[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] Fixed typos, clarified low-latency network-level iss...
Update of /home2/freehaven/cvsroot/doc/pynchon-gate
In directory moria:/tmp/cvs-serv26606
Modified Files:
pynchon.bib pynchon.tex
Log Message:
Fixed typos, clarified low-latency network-level issues, converted to
sig-alternate.cls for ACM, added ACM header/keyword info.
Index: pynchon.bib
===================================================================
RCS file: /home2/freehaven/cvsroot/doc/pynchon-gate/pynchon.bib,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- pynchon.bib 20 Sep 2004 12:34:56 -0000 1.21
+++ pynchon.bib 31 Aug 2005 22:06:05 -0000 1.22
@@ -318,6 +318,17 @@
year = "1999",
url = "citeseer.ist.psu.edu/whitten99why.html",
url = "citeseer.nj.nec.com/whitten99why.html" }
+
+@inproceedings{torta05,
+ title = {Low-Cost Traffic Analysis of {Tor}},
+ author = {Steven J. Murdoch and George Danezis},
+ booktitle = {Proceedings of the 2005 IEEE Symposium on Security and Privacy},
+ year = {2005},
+ month = {May},
+ publisher = {IEEE CS},
+ www_pdf_url = {http://www.cl.cam.ac.uk/users/sjm217/papers/oakland05torta.pdf},
+ www_section = {Traffic analysis},
+}
@article{beimel01informationtheoretic,
author = {Amos Beimel and Yuval Ishai},
Index: pynchon.tex
===================================================================
RCS file: /home2/freehaven/cvsroot/doc/pynchon-gate/pynchon.tex,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -d -r1.68 -r1.69
--- pynchon.tex 4 Jul 2005 15:13:53 -0000 1.68
+++ pynchon.tex 31 Aug 2005 22:06:05 -0000 1.69
@@ -1,4 +1,5 @@
-\documentclass[runningheads]{llncs}
+\documentclass{sig-alternate}
+%\documentclass{sig-alt-full}
%
% TODO:
% o Revise design section, make it correct. (NM, LS)
@@ -14,12 +15,15 @@
% Tighten the 'beforeskip' on subsubsection; don't waste so much vertical
% space.
-\makeatletter
-\renewcommand\subsubsection{\@startsection{subsubsection}{3}{\z@}%
- {-5\p@}%
- {-0.5em \@plus -0.22em \@minus -0.1em}%
- {\normalfont\normalsize\bfseries\boldmath}}
-\makeatother
+
+%%%
+
+%\makeatletter
+%\renewcommand\subsubsection{\@startsection{subsubsection}{3}{\z@}%
+% {-5\p@}%
+% {-0.5em \@plus -0.22em \@minus -0.1em}%
+% {\normalfont\normalsize\bfseries\boldmath}}
+%\makeatother
\usepackage{url}
\usepackage{graphics}
@@ -42,23 +46,24 @@
\begin{document}
+\conferenceinfo{WPES'05,} {November 7, 2005, Alexandria, Virginia, USA.}
+\CopyrightYear{2005}
+\crdata{1-59593-228-3/05/0011}
+
\title{The Pynchon Gate}
\subtitle{A Secure Method of Pseudonymous Mail Retrieval}
-\author{Len Sassaman\inst{1} \and Bram Cohen\inst{2} \and Nick Mathewson\inst{3}}
-
-\institute{K. U. Leuven ESAT-COSIC \\
- Kasteelpark Arenberg 10, \\
- B-3001 Leuven-Heverlee, Belgium \\
-\email{len.sassaman@xxxxxxxxxxxxxxxxxxx}
-\and
-BitTorrent \\
- 227 Bellevue Way NE, Suite 152, \\
- Bellevue, WA 98004 USA \\
-\email{bram@xxxxxxxxxxxxxxx}
-\and
- The Free Haven Project\\
-\email{nickm@xxxxxxxxxxxxx}
+\numberofauthors{3}
+\author{
+\alignauthor Len Sassaman\\
+ \affaddr{Katholieke Universiteit Leuven}\\
+ \email{len.sassaman@xxxxxxxxxxxxxxxx}
+\alignauthor Bram Cohen\\
+ \affaddr{BitTorrent}\\
+ \email{bram@xxxxxxxxxxxxxxx}
+\alignauthor Nick Mathewson\\
+ \affaddr{The Free Haven Project}\\
+ \email{nickm@xxxxxxxxxxxxx}
}
\maketitle
@@ -84,6 +89,17 @@
%countermeasures to basic attacks against the system.
\end{abstract}
+
+%%%%%%%%%%%%%%%%%%%
+
+\category{C.2.4}{Distributed Systems}{Client/server}
+\vspace*{-0.1in}
+\terms{Design, Security}
+\vspace*{-0.1in}
+\keywords{anonymity, mix networks, private information retrieval}
+
+%%%%%%%%%%%%%%%%%%%%
+
\section{Introduction}
Pseudonymous messaging services seek to provide users with a way to send
messages that originate at a pseudonymous address (or ``nym'') unlinked to
@@ -170,11 +186,11 @@
public key associated with her pseudonym. Thus, these designs focus on how
to {\it receive} messages sent to a pseudonymous address.
-\subsubsection{Reply blocks and return addresses.}
+\subsubsection{Reply blocks and return addresses.}
In 1981, Chaum~\cite{chaum-mix} described a method of using \emph{return
addresses}
in mix-nets: recipients encode a reply path, and allow senders to affix
-messages to the encoded path. As the message modes through the network, the
+messages to the encoded path. As the message moves through the network, the
path is decoded and the message encoded at each hop, until an encoded message
reaches its eventual recipient. This system relies upon all selected
component nodes of the chosen path remaining operational in order for mail to be
@@ -203,7 +219,8 @@
(Mixminion~\cite{mixminion}) systems do not permit multiple-use reply
blocks, and prevent replay attacks~\cite{replay}.
-\subsubsection{Single-use reply blocks.}
+\subsubsection{Single-use reply blocks.}
+
While the Type II system does not support anonymous
reply blocks, the Type III (Mixminion) system introduces single-use reply
blocks
@@ -227,6 +244,7 @@
whom~\cite{statistical-disclosure}.
\subsubsection {Network-level client anonymity.}
+
The ZKS Freedom Network~\cite{freedom2-arch} provided anonymous access
to a POP3 server~\cite{freedom2-mail}, enabling its users to maintain
pseudonyms using standard email protocols. Freedom was discontinued due to
@@ -234,16 +252,17 @@
Other network-level anonymity systems, such as
Pipenet~\cite{pipenet}, Onion Routing~\cite{goldschlag96}, the Java Anon
Proxy~\cite{jap}, or Tor~\cite{tor-design}, could be used
-in much the same fashion; unfortunately, they also suffer the same
-barriers to deployment~\cite{fiveyearslater}. % The Java Anonymous
-%Proxy~\cite{jap} has had greater adoption, but has suffered an anonymity
-%compromise~\cite{jap-backdoor,jap-pr}.
-Low-latency anonymity systems such as these are also far more susceptible to
-traffic analysis methods such as end-to-end timing attacks than are
-high-latency mix
-networks~\cite{danezis-pet2004,gd-thesis,mixmaster-reliable}.
+in much the same fashion; unfortunately, they are at risk for the same
+barriers to widespread deployment~\cite{fiveyearslater}. Attempts to address
+the practical barriers to deployment of low-latency anonymity systems have resulted
+in systems which are at greater risk to traffic analysis methods such as end-to-end
+timing attacks~\cite{danezis-pet2004,gd-thesis,torta05,mixmaster-reliable} It is possible
+that such a low-latency system may be developed which is both secure against
+end-to-end analysis and cost-effective to operate, but no such system has yet
+been proven feasible.
+
+\subsubsection{Network-level server anonymity.}
-\subsubsection{Network-level server anonymity.}
The second generation implementation of Onion Routing, Tor~\cite
{tor-design}, implements rendezvous points~\cite {ian-thesis} that allow
users to offer location-hidden services. A user wishing to anonymously
@@ -256,7 +275,8 @@
anonymity systems for anonymous mail receipt; however, they do not address
the previously mentioned concerns with these anonymity systems.
-\subsubsection{Re-encryption mixes.}
+\subsubsection{Re-encryption mixes.}
+
Re-encryption mixes~\cite{universal} aim to improve the reliability of
anonymous message systems. Recent work has shown that re-encryption mixes
can be used to facilitate anonymous message replies~\cite
@@ -269,6 +289,7 @@
time the message is retrieved.
\subsubsection{Broadcast messages and dead-drops.}
+
Chaum discusses a traffic-analysis prevention method wherein all reply
mail in the anonymous mail system is sent to all possible recipients. A
less invasive optimization has already been implemented in the form of
@@ -466,7 +487,8 @@
that a client wishes to retrieve mail, the system handles distributor node failure in a
graceful manner.
-\subsubsection{The PIR Protocol}
+\subsubsection{The PIR Protocol}
+
\label{subsec:protocol-design}
This simple PIR protocol allows a client to retrieve a
bucket from $k$ chosen distributors, so that an attacker cannot tell which
@@ -479,7 +501,7 @@
to prevent man-in-the-middle attacks, and can be made sequentially or in
parallel.
-The client the client sends a different ``random-looking'' bit vector
+The client sends a different ``random-looking'' bit vector
$v_{sb}$ to each distributor $s$, for each bucket $b$ to be retrieved. Each
bit vector has a length equal to the number of buckets in the pool. Each
distributor $s$ then
@@ -520,9 +542,9 @@
%which has been proposed as the basis for the Mixminion nym
%servers~\cite{imap-over-minion}.}
-\section{Known attacks against pseudonymity systems}
+\section{Attacks against pseudonymity systems}
\label{sec:security}
-Most attacks on pseudonymity systems fall into one of the
+Most known attacks on pseudonymity systems fall into one of the
following categories.
\subsubsection{Legal and hacking attacks.}
@@ -558,7 +580,8 @@
and discard $\SUBKEY(j,i)$. After each cycle, the nymserver should discard
the last $\SUBKEY(j,i)$, and $\UserID{}[i]$.
-\subsubsection{Mix attacks.}
+\subsubsection{Mix attacks.}
+
Since we rely on mix networks, we must be concerned with attacks
against them.
Furthermore, reply-block-based nym server systems require additional
@@ -568,7 +591,8 @@
that do not work against a mix-net in normal forward-delivery mode will
not impact the Pynchon Gate.
-\subsubsection{Man-in-the-middle attacks.}
+\subsubsection{Man-in-the-middle attacks.}
+
An attacker able to pose as a user's chosen distributors could trivially
see all $k$ PIR requests. We use TLS authentication to prevent this attack.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxx with
unsubscribe freehaven-cvs in the body. http://freehaven.net/