[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] Several small changes from notes by Cathy.

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] Several small changes from notes by Cathy.
From: syverson@seul.org
Date: Fri, 9 Jan 2004 12:37:13 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Fri, 09 Jan 2004 12:37:40 -0500
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net

Update of /home/freehaven/cvsroot/doc/rta04
In directory moria.mit.edu:/tmp/cvs-serv2519/rta04

Modified Files:
	nato-rta04.tex 
Log Message:
Several small changes from notes by Cathy.


Index: nato-rta04.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/rta04/nato-rta04.tex,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- nato-rta04.tex	8 Jan 2004 20:43:31 -0000	1.7
+++ nato-rta04.tex	9 Jan 2004 17:37:11 -0000	1.8
@@ -87,7 +87,7 @@
 % Can we be more specific than 'the military'?
 The military has many reasons to communicate over open
 networks without revealing its communications partners.
-This assists intelligence gathering from open Internet
+Communicating in this way assists intelligence gathering from open Internet
 sources, rapid formation of dynamic coalitions without an existing
 shared private infrastructure between members, and
 private communication with vendors to help conceal procurement
@@ -102,7 +102,8 @@
 secure shell remote login, and instant messaging. The current design
 and implementation, Tor, improves on the
 original \cite{or-ih96,or-jsac98,or-discex00,or-pet00} by providing
-perfect forward secrecy, interfacing to unmodified applications via
+perfect forward secrecy (see Section~\ref{sec:assumptions}),
+interfacing to unmodified applications via
 SOCKS, multiplexing application connections on Onion Routing circuits,
 adding congestion control adding integrity checking, and including a
 rendezvous points design that protects the responder of a connection in
@@ -125,7 +126,7 @@
 better protection and yet less redundancy than standard approaches to
 distributed denial of service.  In this paper we provide a brief
 overview of the Tor design. More detailed description is given in
-\cite{tor-design}, from which much of the present paper is extracted.
+\cite{tor-design}.
 As we describe the system design, we will note how Onion Routing can
 be used to protect military communications in the above described
 settings.
@@ -159,7 +160,7 @@
 prevent an attacker who can eavesdrop both ends of the communication
 from correlating the timing and volume of traffic entering the
 anonymity network with traffic leaving it.  These protocols are also
-vulnerable against active attacks in which an adversary introduces
+vulnerable to active attacks in which an adversary introduces
 timing patterns into traffic entering the network and looks for
 correlated patterns among exiting traffic.  Although some work has
 been done to frustrate these attacks, most designs protect primarily
@@ -196,7 +197,8 @@
 \textbf{Diversity:} If all onion routers were operated by the defense
 department or ministry of a single nation and all users of the network
 were DoD users, then traffic patterns of individuals, enclaves, and
-commands might be protected. However, any traffic emerging from the
+commands can be protected from hostile observers, whether external
+or internal. However, any traffic emerging from the
 Onion Routing network to the Internet would still be recognized as coming
 from the DoD, since the network would only carry DoD traffic.
 Therefore, it is necessary that the Onion Routing
@@ -235,7 +237,8 @@
 \textbf{Flexibility:} The protocol must be flexible and
 well-specified, so Tor can serve as a test-bed for future research.
 Many of the open problems in low-latency anonymity networks, such as
-generating dummy traffic or preventing Sybil attacks \cite{sybil}, may
+generating dummy traffic or preventing Sybil attacks (where one entity
+masquerades as many) \cite{sybil}, may
 be solvable independently from the issues solved by Tor. Hopefully
 future systems will not need to reinvent Tor's design.  (But note that
 while a flexible design benefits researchers, there is a danger that
@@ -257,7 +260,8 @@
 \textbf{Not peer-to-peer:} Tarzan and MorphMix aim to scale to completely
 decentralized peer-to-peer environments with thousands of short-lived
 servers, many of which may be controlled by an adversary.  This approach
-is appealing, but still has many open problems
+is appealing, but still has many open problems, such as greater affects
+of Sybil attacks and greater network dynamics
 \cite{tarzan:ccs02,morphmix:fc04}.
 
 \textbf{Not secure against end-to-end attacks:} We do not claim that
@@ -340,7 +344,8 @@
 a normal user-level process without any special privileges. Each onion
 router maintains a long-term TLS \cite{TLS} connection to every other
 onion router. Using TLS conceals the data on the connection with perfect
-forward secrecy, and prevents an attacker from modifying data on the wire
+forward secrecy (see below),
+and prevents an attacker from modifying data on the wire
 or impersonating an OR. Each user runs local software called an onion
 proxy (OP) to fetch directories, establish circuits across the network,
 and handle connections from user applications. These onion proxies accept
@@ -488,7 +493,8 @@
 For example, delays (accidental or intentional) that can cause different
 parts of the network to have different views of link-state and topology
 are not only inconvenient: they give attackers an opportunity to
-exploit differences in client knowledge.  We also worry about attacks to
+exploit differences in client knowledge, by observing induced
+differences in client behavior. We also worry about attacks to
 deceive a client about the router membership list, topology, or current
 network state. Such \emph{partitioning attacks} on client knowledge
 help an adversary to efficiently deploy resources against a target
@@ -604,8 +610,10 @@
 exceed her bandwidth. In this way DSL users can usefully join the Tor
 network.
 
-\emph{Incentives:} Volunteers who run nodes are rewarded with publicity
-and possibly better anonymity \cite{econymics}. More nodes means increased
+\emph{Incentives:} Volunteers who run nodes are rewarded with
+potentially better anonymity, and those who value the notoriety
+can be rewarded with publicity \cite{econymics}.
+More nodes means increased
 scalability, and more users can mean more anonymity. We need to continue
 examining the incentive structures for participating in Tor.
 

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Prev by Author: [freehaven-cvs] A few minor rewordings and corrections. Probably OK ...
Next by Author: [freehaven-cvs] Two little typos
Previous by thread: [freehaven-cvs] next wave of sims
Next by thread: [freehaven-cvs] Two little typos
Index(es):
- Author
- Thread