[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freehaven-cvs] Added (Pre-proceedings Draft) to the title. Reworded...

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] Added (Pre-proceedings Draft) to the title. Reworded...
From: syverson@seul.org
Date: Mon, 16 Dec 2002 16:24:21 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Mon, 16 Dec 2002 16:24:24 -0500
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net
Update of /home/freehaven/cvsroot/doc/fc03
In directory moria.mit.edu:/tmp/cvs-serv16925

Modified Files:
	econymics.bib econymics.ps econymics.tex 
Log Message:
Added (Pre-proceedings Draft) to the title. Reworded several paragraphs
and bib entries to shorten them by a line to compensate. A few other small
changes. Added a reference.


Index: econymics.bib
===================================================================
RCS file: /home/freehaven/cvsroot/doc/fc03/econymics.bib,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- econymics.bib	15 Dec 2002 09:02:44 -0000	1.13
+++ econymics.bib	16 Dec 2002 21:24:14 -0000	1.14
@@ -15,7 +15,7 @@
 @InProceedings{back01,
   author = 	 {Adam Back and Ulf M\"oller and Anton Stiglic},
   title = 	 {Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems},
-  booktitle = 	 {Information Hiding, 4th International Workshop (IH 2001)},
+  booktitle = 	 {Information Hiding (IH 2001)},
   pages =	 {245--257},
   year =	 2001,
   editor =	 {Ira S. Moskowitz},
@@ -53,10 +53,10 @@
                   Hopwood and David Molnar}, 
   title =       {{A Reputation System to Increase MIX-net
                   Reliability}}, 
-  booktitle = 	 {Information Hiding, 4th International Workshop (IH 2001)},
+  booktitle = 	 {Information Hiding (IH 2001)},
   pages =	 {126--141},
   year =	 2001,
-  editor =	 {Ira Moskowitz},
+  editor =	 {Ira S. Moskowitz},
   publisher =	 {Springer-Verlag, LNCS 2137},
   note =        {\url{http://www.freehaven.net/papers.html}},
 }
@@ -167,7 +167,7 @@
   author = 	 {Andrei Serjantov and Roger Dingledine and Paul Syverson},
   title = 	 {From a Trickle to a Flood: Active Attacks on Several
                   Mix Types}, 
-  booktitle = 	 {Information Hiding, 5th International Workshop (IH 2002)},
+  booktitle = 	 {Information Hiding (IH 2002)},
   year =	 2002,
   editor =	 {Fabien Petitcolas},
   publisher =	 {Springer-Verlag, LNCS (forthcoming)},
@@ -223,3 +223,14 @@
   publisher =	 {Springer Verlag, LNCS 2009},
   note = 	 {\url{http://citeseer.nj.nec.com/syverson00towards.html}}
 }
+
+@InProceedings{gup,
+  author = 	 {Stuart G. Stubblebine and Paul F. Syverson},
+  title = 	 {Authentic Attributes with Fine-Grained Anonymity Protection},
+  booktitle = 	 {Financial Cryptography (FC 2000)},
+  pages =	 {276--294},
+  year =	 2001,
+  editor =	 {Yair Frankel},
+  publisher =	 {Springer-Verlag, LNCS 1962}
+}
+

Index: econymics.ps
===================================================================
RCS file: /home/freehaven/cvsroot/doc/fc03/econymics.ps,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- econymics.ps	13 Dec 2002 22:00:54 -0000	1.5
+++ econymics.ps	16 Dec 2002 21:24:14 -0000	1.6
@@ -8,7 +8,7 @@
 %%EndComments
 %DVIPSCommandLine: dvips econymics.dvi -o econymics.ps
 %DVIPSParameters: dpi=600, comments removed
-%DVIPSSource:  TeX output 2002.12.12:1802
+%DVIPSSource:  TeX output 2002.12.16:1619
 %%BeginProcSet: tex.pro
 /TeXDict 250 dict def TeXDict begin /N{def}def /B{bind def}N /S{exch}N
 /X{S N}B /TR{translate}N /isls false N /vsize 11 72 mul N /hsize 8.5 72
@@ -58,7 +58,7 @@
 a}B /bos{/SS save N}B /eos{SS restore}B end
 %%EndProcSet
[...6079 lines suppressed...]
+4101 y(anon)n(ymit)n(y)-6 b(.)47 b(In)30 b(Roger)h(Dingledine)g(and)g
+(P)n(aul)g(Syv)n(erson,)f(editors,)i Fa(Privacy)h(Enhancing)663
+4193 y(T)-6 b(e)l(chnolo)l(gies)29 b(\(PET)e(2002\))p
+Fp(.)h(Springer)d(V)-6 b(erlag,)27 b(LNCS)e(2482,)i(2002.)523
+4284 y(22.)43 b(Andrei)22 b(Serjan)n(to)n(v,)i(Roger)g(Dingledine,)g
+(and)f(P)n(aul)h(Syv)n(erson.)30 b(F)-6 b(rom)22 b(a)i(tric)n(kle)g(to)
+f(a)h(\015o)r(o)r(d:)663 4375 y(Activ)n(e)36 b(attac)n(ks)g(on)h(sev)n
+(eral)g(mix)e(t)n(yp)r(es.)66 b(In)36 b(F)-6 b(abien)36
+b(P)n(etitcolas,)j(editor,)e Fa(Information)663 4467
+y(Hiding)27 b(\(IH)g(2002\))p Fp(.)g(Springer-V)-6 b(erlag,)26
+b(LNCS)g(\(forthcoming\),)g(2002.)523 4558 y(23.)43 b(Stuart)17
+b(G.)h(Stubblebine)f(and)g(P)n(aul)h(F.)g(Syv)n(erson.)j(Authen)n(tic)
+16 b(attributes)i(with)g(\014ne-grained)663 4649 y(anon)n(ymit)n(y)j
+(protection.)31 b(In)23 b(Y)-6 b(air)23 b(F)-6 b(rank)n(el,)23
+b(editor,)h Fa(Financial)h(Crypto)l(gr)l(aphy)k(\(F)n(C)c(2000\))p
+Fp(,)663 4741 y(pages)h(276{294.)j(Springer-V)-6 b(erlag,)26
+b(LNCS)f(1962,)j(2001.)p eop
 %%Trailer
 end
 userdict /end-hook known{end-hook}if

Index: econymics.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/fc03/econymics.tex,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -d -r1.46 -r1.47
--- econymics.tex	16 Dec 2002 11:20:54 -0000	1.46
+++ econymics.tex	16 Dec 2002 21:24:15 -0000	1.47
@@ -11,7 +11,8 @@
 %\title{Issues in the Economics of Anonymity}
 %\title{Topics in the Economics of Anonymity}
 %\title{The Economics of Anonymity}
-\title{On the Economics of Anonymity}
+\title{On the Economics of Anonymity\\
+(Pre-proceedings Draft)}
 \author{Alessandro Acquisti\inst{1} \and Roger Dingledine\inst{2} \and Paul Syverson\inst{3}}
 \institute{SIMS, UC Berkeley
 \email{(acquisti@sims.berkeley.edu)}
@@ -92,9 +93,10 @@
 such commercial proxies are forced to trust them to protect traffic
 information.  Many users, particularly large organizations, are rightly
 hesitant to use an anonymity infrastructure they do not control.  However,
-running one's own system won't work: a system that carries traffic
-for only one organization cannot protect that organization from being
-identified. Nodes must carry traffic from others to provide cover.
+on an open network such as the Internet, running one's own system won't work:
+a system that carries traffic for only one organization will not hide the
+traffic entering and leaving that organization. 
+Nodes must carry traffic from others to provide cover.
 %Yet those others don't want to trust their
 %traffic to a single entity either.
 The only viable solution is to distribute trust. Each party can choose
@@ -109,7 +111,7 @@
 nodes. In addition to the complexities of configuring current anonymity
 software, running a node costs a significant amount of bandwidth and
 processing power, most of which is used by `freeloading' users who do
-not themselves run nodes. Furthermore, when administrators are faced with
+not themselves run nodes. Moreover, when administrators are faced with
 abuse complaints concerning illegal or antisocial use of their systems,
 the very anonymity that they're providing precludes the usual solution
 of suspending users or otherwise holding them accountable.
@@ -167,7 +169,7 @@
 not having their messages tracked. Different agents might value
 anonymity differently.
 
-Each agent $i$ (where $i=(1,...,N)$ and $N$ is the number of
+An agent $i$ (where $i=(1,...,N)$ and $N$ is the number of
 potential participants in the mix-net) bases her strategy on the
 following possible actions $a_{i}$:
 
@@ -619,6 +621,7 @@
 
 Our goal is to highlight the economic rationale implicit in the
 above inequalities. In the first case agent $i$ is comparing the
+benefits of the
 contribution to her own anonymity of acting as a node to the
 costs. Acting as a node dramatically increases anonymity, but it
 will also bring more traffic-related costs to the agent. Agents
@@ -684,8 +687,8 @@
 like \cite{Diaz02,Serj02} do not directly translate into monotonic
 probability functions of the type traditionally used in game theory.
 Furthermore, the actual level of anonymity will depend on the mix-net
-protocol and topology (cascade-based or synchronous networks will provide
-larger anonymity sets than asynchronous networks where traffic is divided
+protocol and topology (synchronous networks will provide
+larger anonymity sets than asynchronous networks for the same traffic divided
 among the nodes).} Nevertheless, this framework can be mapped into the
 model analyzed in \cite{palfrey-rosenthal-89} where two players decide
 simultaneously whether to contribute to a public good.
@@ -808,7 +811,7 @@
 tend to collapse when the benefits from being a node are not very high
 compared to the costs. Paradoxically, it also breaks down when an
 agent trusts another so much that she prefers to delegate away the task
-of being a node. The above considerations however also hint to other
+of being a node. The above considerations however also hint at other
 possible solutions to reduce coordination costs. We now consider some
 other mechanisms that can make these systems economically viable.
 
@@ -854,7 +857,7 @@
 %cooperation.
 
 \item  \emph{``Special'' agents}. Such agents have a utility function
-which considers the social value of having an anonymous system, or are
+that considers the social value of having an anonymous system or are
 otherwise paid or supported to provide such service. %The support might
 %also come in form of reputation, as discussed below, or in financial
 %form.
@@ -879,7 +882,7 @@
 passing through the node), the high-sensitivity agents will
 gravitate to safe nodes, causing more traffic and improving their safety
 further (and lowering the safety of other nodes). In our model the
-system will stabilize with one or a few remailers. In reality, though,
+system will stabilize with one or a few mix nodes. In reality, though,
 $p_a$ is influenced not just by $n_h$ but
 also by jurisdictional diversity --- a given high-sensitivity sender is
 happier with a diverse set of mostly busy nodes than with a set of very busy
@@ -941,7 +944,8 @@
 and similar techniques rely on humans to make initial trust decisions, and
 then bound trust flow over a certification graph. However, so far none of
 these trust flow approaches have provided a clear solution to the problem.
-Another potential solution, a global PKI to ensure unique identities, is
+Another potential solution, a global PKI to ensure unique
+identities~\cite{gup}, is
 unlikely to emerge any time soon.
 
 \subsection{Dishonest Nodes vs.\ Lazy Nodes}
@@ -991,7 +995,7 @@
 Surveys and analysis on actual attacks on actual systems (e.g., \cite
 {nymserver98}) can help determine which forms of attacks are frequent, how
 dangerous they are, and whether economic incentives or technical answers are
-the best way to counter them.
+the best countermeasures.
 
 \subsection{Bootstrapping The System And Perceived Costs}
 \label{sec:bootstrapping}
@@ -1026,12 +1030,13 @@
 
 Note that here again reliability becomes an issue,
 since we must consider both the benefits from sending a message \textit{and }%
-keeping it anonymous. If the benefits of sending the message are not that
-high in first instance, then the agents with low sensitivity will
-have fewer incentives to spend anything to maintain anonymity of the message.
-Given that in our model we consider the costs and benefits of
-using a certain system, we can of course extend the analysis to the
-comparison between different systems with different costs/benefit
+keeping it anonymous. If the benefits of sending a message are not that
+high to begin with, then a low sensitivity agent will
+have fewer incentives to spend anything on the message's anonymity.
+We can also extend the analysis from our
+model that considers the costs and benefits of a single system
+to the
+comparison of different systems with different costs/benefit
 characteristics. We comment more on this in the conclusion.
 
 %Note in this case that the choice of agents with lower privacy sensitivity
@@ -1092,10 +1097,10 @@
 its node, it will have to generate them as dummy traffic in order not to pay
 a penalty.
 
-\item  Reliability. Related to the above, we should add reliability issues
+\item  Reliability. As noted above, we should add reliability issues
 to the model.
 
-\item  Strategic dishonest nodes. We have discussed above that it is
+\item  Strategic dishonest nodes. As we discussed, it is
 probably more economically sound for an agent to be a lazy node than an
 anonymity-attacking node. Assuming that strategic bad nodes can exist, we
 should study the incentives to act honestly or dishonestly and the effect on
@@ -1114,8 +1119,7 @@
 
 \item  Reputation. Reputation can have a powerful impact on the framework
 above in that it changes the assumption that traffic will distribute
-uniformly across nodes. We should study this extension more formally along
-the lines described above.
+uniformly across nodes. We should extend our analysis to study this more formally.
 
 \item  Information theoretic metric. We should extend the analysis of
 information theoretic metrics in order to formalize the functional forms in
@@ -1154,8 +1158,7 @@
 authority to redistribute payments may be more practical.
 \end{itemize}
 
-\section*{Acknowledgments}
-
+\section*{Acknowledgements}
 Work on this paper was supported by ONR.\@ Thanks to John
 Bashinski, Nick Mathewson, Hal Varian, and the anonymous referees
 for helpful comments.

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/
Prev by Date: [freehaven-cvs] more patches
Next by Date: [freehaven-cvs] One more small change I forgot.
Previous by thread: [freehaven-cvs] more patches
Next by thread: [freehaven-cvs] One more small change I forgot.
Index(es):
- Date
- Thread