Hi,all
the definition of anonymity
"Definition: Anonymity of a subject from an attacker's perspective
means that the attacker cannot sufficiently identify the subject
within a set of subjects, the anonymity set.
"
1) is not clear about the content of anonymity set, will the real
identities of candidate subjects be included?
2) has too much variance when evaluating a scheme's anonymity.
For example, draft-zhang-hip-privacy-protection-04 gives a privacy
protection scheme by hashing the real identity:
B-HIT-I=SHA-1(HIT-T,N)
and send B-HIT-I along with N (chosen for each session).
if suppose the attacker has no knowledge of HIT-I, or a set of HIT-I, the
scheme has a certain anonymity;
if suppose the attacker has knowledge of HIT-I, or a set of HIT-I(which is
not difficult to collect), the scheme has no anonymity because he can try
each HIT-I he knowes by
recalculating SHA-1.
The scheme has anonymity at first and has less anonymity with time went on
and users have collected more HITs?
I think as a character of system, it should be stable.
Regards~~~
-Sujing Zhou
_______________________________________________
ietf-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-privacy
