D11.1: Collection of Topics and Clusters of Mobility and Identity – Towards a Taxonomy of Mobility and Identity

Title: NETWORKS

Generally, in the context of mobile ad hoc networks, two main strategies for enabling anonymity currently exist:

1. By replacing the standard ad hoc routing protocol with a routing protocol that enables anonymous communication (cp. ).

Figure : An anonymous routing protocol

During recent years, a number of such proposals have been published, including: ANODR (Kong, Hong, 2003), MASK (Zhang et al., 2005), SDAR (Boukerche et al., 2004), and ARM (Seys, Preneel, 2006). Most of these solutions aim to anonymise Route Request (RREQ) and Route Reply (RREP) messages during route discovery. The main advantage of this approach is that messages can be directly transmitted to the receiver using on average shorter paths in comparison with anonymous overlay networks (see below). The main disadvantage is the mere fact that the standard routing protocol is being replaced. This forces users to run another routing protocol when they want to be anonymous, and, therefore, the risk is that such solutions will end up with a small user base, and, thus, a degraded degree of anonymity according to most anonymity metrics. Another disadvantage is that the anonymity offered by this type of solutions could be betrayed in cases when a connection-oriented transport layer, such as TCP, is being used above the anonymous routing protocol.

1. By introducing an anonymous overlay network above the ad hoc routing protocol or the transport protocol (cp. ).

Figure : An anonymous overlay network

This type of solution introduces an anonymous overlay network on top of either the network layer or the transport layer. One main advantage with introducing anonymity by the means of an overlay network is flexibility; such a solution is independent of the ad hoc routing protocol and, furthermore, is compatible with general applications expecting services from, e.g., a reliable transport layer. One disadvantage is that the performance can be expected to be slightly worse compared to anonymous routing protocols, as messages are routed through a set of intermediary overlay nodes instead of being transmitted directly to the destination. A recent proposal belonging to this category is (Jiang et al., 2004), where Jiang et al. propose a number of adaptations to make Chaum’s classical mix concept (Chaum, 1981) suitable for mobile ad hoc networks.

Karlstad University (Sweden) is currently working on a proposal for an anonymous overlay network called Chameleon, which adheres to the second type of solution presented above (publication under submission). The core functionalities of Chameleon are inspired by the traditional Crowds system (Reiter, Rubin, 1997) for anonymising HTTP traffic. The decision to use a Crowds-like approach was made according to a previous evaluation of peer-to-peer based anonymous overlay networks in the context of ad hoc networks (see Andersson et al., 2005 and FIDIS deliverable D3.3 for more information). Among other things, Chameleon employs end-to-end encryption between the sender and recipient, certificate-based protection against Sybil attacks, and a distributed service discovery mechanism replacing the role of the blender in Crowds. Chameleon offers sender anonymity against destinations as well as receiver and relationship anonymity against local observers for large networks. One major difference between the approach by (Jiang et al., 2004) is that the latter approach claims to protect against a global observer, although it is acknowledged in (Jiang et al., 2004) that dummy traffic could be needed in order to achieve this. For performance reasons Chameleon avoids dummy traffic, since it is commonly believed that dummy traffic and performance are orthogonal requirements in mobile ad hoc networks.