Protocols for purpose-restricted anonymous communications in IP-based wireless networks

Anonymity and specifically sender anonymity have become essential requirements for many privacy-related applications (e.g. net counselling and whistle blowing). On the other hand, anonymity may be abused for various malicious activities (e.g. redistribution of copyrighted contents and illegal drug trading). In this paper, we address both by proposing protocols for authenticated anonymous communications channels. In such channels, the client can authenticate the authentication server while the latter can only authenticate the fact that the client is one of the qualified members that are eligible to use the wireless network (e.g. WLAN hot spots, WiMAX). Our protocols are based on an efficient anonymous password-based authenticated key exchange protocol and on an anonymous IP address assignment. The proposed protocols have the following advantages: (1) they can restrict the usage of the established anonymous channels to certain fair purposes; (2) they do not involve rerouting of the packets through a chain of intermediate nodes; (3) they are available right after registration of a normal password to an authentication server as for a classical non-anonymous authentication (e.g. EAP-TTLS and PEAP) and do not require any special registration procedures that would reveal initially to the authentication server that the client belongs to a small list of users of anonymous services. However, each scheme has different features with respect to the changes required of the DHCP standard, the controlled and adaptive IP address assignment, the compatibility to authentication frameworks used for wireless networks, the scalability and the number of messages involved. (C) 2008 Elsevier B.V. All rights reserved.