[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] another iteration on the related work section
Update of /home/freehaven/cvsroot/doc/e2e-traffic
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/e2e-traffic
Modified Files:
e2e-traffic.bib e2e-traffic.tex
Log Message:
another iteration on the related work section
Index: e2e-traffic.bib
===================================================================
RCS file: /home/freehaven/cvsroot/doc/e2e-traffic/e2e-traffic.bib,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- e2e-traffic.bib 30 Jul 2003 18:46:58 -0000 1.1
+++ e2e-traffic.bib 9 Jan 2004 23:58:14 -0000 1.2
@@ -1,9 +1,7 @@
-
-
@Article{chaum-mix,
author = {David Chaum},
- title = {Untraceable electronic mail, return addresses, and digital
+ title = {Untraceable electronic mail, return addresses, and digital
pseudo-nyms},
journal = {Communications of the ACM},
year = {1982},
@@ -14,54 +12,147 @@
}
@inproceedings{pet2003-diaz,
- title = {Generalising Mixes},
- author = {Claudia D\'iaz and Andrei Serjantov},
+ title = {Generalising Mixes},
+ author = {Claudia D\'iaz and Andrei Serjantov},
booktitle = {Proceedings of the Privacy Enhancing Technologies workshop (PET 2003)},
- year = {2003},
- month = {March},
- editor = {Roger Dingledine},
- publisher = {Springer-Verlag, LNCS 2760},
- www_ps_gz_url = {http://www.esat.kuleuven.ac.be/~cdiaz/papers/DS03.ps.gz},
- www_important = {1},
- www_section = {Anonymous communication},
+ year = {2003},
+ month = {March},
+ editor = {Roger Dingledine},
+ publisher = {Springer-Verlag, LNCS 2760},
+ www_ps_gz_url = {http://www.esat.kuleuven.ac.be/~cdiaz/papers/DS03.ps.gz},
}
@inproceedings{trickle02,
- title = {From a Trickle to a Flood: Active Attacks on Several Mix Types},
- author = {Andrei Serjantov and Roger Dingledine and Paul Syverson},
- booktitle = {Proceedings of Information Hiding Workshop (IH 2002)},
- year = {2002},
- month = {October},
- editor = {Fabien Petitcolas},
- publisher = {Springer-Verlag, LNCS 2578},
- www_pdf_url = {http://freehaven.net/doc/batching-taxonomy/taxonomy.pdf},
- www_ps_url = {http://freehaven.net/doc/batching-taxonomy/taxonomy.ps},
- www_section = {Traffic analysis},
+ title = {From a Trickle to a Flood: Active Attacks on Several Mix Types},
+ author = {Andrei Serjantov and Roger Dingledine and Paul Syverson},
+ booktitle = {Proceedings of Information Hiding Workshop (IH 2002)},
+ year = {2002},
+ month = {October},
+ editor = {Fabien Petitcolas},
+ publisher = {Springer-Verlag, LNCS 2578},
+ www_pdf_url = {http://freehaven.net/doc/batching-taxonomy/taxonomy.pdf},
}
@inproceedings{limits-open,
- title = {Limits of Anonymity in Open Environments},
- author = {Dogan Kesdogan and Dakshi Agrawal and Stefan Penz},
- booktitle = {Proceedings of Information Hiding Workshop (IH 2002)},
- year = {2002},
- month = {October},
- editor = {Fabien Petitcolas},
- publisher = {Springer-Verlag, LNCS 2578},
- www_section = {Traffic analysis},
+ title = {Limits of Anonymity in Open Environments},
+ author = {Dogan Kesdogan and Dakshi Agrawal and Stefan Penz},
+ booktitle = {Proceedings of Information Hiding Workshop (IH 2002)},
+ year = {2002},
+ month = {October},
+ editor = {Fabien Petitcolas},
+ publisher = {Springer-Verlag, LNCS 2578},
+}
+
+@inproceedings{agrawal03,
+ title = {{Probabilistic Treatment of MIXes to Hamper Traffic Analysis}},
+ author = {Dakshi Agrawal and Dogan Kesdogan and Stefan Penz},
+ booktitle = {Proceedings of the 2003 IEEE Symposium on Security and Privacy},
+ year = {2003},
+ month = {May},
+}
+
+@inproceedings{rao-pseudonymity,
+ title = {Can Pseudonymity Really Guarantee Privacy?},
+ author = {Josyula R. Rao and Pankaj Rohatgi},
+ booktitle = {{Proceedings of the 9th USENIX Security Symposium}},
+ year = {2000},
+ month = {August},
+ pages = {85--96},
+ publisher = {USENIX},
}
@misc{mixmaster-spec,
- title = {Mixmaster {P}rotocol --- {V}ersion 2},
- author = {Ulf M\"oller and Lance Cottrell},
- year = {2000},
- month = {January},
- howpublished = {Unfinished draft},
- www_section = {Anonymous communication},
- www_txt_url = {http://www.eskimo.com/~rowdenw/crypt/Mix/draft-moeller-mixmaster2-protocol-00.txt},
+ title = {Mixmaster {P}rotocol --- {V}ersion 2},
+ author = {Ulf M{\"o}ller and Lance Cottrell and Peter Palfrader and Len Sassaman},
+ year = {2003},
+ month = {July},
+ howpublished = {Draft},
+ www_txt_url = {http://www.abditum.com/mixmaster-spec.txt},
}
-@article{statistical-disclosure,
+@inproceedings{stop-and-go,
+ title = {Stop-and-Go {MIX}es: Providing Probabilistic Anonymity in an Open System},
+ author = {Dogan Kesdogan and Jan Egner and Roland B\"uschkes},
+ booktitle = {Proceedings of Information Hiding Workshop (IH 1998)},
+ year = {1998},
+ publisher = {Springer-Verlag, LNCS 1525},
+ www_pdf_url = {http://www.uow.edu.au/~ldn01/infohide98.pdf},
+}
+
+@inproceedings{statistical-disclosure,
title = {Statistical Disclosure Attacks: Traffic Confirmation in Open Environments},
author = {George Danezis},
+ booktitle = {Proceedings of Security and Privacy in the Age of Uncertainty, ({SEC2003})},
+ organization = {{IFIP TC11}},
year = {2003},
-}
\ No newline at end of file
+ month = {May},
+ address = {Athens},
+ pages = {421--426},
+ editor = {Gritzalis, Vimercati, Samarati, Katsikas},
+ publisher = {Kluwer},
+ www_pdf_url = {http://www.cl.cam.ac.uk/~gd216/StatDisclosure.pdf},
+}
+
+@inproceedings{tarzan:ccs02,
+ title = {Tarzan: A Peer-to-Peer Anonymizing Network Layer},
+ author = {Michael J. Freedman and Robert Morris},
+ booktitle = {{Proceedings of the 9th ACM Conference on Computer and Communications
+ Security (CCS 2002)}},
+ year = {2002},
+ month = {November},
+ address = {Washington, DC},
+ www_pdf_url = {http://pdos.lcs.mit.edu/tarzan/docs/tarzan-ccs02.pdf},
+}
+
+@inproceedings{bennett:pet2003,
+ title = {{GAP} -- Practical anonymous networking},
+ author = {Krista Bennett and Christian Grothoff},
+ booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2003)},
+ year = {2003},
+ month = {March},
+ editor = {Roger Dingledine},
+ publisher = {Springer-Verlag, LNCS 2760},
+ www_ps_url = {http://www.ovmj.org/GNUnet/download/aff.ps},
+}
+
+@article{crowds:tissec,
+ title = {Crowds: Anonymity for Web Transactions},
+ author = {Michael Reiter and Aviel Rubin},
+ journal = {ACM Transactions on Information and System Security},
+ volume = {1},
+ number = {1},
+ year = {1998},
+ month = {June},
+ www_pdf_url = {http://avirubin.com/crowds.pdf},
+}
+
+@inproceedings{langos02,
+ title = {Dummy Traffic Against Long Term Intersection Attacks},
+ author = {Oliver Berthold and Heinrich Langos},
+ booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2002)},
+ year = {2002},
+ month = {April},
+ editor = {Roger Dingledine and Paul Syverson},
+ publisher = {Springer-Verlag, LNCS 2482},
+ www_pdf_url = {http://www.inf.fu-berlin.de/~berthold/publ/BeLa_02.pdf},
+}
+
+@inproceedings{defensive-dropping,
+ title = {Timing Attacks in Low-Latency Mix-Based Systems},
+ author = {Brian N. Levine and Michael K. Reiter and Chenxi Wang and Matthew Wright},
+ booktitle = {Financial Cryptography},
+ year = {2004},
+ editor = {Ari Juels},
+ publisher = {Springer-Verlag, LNCS (forthcoming)},
+}
+
+@inproceedings{danezis:wpes2003,
+ title = {Heartbeat Traffic to Counter (n-1) Attacks},
+ author = {George Danezis and Len Sassaman},
+ booktitle = {{Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2003)}},
+ year = {2003},
+ month = {October},
+ address = {Washington, DC, USA},
+ www_pdf_url = {http://www.cl.cam.ac.uk/users/gd216/p125_danezis.pdf},
+}
+
Index: e2e-traffic.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/e2e-traffic/e2e-traffic.tex,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- e2e-traffic.tex 11 Dec 2003 05:22:15 -0000 1.6
+++ e2e-traffic.tex 9 Jan 2004 23:58:14 -0000 1.7
@@ -26,7 +26,9 @@
% XXXX for a better title?
\author{Nick Mathewson \\ The Free Haven Project
- \\ \emailaddr{nickm@freehaven.net} }
+ \\ \emailaddr{nickm@freehaven.net} \and
+ Roger Dingledine \\ The Free Haven Project
+ \\ \emailaddr{arma@mit.edu} }
\maketitle
\centerline{\LARGE\bf *DRAFT* --- not for publication}
@@ -94,8 +96,9 @@
% set of senders', behaved this way; the ones who didn't wouldn't be
% protected. -RD
-Agrawal, Kesdogan, and Penz propose an example of a long-term intersection
-attack in \cite{limits-open}. Their {\it disclosure attack}
+Kesdogan, Agrawal, and Penz propose an example of a long-term
+intersection attack in \cite{limits-open}, and expand on this attack in
+\cite{agrawal03}. Their {\it disclosure attack}
assumes a fairly strict model of sender behavior and works against
only a single batch mix (a batch mix waits until it receives $b$
messages, then reorders and retransmits them all). Additionally, the
@@ -201,7 +204,7 @@
which senders use to encrypt messages to it. The mix accumulates a batch
of these encrypted messages, decrypts them, and delivers them. Because a
decrypted output message looks nothing like the original encrypted input
-message, and because the mix collects a batch of messages and then sends
+message, and the mix collects a batch of messages and then sends
out the decrypted messages in a rearranged order, an observer cannot learn
which incoming message corresponds to which outgoing message. Chaum showed
the security of a mix against a \emph{passive adversary} who eavesdrops
@@ -222,7 +225,8 @@
the address of $M_{i+1}$ along with the message intended for $M_{i+1}$
(all encrypted under $M_i$'s public key).
-A mix network where Alice chooses her route freely from all mixes is
+The topology of the mix network affects its anonymity properties.
+A network where Alice can choose her route freely from all mixes is
called a \emph{free-route} network. Another approach is a \emph{cascade}
network, where senders choose from a set of fixed paths through the
mix-net. Cascades can provide greater anonymity against an adversary
@@ -246,6 +250,9 @@
coordination and synchronization between the mixes and impose a heavy
computational and communication overhead.
+%\subsection{Other anonymity designs}
+%DC-nets, and the recent CCS paper and herbivore
+
\subsection{Traffic analysis}
\label{subsec:traffic-analysis}
% an overview of the general history of traffic analysis attacks.
@@ -253,29 +260,70 @@
Attacks against mix-nets aim to reduce the anonymity of users by
linking anonymous senders with the messages they send, by linking
anonymous recipients with the messages they receive, or by linking
-anonymous messages with one another \cite{raymond00}. Attackers may
+anonymous messages with one another. For a detailed list of attacks,
+consult \cite{back01,raymond00}. Attackers may
trace messages through the network by observing network
traffic, compromising mixes, compromising keys, delaying messages
so they stand out from other traffic, or altering messages
in transit. They may learn a given message's destination
by flooding the network with messages, replaying multiple copies
of a message, or shaping traffic to isolate the target message from
-other unknown traffic. Attackers may discourage users from
-using honest mixes by making them unreliable. They may analyze
-intercepted message text to look for commonalities between otherwise
-unlinked senders.
-Finally, even if all other attacks are foiled, a passive adversary can
+other unknown traffic \cite{trickle02}. Attackers may
+discourage users from using honest mixes by making them unreliable
+\cite{back01,casc-rep}. They may analyze intercepted message text to
+look for commonalities between otherwise unlinked senders
+\cite{rao-pseudonymity}.
+
+\subsection{The intersection attack}
+
+Even if all the above attacks are foiled, an adversary can
mount a long-term \emph{intersection attack} to correlate the times at
which senders and receivers are active \cite{disad-free-routes}.
-% Mention that no defense short of N^2 padding is known, and that N^2
-% padding doesn't work?
-Remember to check out disad-freeroutes and langos02.
+Researchers have provided a variety of countermeasures to increase
+the difficulty of the intersection attack. Kesdogan's Stop-and-go mix
+\cite{stop-and-go} provides probabilistic anonymity by letting users
+specify message latencies -- essentially broadening the range of times
+messages might emerge from the mix network. Similarly, batching strategies
+\cite{trickle02} like that used by Mixmaster and Mixminion use message
+pools to spread out the possible exit times for messages.
+
+Rather than expanding the set of messages that might have
+been sent by a suspect sender, other designs expand the set of
+senders that might have sent a suspect message. A sender who
+participates as a node in the mix network can conceal whether a
+given message originated at her node or was relayed from another node
+\cite{bennett:pet2003,tarzan:ccs02,crowds-tissec}. But even in these
+designs, the adversary can observe whether certain traffic patterns are
+present when a user is online (sending) and absent when a user is offline
+(not sending) \cite{wright02,wright03}.
+
+A sender can also conceal whether she is currently active by consistently
+sending decoy (dummy) traffic. Pipenet \cite{pipenet} conceals
+traffic patterns by constant padding on every link. Unfortunately, a
+single user can shut down the network simply by not sending. Backing
+off even a little bit from this constant-padding scheme allows the
+above intersection attack, and in some systems may even introduce
+conspicuous gaps in traffic that can be followed through the network
+\cite{defensive-dropping}. Berthold and Langos aim to increase the
+difficulty of intersection attacks with a scheme for preparing plausible
+dummy traffic and having other nodes send it for you while you're offline
+\cite{langos02}; but their design has many practical problems.
+
+Finally, note that while the adversary can perform this long-term
+intersection attack entirely passively, active attacks can help him
+reduce the set of suspects at each round. For example, performing
+blending attacks \cite{trickle02} against a suspected sender can greatly
+speed the attack. Danezis and Sassaman propose a ``heartbeat'' dummy
+scheme \cite{danezis:wpes2003} where dummies are sent from a node in
+the network back to itself, creating an early warning system to detect
+if the adversary is launching such a blending attack.
\subsection{The disclosure attack}
\label{subsec:disclosure-attack}
-In 2002, Agrawal, Kesdogan, and Pena presented the disclosure
-attack \cite{limits-open}, a traffic-analysis attack against a single
+
+In 2002, Kesdogan, Agrawal, and Penz presented the disclosure
+attack \cite{limits-open}, an intersection attack against a single
sender on a single batch mix.
The disclosure attack assumes that the attacker is a global passive
@@ -299,6 +347,7 @@
\subsection{The statistical disclosure attack}
\label{subsec:statistical-disclosure}
+
In 2003, Danezis presented the statistical disclosure
attack\cite{statistical-disclosure}, which makes the same operational
assumptions as the original disclosure attack, but is far easier to
@@ -325,7 +374,7 @@
From this, the attacker estimates
\[\vec{v} \approx b\frac{\sum_{i=1}^t \vec{o_i}}{t} - (b-i)\vec{u}\]
-% XXXX Maybe add a simgle example?
+% XXXX Maybe add a simple example?
\XXXX{Should we report George's findings on preconditions and
required time to succeed?}
@@ -409,6 +458,7 @@
Following D\'iaz and Serjantov's approach in \cite{pet-2003-diaz}, we treat
these mixmin algorithms generically as follows: a mix relays a
+% XXX 'mixmin'? do you mean 'mixing'?
number of messages at the end of each round, depending on the number of
messages it is currently storing. All messages in the mix's pool at the end
of a round have an equal probability of being included in that round's batch.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/