[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Anonymity on mobile devices



Hi,
developing on a project which uses Tor, I hope to get some opinions from you.
I'm working with the mobile business group at my university in Germany. We are developing a platform for location-based and context-based applications. We also want to provide security and anonymity to the users of these locaion- and context-based services. Beside using pseudonyms, we want to apply an anonymizing service like Tor.
Our tests with some quite fast mobile devices (PDAs) showed that Tor could not (yet) be applied directly on the client. In the first place performance of the PDAs is too low for the (many) publice key operations, and secondly setting up a circuit causes much traffic which takes long and costs money; e.g. the OR list is quite big.


So we switched to a different architecture: now there is gateway to which the user connects to and which does all the anonymizing for him. This means we have a single point of failure, but we only need to connect securely (TLS,VPN,...) to the gateway.
Additionally we want to enable the user to choose the way of anonymizing, e.g. using Jap or Tor. Because of this and because we use the gateway for some other things, we had to design our own protocol which is similar to Socks, but has some additional parameter for the anonymity configuration.
So our architecture looks like this: the mobile client connects securely (by VPN) to the gateway, then it sends a Socks-like connect request along with the configuration parameters to the gateway, the gateway sends a request to the chosen anonymity service (e.g. talking socks5 to Tor on port 9050) and after the connection has been established the gateway forwards all incoming data.


What do you think of this architecture and of anonymity on mobile devices in general? There was a system called mCrowds which implemented Crowd's Jondos on WAP-gateways. Does anyone know it?

Christian