Thursday, February 09, 2012 4:51 AM
To: ietf-privacy@ietf.org
Subject: [ietf-privacy] anonymity definition in"draft-hansen-privacy-terminology-03"


Hi,all 

the definition of anonymity 
"Definition:  Anonymity of a subject from an attacker's perspective
     means that the attacker cannot sufficiently identify the subject
     within a set of subjects, the anonymity set.
" 
1) is not clear about the content of anonymity set, will the real identities of candidate subjects be included? 
2) has too much variance when evaluating a scheme's anonymity. 

For example, draft-zhang-hip-privacy-protection-04 gives a privacy protection scheme by  hashing the real identity: 
B-HIT-I=SHA-1(HIT-T,N) 

and send B-HIT-I along with N (chosen for each session). 

if suppose the attacker has no knowledge of HIT-I, or  a set of HIT-I, the scheme has a certain anonymity; 
if suppose the attacker has knowledge of HIT-I, or a set of HIT-I(which is not difficult to collect), the scheme has no anonymity because he can try each HIT-I he knowes by 
recalculating SHA-1. 
  
The scheme has anonymity at first and has less anonymity with time went on and users have collected more HITs? 

I think as a character of system, it should be stable. 
  

Regards~~~

-Sujing Zhou