[freehaven-dev] WShAnon: Free Haven Project submission

[Roger R Dingledine <arma@mit.edu>]

Hannes Federrath:

I'm a Masters student working with Ron Rivest at MIT. My thesis work
is the design and development of an anonymous secure data haven. We're
focusing on providing anonymity and persistence rather than speed
and availability, while still providing enough accountability for a
functional system (for instance, if you're too anonymous you lose the
ability to detect misbehaving nodes).

I am leading a group of six other students to characterize the
requirements that we need, as well as develop the structure of the
system and implement a proof of concept. The paper is still in flux,
but it will be finished by May 22. Our current abstract follows:

| The Free Haven Project aims to deploy a system for distributed data
| storage robust against attempts by powerful adversaries to find and
| destroy stored data. Free Haven uses a secure mixnet for communication,
| and it emphasizes distributed, reliable, and anonymous storage over
| efficient retrieval. Some of the problems Free Haven addresses include
| providing sufficient accountability without sacrificing anonymity,
| building trust between servers based entirely on their observed
| behavior, and providing user interfaces that will make the system easy
| for end-users.

My thesis document can be found at http://freehaven.net/doc/freehaven.ps
Note that it gets updated literally daily these days, as I write more
text for it. Sections 1.1 through 1.3 should give you a good notion of
how Free Haven works, what we're doing, and why we're doing it.

Section 1.4 could well turn into an entirely different document: it
lays out our notions of anonymity, what we require from an anonymous
storage and publication system, and some characteristics we might aim
for from a theoretical point of view, including
* anonymity for each of the four agents in our system (author, reader,
  server, document)
* the distinctions between anonymity and pseudonymity
* computational versus information-theoretic anonymity (eg, whether the
  anonymity of the reply block in a mixnet relies on the computational
  infeasibility of reversing it, or it uses something that provides
  unconditional security, akin to a one time pad)
* a notion of "perfect forward anonymity" (similar to perfect forward
  secrecy, we have some concept of a 'session location' which is valid
  for a given transaction and then untraceable afterwards)
* ideal (or full) anonymity versus partial anonymity:
  The notion of full anonymity is really only defined over an ideal world,
  where the adversary has an infinite set of indistinguishable suspects.
  In reality, every set of candidates is limited in size, and indeed the
  adversary often has partial information about the suspect -- for instance,
  `he or she has a high-bandwidth Internet connection', or `he or she
  probably lives in California based on activity patterns and routing
  analysis'.

Most of the document past section 1.4 is in very rough draft form, and
large parts of it are several months old at this point. I apologize for
the clutter.

In any case, please let me know if either of these ideas appeals
to you as a topic for your workshop on July (either the design and
development of Free Haven as a whole, or specifically the section on
defining anonymity). I can provide more details on either topic if
you're interested.

Thanks for your time,
--Roger Dingledine, arma@mit.edu