[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] More revisions; describe more data. All that remain...
Update of /home/freehaven/cvsroot/doc/e2e-traffic
In directory moria.mit.edu:/tmp/cvs-serv24400
Modified Files:
Makefile e2e-traffic.pdf e2e-traffic.tex
Log Message:
More revisions; describe more data. All that remains to do:
- Describe the results for 5d once they're in.
- Maybe say something about pseudonyms.
- Make sure we're obeying the formatting requirements.
- Adjust the intro and conclusion to account for our padding results.
- Same a little more in the last part of the conclusion.
Index: Makefile
===================================================================
RCS file: /home/freehaven/cvsroot/doc/e2e-traffic/Makefile,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- Makefile 24 Jan 2004 14:42:08 -0000 1.6
+++ Makefile 1 May 2004 02:15:08 -0000 1.7
@@ -38,6 +38,8 @@
$(ANALYZE) raw*/trial2r.* > tmp/trial2r.analyzed
$(ANALYZE) raw*/trial[34]r* > results/trial34r.analyzed
$(ANALYZE) raw*/trial5a* > results/trial5a.analyzed
+ $(ANALYZE) raw*/trial5c* > results/trial5c.analyzed
+ $(ANALYZE) raw*/trial5d* > results/trial5d.analyzed
$(ANALYZE) raw*/trial6.* > results/trial6.analyzed
combine: results/trial1c.analyzed results/trial2c.analyzed
@@ -58,10 +60,10 @@
graph: psgraphs pdfgraphs
psgraphs: graphs/fig1.eps graphs/fig2a.eps graphs/fig34.eps \
- graphs/fig5a.eps graphs/fig6.eps
+ graphs/fig5a.eps graphs/fig5c.eps graphs/fig5d.eps graphs/fig6.eps
pdfgraphs: graphs/fig1.pdf graphs/fig2a.pdf graphs/fig34.pdf \
- graphs/fig5a.pdf graphs/fig6.pdf
+ graphs/fig5a.pdf graphs/fig5c.pdf graphs/fig5d.pdf graphs/fig6.pdf
%.pdf: %.eps
epstopdf $<
@@ -164,6 +166,22 @@
$(POSTPROC) results/trial5b.analyzed \
pA p50_1_2 pOn pl pD l > tmp/fig5b-x.dat
+tmp/fig5c-10-1-2.dat: results/trial5c.analyzed Makefile tmp
+ for D in 10 60; do \
+ for L in 1 4; do \
+ for pad in 2 4; do \
+ $(POSTPROC) results/trial5c.analyzed \
+ sm=1 pl=$$pad pD=$$D l=$$L pOn p50_all > tmp/fig5c-$$D-$$L-$$pad.dat; \
+ done \
+ done \
+ done
+
+tmp/fig5d-5d.dat: results/trial5d.analyzed Makefile tmp
+ $(POSTPROC) results/trial5d.analyzed l=1 bg=125 pA=60 m=32 pD p50_all \
+ > tmp/fig5d-5d.dat
+ $(POSTPROC) results/trial34r.analyzed l=1 bg=125 pA=60 m=32 pD p50_all\
+ > tmp/fig5d-3r.dat
+
fig5a: tmp/fig5a-4-10.dat scripts/fig5a.gp
gnuplot scripts/fig5a.gp scripts/viewpost.gp
@@ -176,6 +194,19 @@
graphs/fig5b.eps: tmp/fig5b-1-10.dat scripts/fig5b.gp
OUT=fig5b gnuplot scripts/pspre.gp scripts/fig5b.gp
+fig5c: tmp/fig5c-10-1-2.dat scripts/fig5c.gp
+ gnuplot scripts/fig5c.gp scripts/viewpost.gp
+
+graphs/fig5c.eps: tmp/fig5c-10-1-2.dat scripts/fig5c.gp
+ OUT=fig5c gnuplot scripts/pspre.gp scripts/fig5c.gp
+
+fig5d: tmp/fig5d-5d.dat scripts/fig5d.gp
+ gnuplot scripts/fig5d.gp scripts/viewpost.gp
+
+graphs/fig5d.eps: tmp/fig5d-5d.dat scripts/fig5d.gp
+ OUT=fig5d gnuplot scripts/pspre.gp scripts/fig5d.gp
+
+
#========== CASE 6
tmp/fig6-10.dat: results/trial6.analyzed Makefile tmp
@@ -188,4 +219,15 @@
gnuplot scripts/fig6.gp scripts/viewpost.gp
graphs/fig6.eps: tmp/fig6-10.dat scripts/fig6.gp
- OUT=fig6 gnuplot scripts/pspre.gp scripts/fig6.gp
\ No newline at end of file
+ OUT=fig6 gnuplot scripts/pspre.gp scripts/fig6.gp
+
+#========== CASE 7
+
+tmp/fig7a.dat: results/trial7a.analyzed Makefile tmp
+# for bg in 128 1024 8192 65536; do
+ $(POSTPROC) results/trial7a.analyzed \
+ bg p50_all N pA l pD > tmp/fig7a.dat
+# done
+
+fig7a: tmp/fig7a.dat scripts/fig7a.gp
+ gnuplot scripts/fig7a.gp scripts/viewpost.gp
Index: e2e-traffic.pdf
===================================================================
RCS file: /home/freehaven/cvsroot/doc/e2e-traffic/e2e-traffic.pdf,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
Binary files /tmp/cvsBiLDPt and /tmp/cvsKbhoSW differ
Index: e2e-traffic.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/e2e-traffic/e2e-traffic.tex,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -d -r1.42 -r1.43
--- e2e-traffic.tex 30 Apr 2004 12:32:08 -0000 1.42
+++ e2e-traffic.tex 1 May 2004 02:15:08 -0000 1.43
@@ -652,16 +652,23 @@
elements of Alice's $\V{v}$ and the background $\V{u}$ are now
disjoint, and thus easier for the attacker to separate.
-It's also possible that the partitioning may not be so perfect: sometimes
-many senders will send messages in the same class. For
-example, two binary documents written in the same version of MS Word
-or encrypted with the same version of PGP are more likely to be written by
-the same sender than two messages
-selected at random.
+It's also possible that the partitioning may not be complete: sometimes many
+senders will send messages in the same class. For example, two binary
+documents written with the same version of MS Word are more likely to be
+written by the same sender than two messages selected at
+random.\footnote{Encrypting all messages end-to-end would address most of
+ these attacks, but is often difficult in practice. Most recipients do not
+ run anonymity software, and many don't even have support for encrypted
+ email or encrypted SMTP links. Thus, many messages still leave today's mix
+ networks in plaintext. Furthermore, today's most popular email encryption
+ standards (such as PGP and SMIME) have enough variation for an attacker to
+ narrow down which implementations could have generated a given message.}
+
%Linkages may be more abstract: a
%sophisticated attacker could check for the presence of certain
%keywords and try to link messages based on their textual content.
+
To exploit these scenarios, the attacker
chooses a set of $c$ partitioning classes (such as languages or
patterns of use), and assigns to each observed output
@@ -687,10 +694,12 @@
Finally, the attacker may have reason to believe that some messages
are more likely to have been sent by the target user than others. For
example, if we believe that Alice
-knows psychology but not astrophysics, then we will
+studies psychology but not astrophysics, then we will
naturally suspect that a message about psychology
is more likely to come from Alice than is a message
-about astrophysics.
+about astrophysics. Similarly, if users have different views of the network,
+then an attacker will suspect messages exiting from mixes Alice probably
+doesn't know about less than other messages.
To exploit this knowledge, an attacker can (as suggested in the
original statistical disclosure paper)
@@ -703,11 +712,6 @@
%message, and $1/150$ to each element corresponding to an unlikely
%message.
-% Maybe also mention: What if Alice gets her stats from a given source,
-% and so prefers different exits? NMNM
-
-% Mention encryption and why people don't. NMNM
-
%======================================================================
\section{Simulation results}
\label{sec:simulation}
@@ -757,13 +761,13 @@
\begin{figure}
\begin{minipage}[t]{5.75cm}
\mbox{\epsfig{angle=0,figure=graphs/fig1,width=6cm}}
-\caption{Statistical disclosure model: Median rounds to guess all recipients}
+\caption{Statistical disclosure model: median rounds to guess all recipients}
\label{fig1}
\end{minipage}
\hfill
\begin{minipage}[t]{5.75cm}
\mbox{\epsfig{angle=0,figure=graphs/fig2a,width=6cm}}
-\caption{Unknown background: Median rounds to guess all recipients}
+\caption{Unknown background: median rounds to guess all recipients}
\label{fig2a}
\end{minipage}
\hfill
@@ -855,7 +859,7 @@
\begin{figure}[ht]
\centering
\mbox{\epsfig{angle=0,figure=graphs/fig34,width=4in}}
-\caption{Pool mixes and mix networks: Median rounds to guess all recipients}
+\caption{Pool mixes and mix networks: median rounds to guess all recipients}
\label{fig34}
\end{figure}
@@ -897,21 +901,11 @@
each round according to a geometric distribution with parameter $\Pjunk$,
independent of her number of real messages.
-In our second padding strategy
-(`imperfect threshold padding'), we assume that Alice attempts to implement
-the otherwise unbreakable threshold padding strategy (always send $M$
-messages total
-in every round, adding dummies up to $M$ and delaying messages after $M$ as
-necessary), but that she is only sometimes online, and cannot
-send real messages or padding when she is not. (This last deviation in
-particular will be typical for any real-world user attempting to implement
-threshold padding in a world of unreliable hardware and network
-connections.)
-
-Our final dummy traffic simulation assumes that Alice performs threshold
-padding consistently, but that the attacker had a chance to acquire a view of
-the network's background behavior before Alice first came online.
-%NMNM say why this is realistic.
+This strategy slows the attack, but does not {\it necessarily} stop it. As
+shown in Figure~\ref{fig5a}, independent geometric padding is most helpful
+when the underlying mix network has a higher variability in message delay to
+`spread' the padding between rounds. Otherwise, Alice must send far more
+padding messages to confuse the attacker.
\begin{figure}
\begin{minipage}[t]{5.75cm}
@@ -929,13 +923,42 @@
\hfill
\end{figure}
-Padding slows the attack, but does not {\it necessarily} stop it. As shown in
-Figure~\ref{fig5a}, geometric padding is most helpful when the underlying
-mix network has a higher variability in message delay to `spread' the padding
-between rounds. Otherwise, Alice must send far more padding
-messages to confuse the attacker.
+In our second padding strategy
+(``imperfect threshold padding''), we assume that Alice attempts to implement
+the otherwise unbreakable threshold padding strategy (always send $M$
+messages total
+in every round, adding dummies up to $M$ and delaying messages after $M$ as
+necessary), but that she is only sometimes online (with probability
+$\Ponline$), and cannot
+send real messages or padding when she is offline. (This
+will be typical for most real-world users attempting to implement
+threshold padding in a world of unreliable hardware and network
+connections.)
-\XXXX{Fill in discussion of 5c and 5d once the last results are in. NMNM}
+Figure~\ref{fig5c} shows the result of imperfect threshold padding. As
+before, Alice benefits most from padding in networks with more variable
+delays. Interestingly, in the low delay-variability cases (short paths, low
+$\Pdelay$), padding does not thwart the attack even when Alice is online
+$99\%$ of the time.
+
+For our final dummy traffic simulation, we assumed that Alice performs
+threshold padding consistently, but that the attacker has had a chance to
+acquire a view of the network's background behavior before Alice first came
+online.\footnote{As usual, we assume that the background traffic patterns are
+ unchanging. If background traffic changes significantly over time, Alice
+ can defeat this attack by joining the network, sending nothing but padding
+ until the network's background characteristics have changed on their own,
+ and only then beginning to send her messages.} Here, our goal was to
+confirm our earlier suspicion that padding helps not by disguising how many
+messages Alice sends, but by preventing the attacker from learning how the
+network acts in Alice's absence.
+
+We present our results in Figure~\ref{fig5d}, which compares the results
+when Alice uses consistent threshold padding and the attacker knows the
+background to results when Alice uses no padding and the background is
+unknown.
+\XXXX{Describe these when more data is in. Basically, delay just doesn't
+ help when background is known. NMNM}
\subsubsection{The impact of partial observation:}
%\label{subsec:sim-partial}
@@ -955,11 +978,20 @@
the attacker with probability $\Pobserve=f$. The attacker sees a message
when it enters {\it and} when it exits with probability $({\Pobserve})^2$.
-\begin{figure}[ht]
-\centering
-\mbox{\epsfig{angle=0,figure=graphs/fig6,width=4in}}
-\caption{Partial observation: Median rounds to guess all recipients}
+
+\begin{figure}
+\begin{minipage}[t]{5.75cm}
+\mbox{\epsfig{angle=0,figure=graphs/fig5d,width=6cm}}
+\caption{Perfect padding, prior background known: median rounds to guess all recipients}
+\label{fig5d}
+\end{minipage}
+\hfill
+\begin{minipage}[t]{5.75cm}
+\mbox{\epsfig{angle=0,figure=graphs/fig6,width=6cm}}
+\caption{Partial observation: median rounds to guess all recipients}
\label{fig6}
+\end{minipage}
+\hfill
\end{figure}
The results in Figure~\ref{fig6} show that the attacker can still implement a
@@ -970,7 +1002,7 @@
harder. Finally, as $\Pobserve$ approaches $0$, the required number of
rounds approaches infinity.
-\XXXX{Pseudonyms}
+\XXXX{Pseudonyms--can I say anything?}
%======================================================================
\section{Conclusions}
@@ -1114,8 +1146,9 @@
\section*{Acknowledgments}
Thanks go to Gerald Britton, Geoffrey Goodell, Novalis, Pete St. Onge, Peter
Palfrader, Alistair Riddoch, and Mike Taylor for letting us run our
-simulations on their computers; and to George Danezis for his comments on
-drafts of this paper.
+simulations on their computers; to Peter Palfrader for helping us with
+information on the properties of the Mixmaster network; and to George Danezis
+for his comments on drafts of this paper.
%======================================================================
\bibliographystyle{plain} \bibliography{e2e-traffic}
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/