[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] more related work messing

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] more related work messing
From: arma@seul.org (Roger Dingledine)
Date: Tue, 20 Jan 2004 23:08:27 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Tue, 20 Jan 2004 23:09:03 -0500
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net
Update of /home/freehaven/cvsroot/doc/e2e-traffic
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/e2e-traffic

Modified Files:
	e2e-traffic.bib e2e-traffic.tex 
Log Message:
more related work messing


Index: e2e-traffic.bib
===================================================================
RCS file: /home/freehaven/cvsroot/doc/e2e-traffic/e2e-traffic.bib,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- e2e-traffic.bib	10 Jan 2004 02:00:17 -0000	1.3
+++ e2e-traffic.bib	21 Jan 2004 04:08:25 -0000	1.4
@@ -1,3 +1,44 @@
+@inproceedings{SS03,
+  title = {Passive Attack Analysis for Connection-Based Anonymity Systems},
+  author = {Andrei Serjantov and Peter Sewell},
+  booktitle = {Computer Security -- ESORICS 2003},
+  publisher =   {Springer-Verlag, LNCS (forthcoming)},
+  year = {2003},
+  month = {October},
+}
+
+@inproceedings{web-mix:pet2000,
+  title = {Web {MIX}es: A system for anonymous and unobservable {I}nternet access}, 
+  author = {Oliver Berthold and Hannes Federrath and Stefan K\"opsell}, 
+  booktitle = {Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design
+        Issues in Anonymity and Unobservability}, 
+  year = {2000}, 
+  month = {July}, 
+  pages = {115--129}, 
+  editor = {H. Federrath}, 
+  publisher = {Springer-Verlag, LNCS 2009}, 
+}
+
+@misc{tor-design,
+  author = "Roger Dingledine and Nick Mathewson and Paul Syverson",
+  title = {{Tor: The Second-Generation Onion Router}},
+  howpublished = {Manuscript},
+  month = {January},
+  year = {2004},
+}
+
+@Article{or-jsac98,
+  author =       {Michael G. Reed and Paul F. Syverson and David
+                  M. Goldschlag}, 
+  title =        {Anonymous Connections and Onion Routing},
+  journal =      {IEEE Journal on Selected Areas in Communications},
+  year =         1998,
+  volume =       16,
+  number =       4,
+  pages =        {482--494},
+  month =        {May},
+}
+
 @InProceedings{pfitzmann90how,
     author = "Birgit Pfitzmann and Andreas Pfitzmann",
     title = "How to Break the Direct {RSA}-Implementation of {MIXes}",

Index: e2e-traffic.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/e2e-traffic/e2e-traffic.tex,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- e2e-traffic.tex	21 Jan 2004 03:26:35 -0000	1.14
+++ e2e-traffic.tex	21 Jan 2004 04:08:25 -0000	1.15
@@ -185,12 +185,12 @@
   % why leave this out? it sounds important. -RD
 \end{tightlist}
 
-We begin in Section \ref{sec:previous-work} by presenting a brief
+We begin in Section~\ref{sec:previous-work} by presenting a brief
 background overview on mix-nets, traffic analysis, the disclosure
-attack, and the statistical disclosure attack.  In Section
-\ref{sec:extending} we present our enhancements to the statistical
+attack, and the statistical disclosure attack.  In
+Section~\ref{sec:extending} we present our enhancements to the statistical
 disclosure attack.  We present simulated experimental results
-in Section \ref{sec:simulation}, and close in Section \ref{sec:conclusion}
+in Section~\ref{sec:simulation}, and close in Section~\ref{sec:conclusion}
 with recommendations for resisting this class of attacks, implications
 for mix-net design, and a set of open questions for future work.
 
@@ -204,14 +204,14 @@
 decrypts, delays, and re-orders messages, before relaying them toward their
 destinations.  Chaum proved the security of a mix against a \emph{passive
   adversary} who eavesdrops on all communications but is unable to observe
-the reordering inside the mix.  Because some mixes might be controled by an
+the reordering inside the mix.  Because some mixes might be controlled by an
 adversary, Alice may direct her messages through a sequence or `chain' of
 mixes in a network, so that no single mix can link her to her recipient.
 
 Many subsequent designs have been proposed, including Babel \cite{babel},
-Mixmaster \cite{mixmaster}, and Mixminion \cite{mixminion}.
-%  XXX also cite \cite{shuffle} and \cite{abe}
-We will not address the diferences between these systems in any detail: from
+Mixmaster \cite{mixmaster-spec}, and Mixminion \cite{minion-design}.
+%  also \cite{shuffle} and \cite{abe}
+We will not address the differences between these systems in any detail: from
 the point of view of a long-term intersection attack, the internals of the
 network are irrelevant so long as the attacker can observe messages entering
 and leaving the network, and can guess when a message entering the network is
@@ -221,12 +221,10 @@
 %%and whats-this-called \cite{k-anonymous}, seek prevent eavesdroppers from
 %%learning when participannts are sending and receiving.)
 
-% Mention that there are low-latency systems, but that they are too easy
-% to break with short-term end-to-end confirmation attacks.
-
-% talk about how we're only concerned here with systems where the
-% senders and receivers are distinct from the mix servers. in those
-% situations, maybe you're doing way better.
+Another class of anonymity designs is aimed at web browsing and other
+low latency activities \cite{web-mix:pet2000,tor-design,or-jsac98},
+but we neglect them in this paper because short-term timing and packet
+counting attacks seem sufficient against them \cite{SS03}.
 
 Attacks against mix networks aim to reduce the anonymity of users by
 linking anonymous senders with the messages they send, by linking
@@ -251,7 +249,7 @@
 mount a \emph{long-term intersection attack} to correlate the times at
 which senders and receivers are active \cite{disad-free-routes}.
 
-Researchers have provided a variety of countermeasures to increase
+A variety of countermeasures increase
 the difficulty of the intersection attack. Kesdogan's Stop-and-go mix
 \cite{stop-and-go} provides probabilistic anonymity by letting users
 specify message latencies -- essentially broadening the range of times
@@ -293,11 +291,10 @@
 intersection attack entirely passively, active attacks can help him
 reduce the set of suspects at each round. For example, performing
 blending attacks \cite{trickle02} against a suspected sender can greatly
-speed the attack. Danezis and Sassaman propose a ``heartbeat'' dummy
-scheme \cite{danezis:wpes2003} where dummies are sent from a node in
-the network back to itself, creating an early warning system to detect
-if the adversary is launching such a blending attack.
-% possibly take out the above sentence -RD
+speed the attack. %Danezis and Sassaman propose a ``heartbeat'' dummy
+%scheme \cite{danezis:wpes2003} where dummies are sent from a node in
+%the network back to itself, creating an early warning system to detect
+%if the adversary is launching such a blending attack.
 
 \subsection{The disclosure attack}
 \label{subsec:disclosure-attack}
@@ -368,7 +365,7 @@
 \label{subsec:broadening}
 In this subsection, we examine ways to extend Danezis's Statistical
 Disclosure Attack to systems more closely resembling real-world mix-nets.  In
-section \ref{sec:simulation}, we examine the time and information
+Section~\ref{sec:simulation}, we examine the time and information
 requirements for these attacks against simulated networks.
 
 \subsubsection{Complex senders, unknown background traffic}
@@ -390,7 +387,7 @@
 which Alice has {\it not} contributed any messages.\footnote{The attack can
   still proceed if few such Alice-free batches exist, so long as Alice
   contributes more to some batches than to others.  Specifically, the approach
-  described in section \ref{subsubsec:complex-mix} can exploit differences
+  described in Section~\ref{subsubsec:complex-mix} can exploit differences
   between low-Alice and high-Alice batches to infer background behavior.}
 For each such
 batch $i$, the attacker constructs a vector $\V{u_i}$ containing
@@ -496,7 +493,7 @@
 attacker must spend to observe all messages leaving the system, it
 has no additional effect on intersection attacks beyond changing the
 delaying characteristics $P_R$ of the anonymity system as introduced
-in section \ref{subsubsec:complex-mix}.
+in Section~\ref{subsubsec:complex-mix}.
 
 Assume for the sake of simplicity that all mixes share a single
 $P_R$, and that Alice chooses a path of length $\ell_0$.  The chance of

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/
Prev by Author: [freehaven-cvs] clean up abstract and intro
Next by Author: [freehaven-cvs] write a lot more. now we have more written.
Previous by thread: [freehaven-cvs] clean up abstract and intro
Next by thread: [freehaven-cvs] Finish editing the attacks section. Time to write a ...
Index(es):
- Author
- Thread