Sciweavers

FC
2010
Springer

Cryptographic Protocol Analysis of AN.ON

13 years 10 months ago
Cryptographic Protocol Analysis of AN.ON
This work presents a cryptographic analysis of AN.ON’s anonymization protocols. We have discovered three flaws of differing severity. The first is caused by the fact that the freshness of the session key was not checked by the mix. This flaw leads to a situation where an external attacker is able to perform a replay attack against AN.ON. A second, more severe, error was found in the encryption scheme of AN.ON. An internal attacker controlling the first mix in a cascade of length two is able to de-anonymize users with high probability. The third flaw results from the lack of checks to ensure that a message belongs to the current session. This enables an attacker to impersonate the last mix in a cascade. The flaws we discovered represent errors that, unfortunately, still occur quite often and show the importance of either using standardized crytpographic protocols or performing detailed security analyses.
Benedikt Westermann, Rolf Wendolsky, Lexi Pimenidi
Added 25 Jan 2011
Updated 25 Jan 2011
Type Journal
Year 2010
Where FC
Authors Benedikt Westermann, Rolf Wendolsky, Lexi Pimenidis, Dogan Kesdogan
Comments (0)