[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] clean up abstract and intro

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] clean up abstract and intro
From: arma@seul.org (Roger Dingledine)
Date: Tue, 20 Jan 2004 22:26:37 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Tue, 20 Jan 2004 22:27:05 -0500
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net
Update of /home/freehaven/cvsroot/doc/e2e-traffic
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/e2e-traffic

Modified Files:
	e2e-traffic.tex 
Log Message:
clean up abstract and intro


Index: e2e-traffic.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/e2e-traffic/e2e-traffic.tex,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- e2e-traffic.tex	21 Jan 2004 03:23:29 -0000	1.13
+++ e2e-traffic.tex	21 Jan 2004 03:26:35 -0000	1.14
@@ -37,23 +37,17 @@
 %======================================================================
 \begin{abstract}
 We extend earlier research on mounting and resisting passive
-long-term end-to-end traffic analysis against anonymous message systems.
-%%Whereas earlier work addressed cases in which a global passive eavesdropper
-%%was trying to learn sender-receiver connections at a single batch mix whose
-%%senders had known behavior patterns, this paper describes how an analogous
-%%attack can reveal sender-receiver connections, even when the eavesdropper is
-%%non-global, the sender behavior is unknown, the substrate is a network of
-%%timed dynamic-pool mixes, and senders use padding messages.
-We loosen the assumptions of earlier attacks by describing how an eavesdropper
-can learn sender-receiver connections even when senders are complex, the
-substrate is a network of pool mixes, senders use padding messages, and the
-attacker is non-global.
-%%of earlier assumptions increases the time over which the attacker must
-%%observe the mix-net, but has little effect on the attacker's storage or
-%%computational requirements.
+long-term end-to-end traffic analysis attacks against anonymous message
+systems.
+We relax the assumptions of earlier attacks by describing how an
+%Our
+eavesdropper can learn sender-receiver connections even when the substrate
+is a network of pool mixes, the attacker is non-global, and senders have
+complex behavior including generating padding messages.
 Additionally, we describe how an attacker can use extra information about
-message linkability in order to reduce the amount of traffic needed to link
-senders to recipients.  Finally, we simulate our attacks for a variety of
+message linkability to speed the attack.
+%to reduce the amount of traffic needed to link senders to recipients.
+Finally, we simulate our attacks for a variety of
 scenarios, focusing on the amount of information needed to link senders and
 recipients.
 %XXXX We should say something about 'we found some good countermeasures.'
@@ -62,20 +56,22 @@
 %======================================================================
 \section{Introduction}
 \label{sec:intro}
-Since the introduction of mix-nets \cite{chaum-mix} in 1981, many
-attacks against these anonymity systems have been proposed.
-While some of these attacks have been
-addressed by improved mix-net designs,
-one attack that remains effective against current deployable
-mix-net designs is the \emph{long-term intersection attack}. In this
+%Since the introduction of mix-nets \cite{chaum-mix} in 1981, many
+%attacks against these anonymity systems have been proposed.
+%While some of these attacks have been
+%addressed by improved mix-net designs,
+Mix networks aim to allow senders to anonymously deliver messages to
+recipients. One of the strongest attacks against current deployable
+mix network designs is the \emph{long-term intersection attack}. In this
 attack, a passive eavesdropper observes a large volume of network traffic
 and notices over time that certain recipients are more likely to
 receive messages after given senders have transmitted messages.  Although
 these correlations are slight, given enough time an attacker can
-use them to deduce which senders are communicating with which recipients.
-Previous researchers have believed that ong-term intersection attacks can
-only be stopped by using an impractically large amount of cover traffic (so
-that senders send dummy messages to every possible recipient whenever they
+deduce which senders are communicating with which recipients.
+Previously, researchers have believed that long-term intersection attacks
+can only be stopped by an impractically large amount of cover traffic
+(e.g.,
+senders send dummy messages to every possible recipient whenever they
 want to send a real message to anyone) or a set of senders
 with perfect uptimes who send messages continually (so that the attacker can
 never learn how the network behaves in the absence of particular senders).
@@ -100,7 +96,8 @@
 % wouldn't be a categorical defense unless *all* senders, not just 'a
 % set of senders', behaved this way; the ones who didn't wouldn't be
 % protected. -RD
-In this paper, we present several variations on a version of the long-term
+%
+Here we present several variations on a version of the long-term
 intersection attack, and examine their simulated performance.  Preliminary
 results indicate that these attacks can be resisted with significantly less
 overhead than previously supposed.
@@ -134,16 +131,17 @@
   average behavior when Alice is not sending messages.
 \item Mixes use a different batching algorithm, such as Mixmaster's
   dynamic-pool
-  algorithm \cite{trickle02,mixmaster-spec}, or the
-  generalized mix algorithm proposed by \cite{pet2003-diaz}.  (Rather than
-  the ``batch'' mix behavior of relaying all messages when $b$
-  messages have arrived, these algorithms hold messages in a ``pool'' for
-  a random number of rounds based on the number of messages in the pool.)
+  algorithm \cite{trickle02,mixmaster-spec} or its
+  generalization \cite{pet2003-diaz}.
+%  (Rather than
+%  the ``batch'' mix behavior of relaying all messages when $b$
+%  messages have arrived, these algorithms hold messages in a ``pool'' for
+%  a random number of rounds based on the number of messages in the pool.)
 \item Alice uses a mix network (of any topology, with synchronous or
   asynchronous batching) to relay her messages through a succession of
   mixes, instead of using just a single mix.
-\item Alice sends some traffic padding to be dropped by some mix node in the
-  network, to disguise when she is sending real messages.
+\item Alice disguises when she is sending real messages by sending some
+  traffic padding to be dropped by some mix node in the network.
 \item The attacker can only view a subset of the messages entering and
   leaving the network, so long as this subset includes some messages
   from Alice and some messages to Alice's recipients.
@@ -158,9 +156,9 @@
 Additionally, we show how an attacker can exploit additional knowledge to
 speed up these attacks.  Such knowledge includes:
 \begin{tightlist}
-\item Linkability between messages.  For example if messages are written in
-  the same language, or signed by the same pseudonym, the attacker can deduce
-  that they are likelier to have been written by the same sender.
+\item Linkability between messages. The attacker can take into account
+  whether messages are written in the same language or signed by the
+  same pseudonym.
 \item {\it A priori} suspicion of certain messages having originated
   or not originated from Alice.  For example, messages written in a
   language Alice doesn't speak are unlikely to have been written
@@ -187,12 +185,12 @@
   % why leave this out? it sounds important. -RD
 \end{tightlist}
 
-We begin in section \ref{sec:previous-work} by presenting a brief
+We begin in Section \ref{sec:previous-work} by presenting a brief
 background overview on mix-nets, traffic analysis, the disclosure
-attack, and the statistical disclosure attack.  In section
-\ref{sec:extending}, we present our enhancements to the statistical
+attack, and the statistical disclosure attack.  In Section
+\ref{sec:extending} we present our enhancements to the statistical
 disclosure attack.  We present simulated experimental results
-in section \ref{sec:simulation}.  We close in section \ref{sec:conclusion}
+in Section \ref{sec:simulation}, and close in Section \ref{sec:conclusion}
 with recommendations for resisting this class of attacks, implications
 for mix-net design, and a set of open questions for future work.
 

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/
Prev by Author: [freehaven-cvs] fix a cite
Next by Author: [freehaven-cvs] more related work messing
Previous by thread: [freehaven-cvs] Revise previous work section
Next by thread: [freehaven-cvs] more related work messing
Index(es):
- Author
- Thread