Confidential or sensitive information transmitted over the Internet is protected by some form of encryption. It may also be desired to conceal from an outside observer the fact of communication itself. For example, companies that want to keep their research interests secret would like to prevent outsiders from knowing which web sites they are visiting. In such cases anonymity of communications becomes an issue.
The problem of privacy and anonymity stems from Internet Protocol (IP). According to the protocol, information is transmitted in packets and source and destination addresses are placed in the header of each packet. As a result, an interceptor may trace data exchange between parties of interests, which makes any communicating party an easy target of malicious actions ranging from eavesdropping to denial of service (DOS) attack.
Virtual private network (VPN) is an area where privacy via anonymity is an integral part of security. VPNs are utilizing the existing Internet infrastructure for some or all of their communications as an alternative to building the expensive dedicated networks of their own. VPNs are particularly cost effective for small companies and for companies of all sizes with highly mobile workforce. However they inherently expose themselves to security risks. The Internet is intentionally open and therefore unsecured because it is available to everybody from general public to businesses to government agencies and non-profit organizations. This openness leaves the Internet vulnerable and those private networks that use Internet connections expose themselves to attacks via the Internet.
Proliferation of wireless and mobile connections to the Internet contributes to the privacy problem revealing the location of communicating party. In particular, WiFi networks carry the potential for revealing more precise location compared to other technologies such as cell phones or pagers because they operate with smaller cell sizes. Small cell sizes help WiFi networks to maintain signal quality and higher communication bandwidth at lower power levels and in environments that have poor signal propagation.
A solution to privacy problem is an intermediate server interposed between sender and receiver so that receiver sees only IP address of the intermediate server. The server however could be compromised. One way to deal with this risk is to spread the trust among multiple servers. David Chaum in an article “Untraceable electronic mail, return addresses, and digital pseudonyms”, Communications of the ACM, 24, 2 (February 1981), proposed a system for anonymous electronic mail which employs a set of forwarding agents called mixes. Each mix collects a few messages, waits some time and then sends the messages out in a different order. Mixes are meant to prevent eavesdroppers from tracing messages passing through them and thus provide sender and receiver unlinkability. The strength of mixes is that even if only one mix in a path is not compromised, the system continues to provide sender-receiver unlinkability.
In a decentralized peer-to-peer (P2P) environment, another anonymity technique, called “crowds”, is employed. According to this technique, browsers on client machines can “join the crowd” and become candidates for routing traffic from and to other browsers. The privacy protection relies on the large number of browser routers in the crowd and on the fact that any browser could be either the initiator of a request or just a router.
A drawback of approach based on a centralized trusted server is that all network traffic goes through the server and as a result, the server may become a “bottleneck” in the network. A drawback of decentralized crowd-style approach is that there may not be a firewall between browser routers. This limitation can severely compromise the security of client systems.
U.S. Pat. No. 6,266,704 to Reed et al. discloses a virtual circuit (pathway) that provides anonymous connection for moving data through a communication network. The virtual circuit comprises a plurality of “onion routers” wherein each router is responsive to an “onion”, which is a layered data structure with one layer per router and wherein each layer contains an encrypted identity of the next router in the pathway.
U.S. Pat. No. 6,389,533 to Davis et al. teaches an e-mail system that encrypts the return address with a public key of the recipient system and places the encrypted address in the outgoing message. U.S. Pat. No. 6,591,291 to Gaber et al. describes an e-mail system that employs the destination address to generate an alias source address that substitutes for the real source address in e-mail message. This renders the sender anonymous while providing it with ability to receive a reply to the message.
U.S. Pat. No. 6,952,769 to Dubey et al. describes a protocol for anonymous communication between two entities across a network using pseudonyms instead of physical addresses and distributing trust among agents (servers) so that an identity of communicating party is not revealed by the compromise of any one agent involved in the execution of the protocol, and wherein the probability of identity compromise is a polynomial function of, which means less than proportional to, the number of compromised agents.
U.S. Pat. No. 6,986,036 to Wang et al. discloses a scheme for protecting anonymity of a client when it communicates with a target server over the Internet. A plurality of Web servers is randomly selected from a pool of participating Web servers for use as routers in a routing chain between the client and the target server. To prevent traffic analysis, the “onion encryption” is applied to the messages transmitted along the routing chain. When a client intends to communicate with a target server, it sends a request for a secure routing chain to a trusted routing control server.
U.S. Pat. No. 7,124,172 to Hirayama describes a method of processing an inquiry from a user to a company web site without having the user to reveal his or her personal information. The method uses an intermediate relaying system that replaces user information with a number attached to the inquiry.
U.S. Pat. Nos. 7,133,930 to Munger et al. and 7,188,180 to Larson et al. describe a new agile routing protocol that is built on top of IP. According to the protocol, packet's final destination is concealed behind layers of encryption and each router can remove only the outer layer of encryption to reveal the next router. As a result, final destination of data cannot be determined from an intercepted packet. The secure “virtual Internet” works over the existing Internet infrastructure, and interfaces with client applications the same way as the existing Internet.
U.S. Pat. No. 7,171,493 to Shu et al. teaches a method and devices for splitting a file into a plurality of message segments and addressing the segments to a plurality of addresses assigned to a receiving host in order to camouflage the content and pattern of network traffic, increase the difficulty of interception and provide resistance to denial-of-service attack. U.S. Pat. No. 7,185,204 to Narayanaswani et al. describes a method and system for providing location privacy by assigning a pool of addresses with which a user can access a network over a mobile computing device.
U.S. Pat. No. 7,246,231 to Tariq et al. discloses a routing system that encrypts the subnet prefix of IP address, so that any entity, which does not know the encryption key, would not be able to determine the IP address.
U.S. Pat. No. 7,257,646 to Jonsson describes a method and system for handling traffic from a source node to a destination node via selectable relay nodes that form an overlay network of nodes managed by an independent operator. Along with quality of service the overlay network provides address substitution to prevent an interceptor from relating a packet to a specific original source or final destination.
U.S. Pat. No. 7,398,388 to Xu at al. discloses a “crowd-style” method of increasing user privacy in P2P environment, which is combined with “onion-style” encryption.
Published application Ser. No. 11/009,399 of LeMay at al. discloses a secure e-mail protocol comprising two sub-protocols—a message transport protocol and a key management protocol, which operate in tandem to enhance security. The protocol employs an existing infrastructure to transport encrypted e-mail messages, and a key server for management and distribution of encryption keys in key packets. The message transport protocol relies on a group addressing scheme to obscure individual sender and recipient identities.