[ietf-privacy] 答复: RE: anonymity definition in"draft-hansen-privacy-terminology-03"

[zhou.sujing@zte.com.cn]

Hi，Hannes，
I must make a clarification that the draft I took as an examle is not 
written by me :).
I just happen to read that draft and tried to find the security by 
referring  to the privacy terminology draft.

The question I have did not come only from the privacy draft by Zhang (not 
me), also from 
another definition of anonymity which is popular in cryptograhy:
 
the adversary is given two IDs, and an oracle computing an output from one 
of the IDs,
if the adversary cann't figure out the correct ID from the output with 
probability greater than 0.5, then it is called anonymous. 

But in the pivacy teminology, it is not clear if the attacker has the 
knowledge of affected IDs.

Come to Zhang's draft, it is rather easy to collect many HIP identity 
tags, and wheather or not knowledge of   identities is essential to 
evaluate the anonymity 
, at least to zhang's draft,I think.



Regards~~~

-Sujing Zhou

"Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> 写于 
2012-02-09 15:17:16:

> Hi Zhou, 
> 
> Thank you for your questions. 
> 
> I guess you are looking at the terminology document from the point 
> of view of writing draft-zhang-hip-privacy-protection-04. You are 
> trying to find the right words to describe the properties of the 
> solution you have been working on. 
> 
> When you look at the privacy consideration draft (see http://tools.
> ietf.org/html/draft-iab-privacy-considerations-01) then the first 
> thing is to think about a threat model. In your communication 
> protocol you may consider the following adversaries:
> (Note that I am saying this without having followed HIP for a long 
> time and so I might be missing something here.)
> 
> * responders who get to see identity information,
> * eavesdroppers who observe the exchanges and may want to learn 
> about the communication relationships and the identities of the 
> initiator and / or the responders, and 
> * HIP-based intermediaries (e.g., these HIP-based firewalls). 
> 
> Could you explain me what the focus of your draft is with respect to
> hiding identities? 
> 
> I believe you are not trying to provide a mechanism to prevent 
> disclosing the identity of the HIP initiator to the HIP responder. I
> think you care about eavesdroppers in the middle. Is this correct?
> 
> Ciao
> Hannes
> 
> 
> From: ietf-privacy-bounces@ietf.org [mailto:ietf-privacy-
> bounces@ietf.org] On Behalf Of ext zhou.sujing@zte.com.cn
> Sent: Thursday, February 09, 2012 4:51 AM
> To: ietf-privacy@ietf.org
> Subject: [ietf-privacy] anonymity definition in"draft-hansen-
> privacy-terminology-03"
> 
> 
> Hi,all 
> 
> the definition of anonymity 
> "Definition:  Anonymity of a subject from an attacker's perspective
>      means that the attacker cannot sufficiently identify the subject
>      within a set of subjects, the anonymity set.
> " 
> 1) is not clear about the content of anonymity set, will the real 
> identities of candidate subjects be included? 
> 2) has too much variance when evaluating a scheme's anonymity. 
> 
> For example, draft-zhang-hip-privacy-protection-04 gives a privacy 
> protection scheme by  hashing the real identity: 
> B-HIT-I=SHA-1(HIT-T,N) 
> 
> and send B-HIT-I along with N (chosen for each session). 
> 
> if suppose the attacker has no knowledge of HIT-I, or  a set of HIT-
> I, the scheme has a certain anonymity; 
> if suppose the attacker has knowledge of HIT-I, or a set of HIT-
> I(which is not difficult to collect), the scheme has no anonymity 
> because he can try each HIT-I he knowes by 
> recalculating SHA-1. 
>   
> The scheme has anonymity at first and has less anonymity with time 
> went on and users have collected more HITs? 
> 
> I think as a character of system, it should be stable. 
>   
> 
> Regards~~~
> 
> -Sujing Zhou
>