[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] checkpoint initial revisions; points where more work...
Update of /home/freehaven/cvsroot/doc/e2e-traffic
In directory moria.mit.edu:/tmp/cvs-serv15511
Modified Files:
e2e-traffic.tex e2e-traffic.bib
Log Message:
checkpoint initial revisions; points where more work is needed are tagged NMNM
Index: e2e-traffic.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/e2e-traffic/e2e-traffic.tex,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -d -r1.41 -r1.42
--- e2e-traffic.tex 29 Apr 2004 08:54:09 -0000 1.41
+++ e2e-traffic.tex 30 Apr 2004 12:32:08 -0000 1.42
@@ -57,7 +57,7 @@
eavesdropper can learn sender-receiver connections even when the substrate
is a network of pool mixes, the attacker is non-global, and senders have
complex behavior including generating padding messages.
-Additionally, we describe how an attacker can use extra information about
+Additionally, we describe how an attacker can use information about
message distinguishability to speed the attack.
Finally, we simulate our attacks for a variety of
scenarios, focusing on the amount of information needed to link senders to
@@ -81,7 +81,7 @@
Researchers have theorized that these attacks should be extremely
effective in many real-world contexts, but so far it has been difficult
-to reason about when they would be successful and how long the attacks
+to reason about when these attacks would be successful and how long they
would take.
%% Put this stuff in the previous work section if you want.
@@ -120,7 +120,7 @@
asynchronous batching) to relay her messages through a succession of
mixes, instead of using just a single mix.
\item Alice disguises when she is sending real messages by sending
- traffic padding to mix nodes in the network.
+ padding traffic to mix nodes in the network.
\item The attacker can only view a subset of the messages entering and
leaving the network (so long as this subset includes some messages
from Alice and some messages to Alice's recipients).
@@ -132,10 +132,10 @@
increases the amount of traffic he must observe.
Additionally, we show how an attacker can exploit additional knowledge, such
-as distinguishability between messages, to speed these attacks. For
-example, the attacker can take into account whether messages are written in
-the same language or signed by the same pseudonym, to partition them into
-different classes and analyze the classes independently.
+as distinguishability between messages, to speed these attacks. For example,
+an attacker who sees message contents can take into account whether messages
+are written in the same language or signed by the same pseudonym, to
+partition them into different classes and analyze the classes independently.
%\item {\it A priori} suspicion of certain messages having originated
% or not originated from Alice. For example, messages written in a
% language Alice doesn't speak are unlikely to have been written
@@ -156,7 +156,7 @@
%% Our preliminary results suggest that this effect can be achieved with
%% significantly less padding.
% (Yes, but not unequivocally. `more research is needed'. -NM)
-\item The attacker cannot tell when the sender is originating messages.
+\item The attacker cannot tell when Alice is originating messages.
%% For example, the sender may be running her own mix
%% node and injecting messages into it directly.
% why leave this out? it sounds important. -RD
@@ -185,7 +185,7 @@
% This above statement is misleading, no? The proof only holds when
% Alice sends always/only once, IIRC. -NM
Because some mixes might be controlled by an
-adversary, Alice may direct her messages through a sequence or `chain' of
+adversary, Alice can direct her messages through a sequence or `chain' of
mixes in a network, so that no single mix can link her to her recipient.
Many subsequent designs have been proposed, including Babel \cite{babel},
@@ -205,7 +205,7 @@
Attacks against mix networks aim to reduce the anonymity of users by
linking anonymous senders with the messages they send, by linking
anonymous recipients with the messages they receive, or by linking
-anonymous messages with one another. For a detailed list of attacks,
+anonymous messages with one another. For detailed lists of attacks,
consult \cite{back01,raymond00}. Attackers can
trace messages through the network by observing network
traffic, compromising mixes, compromising keys, delaying messages
@@ -219,7 +219,7 @@
look for commonalities between otherwise unlinked senders
\cite{rao-pseudonymity}.
-\subsection{The intersection attack}
+\subsection{The long-term intersection attack}
Even if all the above attacks are foiled, an adversary can
mount a \emph{long-term intersection attack} by correlating the times at
which senders and receivers are active \cite{disad-free-routes}.
@@ -227,8 +227,8 @@
A variety of countermeasures make intersection attacks harder.
Kesdogan's stop-and-go mixes
\cite{stop-and-go} provide probabilistic anonymity by letting users
-specify message latencies, thereby broadening the range of times
-messages might emerge from the mix network. Similarly, batching strategies
+specify message latencies, thereby broadening the range of time
+when messages might leave the mix network. Similarly, batching strategies
\cite{trickle02} as in Mixmaster and Mixminion use message
pools to spread out the possible exit times for messages.
@@ -239,8 +239,8 @@
given message originated at her node or was relayed from another node
\cite{bennett:pet2003,tarzan:ccs02,crowds:tissec}. But even with this
approach, the adversary can observe whether certain traffic patterns are
-present when a user is online (sending) and absent when a user is offline
-(not sending) \cite{wright02,wright03}.
+present when a user is online (possibly sending) and absent when a user is
+offline (certainly not sending) \cite{wright02,wright03}.
A sender can also conceal whether she is currently active by consistently
sending decoy (dummy) traffic. Pipenet \cite{pipenet} conceals
@@ -303,15 +303,17 @@
\label{subsec:statistical-disclosure}
In 2003, Danezis presented the statistical disclosure
attack\cite{statistical-disclosure}, which makes the same operational
-assumptions as the original disclosure attack but is far easier to
-implement in terms of storage, speed, and algorithmic complexity.
+assumptions as the original disclosure attack but is far easier to implement
+in terms of storage, speed, and algorithmic complexity. Unlike its
+predecessor, statistical disclosure only reveals {\it likely} recipients; it
+does not identify Alice's recipients with certainty.
In the statistical disclosure attack, we model Alice's behavior as an
unknown vector $\V{v}$ whose elements correspond to the
probability of Alice sending a message to each of the $N$ recipients
in the system. The elements of $\V{v}$ corresponding to Alice's $m$
recipients will be $1/m$; the other $N-m$ elements of $\V{v}$ will
-be $0$. We model the behavior of the cover traffic sent by other users
+be $0$. We model the behavior of the covering traffic sent by other users
as a known vector $\V{u}$ each of whose $N$ elements is $1/N$.
The attacker derives from each output round $i$ an observation vector
@@ -407,23 +409,23 @@
each \cite{pet2003-diaz,trickle02}. Rather than reordering and
relaying all the messages whenever a fixed number $b$ have arrived,
these algorithms store received messages in a {\it pool}, and at fixed
-intervals relay a {\it fraction} of the pooled messages based on the pool's
+intervals relay a {\it fraction} of the pooled messages, based on the pool's
current size.
When attacking such a mix, the attacker no longer knows for certain
-which batches of recipients contain a message from Alice. Instead,
+which batches of recipients contain messages from Alice. Instead,
the attacker can only estimate, for each batch of output messages,
-the probability that the batch includes one of Alice's messages.
+the probability that the batch includes one or more of Alice's messages.
-Following D\'iaz and Serjantov's approach in \cite{pet2003-diaz}, we treat
-these mixing algorithms generically as follows: a mix relays a
+Following D\'{\i}az and Serjantov's approach in \cite{pet2003-diaz}, we treat
+these mixing algorithms as follows: a mix relays a
number of messages at the end of each round, depending on how many
messages it is currently storing. All messages in the mix's pool at the end
of a round have an equal probability of being included in that round's batch.
-Thus, we can characterize the mix's batching algorithm as a probability
+Thus, we can characterize the mix's pooling algorithm as a probability
function $\PMIX(b|s)$---the probability that the mix relays $b$ messages
when it has $s$ messages in the pool. Clearly, $\forall s,
-\sum_{b=0}^{s}\PMIX(b|s) = 1$: the mix will always output between $0$
+\sum_{b=0}^{s}\PMIX(b|s) = 1$: the mix will always relay between $0$
and $s$ messages.
%In the case of a timed dynamic-pool mix, this distribution is:
@@ -486,15 +488,16 @@
The chance of
the message being delayed by a further $d$ rounds is now
\[ P_R'(\ell_0+d) = \binom{\ell_0+d-1}{d} (1-P_D)^{\ell_0} P_D^d \]
-If Alice chooses her path length probabilistically according to
-$P_L(\ell)$, we have
-\[ P_R'(r) =
- \sum_{\ell=1}^r P_L(\ell) \binom{r-1}{r-\ell} (1-P_D)^\ell P_d^{r-\ell} \]
+%If Alice chooses her path length probabilistically according to
+%$P_L(\ell)$, we have
+%\[ P_R'(r) =
+% \sum_{\ell=1}^r P_L(\ell) \binom{r-1}{r-\ell} (1-P_D)^\ell P_d^{r-\ell} \]
% \XXXX{ How can the attacker estimate $P_L$ for Alice? What if he can't?}
Danezis has independently extended statistical disclosure to pool mixes
-\cite{gd-thesis}.
+\cite{gd-thesis}; Danezis and Serjantov have analyzed it in detail
+\cite{statistical-disclosure04}.
\subsubsection{Dummy traffic:}
%\label{subsubsec:dummy-traffic}
@@ -548,13 +551,14 @@
Until now, we have required that the attacker, as a global passive
adversary, observe all the messages entering and leaving the system
(at least, all the messages sent by Alice, and all the messages
-reaching Alice's recipients). This requirement is not so difficult
+reaching Alice's recipients). This is not so difficult
as it might seem: to be a ``global'' adversary against
Alice, an attacker need only eavesdrop upon Alice, and upon the mixes
that deliver messages to recipients. (Typically, not all mixes do
-so.)
+so. For example, only about one third of current Mixminion servers support
+delivery.)
-A non-global attacker's characteristics depending on which parts of the
+A non-global attacker's characteristics depend on which parts of the
network he can observe. If the attacker
eavesdrops on a fraction of the {\it mixes} in the system, he
receives a sample\footnote{But possibly a biased
@@ -599,7 +603,7 @@
Finally, we note that an attacker can find recipients as well as senders by
using slightly more storage and the same computational cost.
-Suppose the attacker wishes to know which senders are sending
+Suppose the attacker wishes to know who is sending
anonymous messages to a given recipient Bob. The analysis remains the
same: the attacker compares sender behavior in rounds from which Bob
probably receives messages with behavior in rounds from which Bob
@@ -624,7 +628,7 @@
we discuss ways to reduce the attack's required amount of traffic
by incorporating additional information.
-\subsubsection{Exploiting message partitioning:}
+\subsubsection{Partitioning messages:}
%\label{subsubsec:full-linkability}
The attacker's work is simplified if some output messages are
{\it linkable}. Two messages are linkable if they are
@@ -635,11 +639,10 @@
messages chosen at random.
The easiest scenario for partitioning is pseudonymity: in a typical
-pseudonym service, each sender has one or more pseudonyms and all
-delivered messages are associated with a pseudonym.
-An eavesdropper who can connect senders to their pseudonyms
-could trivially use this information to connect senders and recipients.
-To do so, he might treat
+pseudonym service, each sender has one or more pseudonyms and each
+delivered messages is associated with a pseudonym.
+To link senders and recipients, an attacker only needs to link senders to
+their pseudonyms. To do so, he can treat
pseudonyms as virtual message
destinations: instead of collecting observations $\V{o_i}$ of
recipients who receive messages in round $i$, the attacker now
@@ -652,7 +655,8 @@
It's also possible that the partitioning may not be so perfect: sometimes
many senders will send messages in the same class. For
example, two binary documents written in the same version of MS Word
-are more likely to be written by the same sender than two messages
+or encrypted with the same version of PGP are more likely to be written by
+the same sender than two messages
selected at random.
%Linkages may be more abstract: a
%sophisticated attacker could check for the presence of certain
@@ -660,17 +664,17 @@
To exploit these scenarios, the attacker
chooses a set of $c$ partitioning classes (such as languages or
-patterns of usage), and assigns to each observed output
+patterns of use), and assigns to each observed output
message a probability of belonging to each class. The attacker then
proceeds as before, but instead of collecting observation
-vectors with elements corresponding the recipients, the attacker now
+vectors with elements corresponding to recipients, the attacker now
collects observation vectors whose elements correspond to number of
-messages received in each round by each
+messages received by each
$\left<\mbox{recipient},\mbox{class}\right>$ tuple. (If a message
might belong to multiple classes, the attacker sets the corresponding
element of each possible class to the probability of the message's
being in that class.)
-The statistical disclosure attack
+The attack
proceeds as before, but messages that fall in different
classes no longer provide cover for one another.
@@ -682,10 +686,10 @@
%\label{subsubsec:suspicion}
Finally, the attacker may have reason to believe that some messages
are more likely to have been sent by the target user than others. For
-example, if we believe that Alice speaks Urdu but not Arabic, or
-that Alice knows psychology but not astrophysics, then we will
-naturally suspect that an Urdu-language message about psychology
-is more likely to come from Alice than is an Arabic-language message
+example, if we believe that Alice
+knows psychology but not astrophysics, then we will
+naturally suspect that a message about psychology
+is more likely to come from Alice than is a message
about astrophysics.
To exploit this knowledge, an attacker can (as suggested in the
@@ -700,7 +704,9 @@
%message.
% Maybe also mention: What if Alice gets her stats from a given source,
-% and so prefers different exits?
+% and so prefers different exits? NMNM
+
+% Mention encryption and why people don't. NMNM
%======================================================================
\section{Simulation results}
@@ -724,7 +730,7 @@
round, also chosen uniformly at random. We ran 100 trial attacks for each
chosen $\left<N,m,b\right>$ tuple. Each attack was set to halt when the
attacker has correctly identified Alice's recipients, or when 1,000,000
-rounds have passed. (We imposed this cap on run time to keep our simulator
+rounds had passed. (We imposed this cap on run time to keep our simulator
from getting stuck on hopeless cases.)
%\begin{figure}[ht]
@@ -741,12 +747,12 @@
%\label{fig2a}
%\end{figure}
-We present the results of our simulations in Figure~\ref{fig1}
+Figure~\ref{fig1} presents the results of our simulation
(the low-$m$ curves are at the bottom).
As expected, the attack
becomes more effective when Alice sends messages to only a few
-recipients (small $m$); when there are fewer recipients for Alice to hide
-hers among (small $N$); or when batch sizes are small (small $b$).
+recipients (small $m$); when there are more recipients to whom Alice does not
+send (large $N$); or when batch sizes are small (small $b$).
\begin{figure}
\begin{minipage}[t]{5.75cm}
@@ -773,7 +779,7 @@
``scale-free'' model proposed in \cite{scale-emergence} and analyzed in
\cite{scale-analysis}, which shares desirable properties with ``small-world''
networks \cite{small-world}. Scale-free networks share the ``six degrees of
-separation property'' (for arbitrary values of six) with small-world
+separation property'' (for arbitrary values of six) of small-world
networks, but also mimic the clustering and `organic' growth of real social
networks, including citations in journals, co-stars in IMDB, and links in
the WWW.
@@ -789,7 +795,7 @@
%simulation continues until it has generated $N$ connected vertices.
For these trial attacks, the background messages were generated by
choosing nodes from the graph with probability proportional to their
-popularity (connectedness). This simulates a case where users send messages
+connectedness. This simulates a case where users send messages
with equal frequency and choose recipients uniformly from among the people
they know.
@@ -824,7 +830,7 @@
\label{subsec:sim-complex-mixes}
%trials 3,4
Pooling slows an attacker by increasing the number of output messages
-that can correspond to each input message. To simulate an attack against
+that could correspond to each input message. To simulate an attack against
pool mixes and mix networks, we abstract away the actual pooling rule used by the
network, and instead assume that the network has reached a steady state, so
that each mix retains the messages in its pool with the same probability
@@ -886,46 +892,56 @@
% Are there better citations for these strategies? Are there better names?
Our first padding strategy (``independent geometric padding'')
-is based on the link padding strategy from the Mixminion design
-\cite{minion-design}: Alice generates a random number of dummy messages in
+is based on the algorithm used in current versions of Mixmaster:
+Alice generates a random number of dummy messages in
each round according to a geometric distribution with parameter $\Pjunk$,
independent of her number of real messages.
-% With the second strategy
-%(`imperfect threshold-padding'), we assume that Alice attempts to implement
-%the unbreakable threshold-padding strategy (always send $M$ messages total
-%in every round, adding dummies up to $M$ as necessary), but that her
-%implementation is imperfect: when she needs to send more than $M$ real
-%messages, she does so anyway rather than wait for a later round; and she is
-%only sometimes online (with probability $\Ponline$ each round), and cannot
-%send real messages or padding when she is not. (This last deviation in
-%particular will be typical for any real-world user attempting to implement
-%threshold padding in a world of unreliable hardware and network
-%connections.)
-\begin{figure}[ht]
-\centering
-\mbox{\epsfig{angle=0,figure=graphs/fig5a,width=4in}}
-\caption{Independent geometric dummy messages: Median rounds to guess all
+In our second padding strategy
+(`imperfect threshold padding'), we assume that Alice attempts to implement
+the otherwise unbreakable threshold padding strategy (always send $M$
+messages total
+in every round, adding dummies up to $M$ and delaying messages after $M$ as
+necessary), but that she is only sometimes online, and cannot
+send real messages or padding when she is not. (This last deviation in
+particular will be typical for any real-world user attempting to implement
+threshold padding in a world of unreliable hardware and network
+connections.)
+
+Our final dummy traffic simulation assumes that Alice performs threshold
+padding consistently, but that the attacker had a chance to acquire a view of
+the network's background behavior before Alice first came online.
+%NMNM say why this is realistic.
+
+\begin{figure}
+\begin{minipage}[t]{5.75cm}
+\mbox{\epsfig{angle=0,figure=graphs/fig5a,width=6cm}}
+\caption{Independent geometric dummy messages: median rounds to guess all
recipients}
\label{fig5a}
+\end{minipage}
+\hfill
+\begin{minipage}[t]{5.75cm}
+\mbox{\epsfig{angle=0,figure=graphs/fig5c,width=6cm}}
+\caption{Imperfect threshold padding: median rounds to guess all recipients}
+\label{fig5c}
+\end{minipage}
+\hfill
\end{figure}
-Padding slows the attack, but does not necessarily stop it. As shown in
+Padding slows the attack, but does not {\it necessarily} stop it. As shown in
Figure~\ref{fig5a}, geometric padding is most helpful when the underlying
mix network has a higher variability in message delay to `spread' the padding
between rounds. Otherwise, Alice must send far more padding
messages to confuse the attacker.
-We are currently running our simulations on other padding models, including
-``imperfect threshold padding'' (Alice always tries to pad up to a threshold
-of $M$ messages per round, but is sometimes offline).
+\XXXX{Fill in discussion of 5c and 5d once the last results are in. NMNM}
\subsubsection{The impact of partial observation:}
%\label{subsec:sim-partial}
%trial 6
-Finally, we examine the degree to which a non-global passive adversary can
-mount the statistical disclosure attack. Again, we base our simulation on
-the mix network simulation used as the basis for the padding trials above.
+Finally, we examine the degree to which a non-global adversary can
+mount a statistical disclosure attack.
% (have we defined 'entry'?) -NM
Clearly, if Alice chooses only from a fixed set of entry and exit mixes as
@@ -954,16 +970,18 @@
harder. Finally, as $\Pobserve$ approaches $0$, the required number of
rounds approaches infinity.
+\XXXX{Pseudonyms}
+
%======================================================================
\section{Conclusions}
\label{sec:conclusion}
Our results demonstrate that long-term end-to-end intersection attacks
-can succeed in the presence of a variety of complicating factors. In
+can succeed even in the presence of a variety of complicating factors. In
closing, we
suggest several open questions for future work, and offer recommendations
for mix network designs.
-\subsubsection{Questions for future work:}
+\subsubsection{Questions for future research:}
%\label{subsubsec:future-work}
Many questions remain before the effectiveness of long-term
intersection attacks can be considered a closed problem.
@@ -980,7 +998,7 @@
% (flooding, trickle, $n-1$)
has concentrated on preventing an attacker from being certain of
Alice's recipients---but in fact, an active attack that only reveals
-slight probabilities about Alice's recipients can provide information
+slight probabilities about Alice's recipients could provide information
to speed up the intersection attacks in this paper.
% also: run a server, knock down nodes, improve linkability, convince Alice
% to be vulnerable.
@@ -991,29 +1009,32 @@
%
% Should we explain this someplace? -NM
-It seems clear that pseudonymous services will fall to intersection attacks
-far faster than anonymizing services. How strong is this effect, and can it
-be prevented? (We are currently simulating scenarios related to pseudonyms.)
+%It seems clear that pseudonymous services will fall to intersection attacks
+%far faster than anonymizing services. How strong is this effect, and can it
+%be prevented? (We are currently simulating scenarios related to pseudonyms.)
Our analysis has focused on the impact of Alice's actions on Alice alone.
How do Alice's actions (for example, choice of padding method) affect other
users in the system? Are there incentive-compatible strategies that provide
good security for all users?
-There are other possible approaches to thwarting traffic analysis, including
-alternative padding regimes (as mentioned above in the discussion for
-Figure~\ref{fig5a}). These should be investigated.
+%There are other possible approaches to thwarting traffic analysis, including
+%alternative padding regimes (as mentioned above in the discussion for
+%Figure~\ref{fig5a}). These should be investigated.
Although real social networks behave more like scale-free networks than like
the original disclosure attack's model, our models for user behavior
still have room for improvement. For example, real users
probably do not send messages with a time-invariant geometric distribution:
-most people's email habits are based on a 24-hour day, and a 7-day week. The
-effects of this variation may be significant.
+most people's email habits are based on a 24-hour day, and a 7-day week.
+Early research on traffic patterns in actual mix-nets \cite{mixvreliable}
+suggests that this variation is probably significant.
Many of our simulations found ``sweet spots'' for settings such as mix pool
delay, message volume, padding volume, and so on. Identifying those points
of optimality in the wild would be of great practical help for users.
+Systems could perhaps then be designed to adaptively configure their pooling
+strategies to optimize their users' anonymity.
% impact on reputation systems
@@ -1029,10 +1050,12 @@
output rounds, variability in delay increases each message's anonymity set, and
amplifies the effect of padding.
-{\bf Padding} seems to slow traffic analysis, especially as the volume of
-padding approaches the volume of the sender's actual messages,
-drowning out the signal. On the other hand, significant padding may be
-too cumbersome for most users.
+{\bf Padding} seems to slow traffic analysis, especially when the padding is
+consistent enough to prevent the attacker from gaining a picture of the
+network in Alice's absence. On the other hand, significant padding volumes
+may be too cumbersome for most users, and perfect consistency (sending
+padding messages from the moment a network goes online to the moment it shuts
+down) is similarly difficult.
Users should be educated about the effects of their chosen {\bf message
volume}: sending infrequently is safe, especially if the user doesn't
@@ -1041,7 +1064,8 @@
But users in between appear vulnerable to intersection attacks.
%The threat of non-global observers must not be ignored.
-Mix networks should take steps to {\bf minimize the number of messages}
+Mix networks should take steps to {\bf minimize the proportion of observed
+ messages}
that a limited attacker can see entering and exiting the network. Possible
approaches include encouraging users to run their own mixes; choosing
messages' entry and exit points to cross geographical and organization
@@ -1061,11 +1085,9 @@
%and that they can also be defeated by partial observers.
Instead, we should attempt to quantify {\it how long} our designs can defend
{\it which senders} against an adversary who sees {\it how much}.
-This paper helps move anonymity system threat analysis from inflexible
-security proofs to quantification of risk for given parameters of
+We hole that this paper helps move anonymity system threat analysis
+towards quantification of risk for given parameters of
adversaries, senders, and mixes.
-% How about ``We hope that this paper will help...'' ?
-
% We said that fixed entry/exit might help too, but I now think it
@@ -1092,7 +1114,8 @@
\section*{Acknowledgments}
Thanks go to Gerald Britton, Geoffrey Goodell, Novalis, Pete St. Onge, Peter
Palfrader, Alistair Riddoch, and Mike Taylor for letting us run our
-simulations on their computers.
+simulations on their computers; and to George Danezis for his comments on
+drafts of this paper.
%======================================================================
\bibliographystyle{plain} \bibliography{e2e-traffic}
Index: e2e-traffic.bib
===================================================================
RCS file: /home/freehaven/cvsroot/doc/e2e-traffic/e2e-traffic.bib,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- e2e-traffic.bib 25 Jan 2004 14:30:22 -0000 1.9
+++ e2e-traffic.bib 30 Apr 2004 12:32:08 -0000 1.10
@@ -84,7 +84,7 @@
@inproceedings{pet2003-diaz,
title = {Generalising Mixes},
- author = {Claudia D\'iaz and Andrei Serjantov},
+ author = {Claudia D\'{\i}az and Andrei Serjantov},
booktitle = {Proceedings of the Privacy Enhancing Technologies workshop (PET 2003)},
year = {2003},
month = {March},
@@ -428,4 +428,20 @@
school = {University of Cambridge},
year = {2003},
month = {December},
-}
\ No newline at end of file
+}
+
+@inproceedings{statistical-disclosure04,
+ title = {Statistical Disclosure or Intersection Attacks on Anonymity Systems},
+ author = {George Danezis and Andrei Serjantov},
+ booktitle = {Proceedings of Information Hiding Workshop (IH 2004)},
+ year = {2004 (forthcoming)},
+ publisher = {Springer-Verlag},
+ www_pdf_url = {http://freehaven.net/doc/batching-taxonomy/taxonomy.pdf},
+}
+
+@misc{mixvreliable,
+ title = {Comparison between two practical mix designs},
+ author = {Claudia D\'{\i}az and Len Sassaman and Evelyne Deweiite},
+ year = {2004},
+ howpublished = {Forthcoming}
+}
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/