Enabling Limited Identity Recovery in Anonymity Networks


In 2013, Edward Snowden revealed large-scale surveillance operations and thus sparked an increase in security and privacy on the Internet. Consequently, law enforcement agencies complain about being hindered when investigating crimes. Several exceptional data access mechanisms were proposed over the years, claiming restricted data access for governments. In this thesis, we show that all current proposals are missing at least one of two crucial features: (1) translucency towards outside observers or (2) enabling the public, but not individuals, to abandon them. If one of these features is missing, governments can abuse the system to enable large-scale surveillance. Despite criminals knowingly abusing anonymity networks, those received hardly any attention in the context of exceptional data access. Hence, we propose Twisd, an anonymity network based on Tor that enables the recovery of client identities in justified cases. Twisd deploys an anonymous authentication protocol to generate encrypted client identities. A trusted consortium can access these identities, but only under public oversight. We introduce translucent blockchains to ensure the honest and public management of identity recoveries. These blockchains enable the public to have restricted insight into the consortium’s activities and thus detect malicious behavior; however, they prevent the interference of the public with ongoing investigations. When comparing Twisd to Tor, we observe barely perceivable latency and processing overheads and an increased bandwidth consumption by 0.1 %. A Tor-sized Twisd network that retains identity recovery data for one year requires 234 TB of state-sponsored storage. We thus show the feasibility of anonymity networks with limited identity recovery capabilities. Additionally, we discuss how such a network could even boost the privacy of all honest citizens.

Master Thesis
Communication and Distributed Systems, RWTH Aachen University