Passive-attack analysis for connection-based anonymity systems. Andrei Serjantov and Peter Sewell. International Journal of Information Security, 4(3):172--180, June 2005. Special issue on ESORICS 2003. [ bib | doi | http ]
In this paper we consider low-latency connection-based anonymity systems which can be used for applications like web browsing or SSH. Although several such systems have been designed and built, their anonymity has so far not been adequately evaluated.

We analyse the anonymity of connection-based systems against global passive adversaries. We give a precise description of a packet-counting attack which requires a very low degree of precision from the adversary, evaluate its effectiveness against connection-based systems depending on their size, architecture and configuration, and calculate the amount of traffic necessary to provide a minimum degree of protection. We then present a second attack based on tracking connection starts which gives us another lower bound on traffic volumes required to provide at least some anonymity.

 
Passive Attack Analysis for Connection-Based Anonymity Systems. Andrei Serjantov and Peter Sewell. In ESORICS 2003. [ bib | doi | ps | pdf | http ]
In this paper we consider low latency connection-based anonymity system which can be used for applications like web browsing or SSH. Although several such sys tems have been designed and built, their anonymity has so far not been adequatel y evaluated.

We analyse the anonymity of connection-based systems against passive adversaries. We give a precise description of two attacks, evaluate their effectiveness, and calculate the amount of traffic necessary to render the attacks useless.