Veröffentlichungen

On Securing the Anonymity of Content Providers in the World Wide Web

Nowadays the World Wide Web (WWW) is an established service used by people all over the world. Most of them do not recognize the fact that they reveal plenty of information about themselves or their affiliation and computer equipment to the provider of web pages they connect to. So it is possible to build a very personal profile of these users. The accumulation and connection of this information contradicts the usual idea of data security, violates personal rights, and offers many illegal possibilities like insertion into unwanted address lists which often results in undesired advertisement or spying out personal tendencies. As an answer to this nuisance there are a lot of services in the WWW offering users to access web pages unrecognized or without risk of being backtracked, respectively. This kind of anonymity is called user or client anonymity.

 

But on the other hand, an equivalent protection for content providers does not exist, although this feature is desirable for many situations in which the identity of a publisher, content provider, or communication relation in general shall be hidden. We call this property server anonymity. We will introduce the first system with the primary target to offer anonymity for provider of information in the WWW. Beside this property it provides also client anonymity.

 

First we motivate our concept describing some situations, in which server anonymity is desirable or even necessary because of social or technical constraints or business interests, respectively. We represent the concept of mixes by David Chaum, the theoretical base of our system. Next we review the actual situation in research in relation to existing projects for client anonymity and based on Chaum's concept explaining the technical methods and theoretical backgrounds.

 

Based on Chaum's idea and in relation to the context of the WWW we explain the term "server anonymity" generally and more detailed motivating the system JANUS. JANUS is an acronym for "Justly Anonymizing Numerous URLs Systematically", describing the features of the system.

 

Central element of our handling is the URL, the reference to each object in the WWW. This URL reveals information about the server the object belongs to and also often about its location or affiliation. Our system is first described in a general way to provide an overview figuring its location in the WWW scenario. Then we elaborate the method of anonymizing formally. To achieve this anonymity we use public key cryptography. Since there is the possibility of misuse in the nature of this system providing anonymity for a server, ways to solve these problems are presented. JANUS depends on some assumptions in relation to a intruder model; this model is stated. On the practical side, we describe the technical background of the implementation of our prototype and the availability of JANUS in the WWW.

Downloads

[PS] [PS.GZ]


Prof. Firoz Kaderali Print