[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] clean out the related work section

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] clean out the related work section
From: arma@seul.org (Roger Dingledine)
Date: Tue, 20 Jan 2004 19:47:28 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Tue, 20 Jan 2004 19:47:55 -0500
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net

Update of /home/freehaven/cvsroot/doc/e2e-traffic
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/e2e-traffic

Modified Files:
	e2e-traffic.tex 
Log Message:
clean out the related work section


Index: e2e-traffic.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/e2e-traffic/e2e-traffic.tex,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- e2e-traffic.tex	10 Jan 2004 02:00:17 -0000	1.8
+++ e2e-traffic.tex	21 Jan 2004 00:47:26 -0000	1.9
@@ -197,69 +197,23 @@
 %======================================================================
 \section{Previous work}
 \label{sec:previous-work}
-
-%\subsection{Mix-nets}
 \label{subsec:mix-nets}
 
-Chaum introduced the concept of using relay servers, or \emph{mixes},
-for anonymous communications \cite{chaum-mix}. Each mix has a public key
-which senders use to encrypt messages to it. The mix accumulates a batch
-of these encrypted messages, decrypts them, and delivers them. Because a
-decrypted output message looks nothing like the original encrypted input
-message, and the mix collects a batch of messages and then sends
-out the decrypted messages in a rearranged order, an observer cannot learn
-which incoming message corresponds to which outgoing message. Chaum showed
-the security of a mix against a \emph{passive adversary} who eavesdrops
-on all communications but is unable to observe the reordering inside the
-mix. Pfitzmann fixed a weakness in Chaum's original scheme based on the
-properties of raw RSA encryption \cite{pfitzmann90how}.
-
-However, trusting a single mix is dangerous: the mix itself could
-be controlled by an adversary. Therefore users send their messages
-through a series of mixes: if some of the mixes are honest (not
-run by the adversary), anonymity may be preserved. In schemes like
-Babel \cite{babel}, Mixmaster \cite{mixmaster-spec}, or Mixminion
-\cite{minion-design}, the sender chooses the mixes that make up her
-message's path. When Alice wants to send an anonymous message to
-Bob through mixes $M_1$, $M_2$, and $M_3$, she encrypts her message
-successively with the public keys of the mixes in reverse order. She
-includes routing information at each hop, so that each mix $M_i$ receives
-the address of $M_{i+1}$ along with the message intended for $M_{i+1}$
-(all encrypted under $M_i$'s public key).
-
-The topology of the mix network affects its anonymity properties.
-A network where Alice can choose her route freely from all mixes is
-called a \emph{free-route} network. Another approach is a \emph{cascade}
-network, where senders choose from a set of fixed paths through the
-mix-net. Cascades can provide greater anonymity against an adversary
-who owns many mixes \cite{disad-free-routes}, but they are also more
-vulnerable to blending attacks such as trickle or flooding attacks
-\cite{trickle02}. Further, cascade networks arguably have lower
-maximum anonymity because the number of people Alice can hide among
-(her \emph{anonymity set}) is limited to the number of messages the
-weakest node in her cascade can handle. In a free-route network, larger
-anonymity sets are possible because no single mix acts as a bottleneck:
-many mixes handle traffic in parallel as messages traverse the network.
-Mix cascade research includes real-time mixes \cite{realtime-mix} and
-web mixes \cite{web-mix}.
-
-More complex designs use zero-knowledge proofs and stronger
-assumptions to guarantee delivery or to detect and exclude misbehaving
-participants.  These include flash mixes \cite{flash-mix}, hybrid
-mixes \cite{jakobsson-optimally,hybrid-mix}, and provable shuffles
-\cite{randomized-checking,shuffle}. The properties of these designs are appealing,
-but they are often impractical since they assume fairly strong
-coordination and synchronization between the mixes and impose a heavy
-computational and communication overhead.
+Chaum \cite{chaum81} proposed hiding the correspondence between sender
+and recipient by wrapping messages in layers of public-key cryptography,
+and relaying them through a path composed of \emph{mixes}. Each mix
+in turn decrypts, delays, and re-orders messages, before relaying them
+toward their destinations.
 
-%\subsection{Other anonymity designs}
-%DC-nets, and the recent CCS paper and herbivore
+% terms to possible define: mixmaster, mixminion, anonymity set
+% mention that there are a bunch of mix network designs, but they're
+% all the same to us.
 
-%\subsection{Traffic analysis}
-\label{subsec:traffic-analysis}
-% an overview of the general history of traffic analysis attacks.
+% talk about how we're only concerned here with systems where the
+% senders and receivers are distinct from the mix servers. in those
+% situations, maybe you're doing way better.
 
-Attacks against mix-nets aim to reduce the anonymity of users by
+Attacks against mix networks aim to reduce the anonymity of users by
 linking anonymous senders with the messages they send, by linking
 anonymous recipients with the messages they receive, or by linking
 anonymous messages with one another. For a detailed list of attacks,
@@ -287,7 +241,7 @@
 \cite{stop-and-go} provides probabilistic anonymity by letting users
 specify message latencies -- essentially broadening the range of times
 messages might emerge from the mix network. Similarly, batching strategies
-\cite{trickle02} like that used by Mixmaster and Mixminion use message
+\cite{trickle02} in Mixmaster and Mixminion use message
 pools to spread out the possible exit times for messages.
 
 Rather than expanding the set of messages that might have
@@ -304,10 +258,13 @@
 sending decoy (dummy) traffic. Pipenet \cite{pipenet} conceals
 traffic patterns by constant padding on every link. Unfortunately, a
 single user can shut down the network simply by not sending. Backing
-off even a little bit from this constant-padding scheme allows the
+off even a little bit from this constant-padding scheme is thought to
+allow the
 above intersection attack, and in some systems may even introduce
 conspicuous gaps in traffic that can be followed through the network
-\cite{defensive-dropping}. Berthold and Langos aim to increase the
+\cite{defensive-dropping}.
+%possibly take out the above sentence -RD
+Berthold and Langos aim to increase the
 difficulty of intersection attacks with a scheme for preparing plausible
 dummy traffic and having other nodes send it for you while you're offline
 \cite{langos02}; but their design has many practical problems.
@@ -320,6 +277,7 @@
 scheme \cite{danezis:wpes2003} where dummies are sent from a node in
 the network back to itself, creating an early warning system to detect
 if the adversary is launching such a blending attack.
+% possibly take out the above sentence -RD
 
 \subsection{The disclosure attack}
 \label{subsec:disclosure-attack}

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Prev by Author: [freehaven-cvs] put a current pdf in, for paul to see the figures
Next by Author: [freehaven-cvs] fix a cite
Previous by thread: [freehaven-cvs] Add another test to try to figure out how much paddi...
Next by thread: [freehaven-cvs] Mostly added a robustness discussion
Index(es):
- Author
- Thread