Protection Profiles for Remailer Mixes
نویسندگان
چکیده
In the past independent IT security evaluation according to published criteria has not realized its potential for the assessment of privacy enhancing technologies (PETs). Main reason for this was, that PETs were not covered appropriately in the evaluation criteria. This situation has changed somewhat, and therefore this paper reports on a case study, in which we developed Protection Profiles for remailer mixes. One reason for the development of these Protection Profiles was to test the privacy related components in the new Evaluation Criteria for IT Security – Common Criteria (International Standard 15408, ECITS/CC) and to develop improvements. Another reason was to contribute to an independent evaluation of privacy enhancing technologies. The experiment shows, that the ECITS/CC enable PPs for remailer mixes, but that there are still improvements necessary. The paper presents the Protection Profiles and the structured threat analysis for mixes, on which the Protection Profiles are based.
منابع مشابه
Protection Profiles for Remailer Mixes -Do the New Evaluation Criteria Help?
Early IT security evaluation criteria like the TCSEC and the ITSEC suffered much criticism for their lack of coverage of privacy-related requirements. Recent evaluation criteria, like the CC and the ISO-ECITS now contain components assigned to privacy. This is a step towards enhanced privacy protection, especially for non-experts. We examined the suitability and use of these components and the ...
متن کاملA Reputation System to Increase MIX-Net Reliability
We describe a design for a reputation system that increases the reliability and thus efficiency of remailer services. Our reputation system uses a MIX-net in which MIXes give receipts for intermediate messages. Together with a set of witnesses, these receipts allow senders to verify the correctness of each MIX and prove misbehavior to the witnesses. We suggest a simple model and metric for eval...
متن کاملEcholot and Leuchtfeuer Measuring the Reliability of Unreliable Mixes
In a mix-net, information regarding the network health and operational behavior of the individual nodes must be made available to the client applications so they may select reliable nodes to use in each message’s path through the mix-net. We introduce the concept of a pinger, an agent which tests the reliability of individual mixes in the mix-net, and publishes results for the mix clients to ev...
متن کاملProvable Anonymity for Networks of Mixes
We analyze networks of mixes used for providing untraceable communication. We consider a network consisting of k mixes working in parallel and exchanging the outputs – which is the most natural architecture for composing mixes of a certain size into networks able to mix a larger number of inputs at once. We prove that after O(log k) rounds the network considered provides a fair level of privacy...
متن کاملEnvironmental effects of interstate power trading on electricity consumption mixes.
Although many studies of electricity generation use national or state average generation mix assumptions, in reality a great deal of electricity is transferred between states with very different mixes of fossil and renewable fuels, and using the average numbers could result in incorrect conclusions in these studies. We create electricity consumption profiles for each state and for key industry ...
متن کامل