[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] more related work messing
Update of /home/freehaven/cvsroot/doc/e2e-traffic
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/e2e-traffic
Modified Files:
e2e-traffic.bib e2e-traffic.tex
Log Message:
more related work messing
Index: e2e-traffic.bib
===================================================================
RCS file: /home/freehaven/cvsroot/doc/e2e-traffic/e2e-traffic.bib,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- e2e-traffic.bib 10 Jan 2004 02:00:17 -0000 1.3
+++ e2e-traffic.bib 21 Jan 2004 04:08:25 -0000 1.4
@@ -1,3 +1,44 @@
+@inproceedings{SS03,
+ title = {Passive Attack Analysis for Connection-Based Anonymity Systems},
+ author = {Andrei Serjantov and Peter Sewell},
+ booktitle = {Computer Security -- ESORICS 2003},
+ publisher = {Springer-Verlag, LNCS (forthcoming)},
+ year = {2003},
+ month = {October},
+}
+
+@inproceedings{web-mix:pet2000,
+ title = {Web {MIX}es: A system for anonymous and unobservable {I}nternet access},
+ author = {Oliver Berthold and Hannes Federrath and Stefan K\"opsell},
+ booktitle = {Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design
+ Issues in Anonymity and Unobservability},
+ year = {2000},
+ month = {July},
+ pages = {115--129},
+ editor = {H. Federrath},
+ publisher = {Springer-Verlag, LNCS 2009},
+}
+
+@misc{tor-design,
+ author = "Roger Dingledine and Nick Mathewson and Paul Syverson",
+ title = {{Tor: The Second-Generation Onion Router}},
+ howpublished = {Manuscript},
+ month = {January},
+ year = {2004},
+}
+
+@Article{or-jsac98,
+ author = {Michael G. Reed and Paul F. Syverson and David
+ M. Goldschlag},
+ title = {Anonymous Connections and Onion Routing},
+ journal = {IEEE Journal on Selected Areas in Communications},
+ year = 1998,
+ volume = 16,
+ number = 4,
+ pages = {482--494},
+ month = {May},
+}
+
@InProceedings{pfitzmann90how,
author = "Birgit Pfitzmann and Andreas Pfitzmann",
title = "How to Break the Direct {RSA}-Implementation of {MIXes}",
Index: e2e-traffic.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/e2e-traffic/e2e-traffic.tex,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- e2e-traffic.tex 21 Jan 2004 03:26:35 -0000 1.14
+++ e2e-traffic.tex 21 Jan 2004 04:08:25 -0000 1.15
@@ -185,12 +185,12 @@
% why leave this out? it sounds important. -RD
\end{tightlist}
-We begin in Section \ref{sec:previous-work} by presenting a brief
+We begin in Section~\ref{sec:previous-work} by presenting a brief
background overview on mix-nets, traffic analysis, the disclosure
-attack, and the statistical disclosure attack. In Section
-\ref{sec:extending} we present our enhancements to the statistical
+attack, and the statistical disclosure attack. In
+Section~\ref{sec:extending} we present our enhancements to the statistical
disclosure attack. We present simulated experimental results
-in Section \ref{sec:simulation}, and close in Section \ref{sec:conclusion}
+in Section~\ref{sec:simulation}, and close in Section~\ref{sec:conclusion}
with recommendations for resisting this class of attacks, implications
for mix-net design, and a set of open questions for future work.
@@ -204,14 +204,14 @@
decrypts, delays, and re-orders messages, before relaying them toward their
destinations. Chaum proved the security of a mix against a \emph{passive
adversary} who eavesdrops on all communications but is unable to observe
-the reordering inside the mix. Because some mixes might be controled by an
+the reordering inside the mix. Because some mixes might be controlled by an
adversary, Alice may direct her messages through a sequence or `chain' of
mixes in a network, so that no single mix can link her to her recipient.
Many subsequent designs have been proposed, including Babel \cite{babel},
-Mixmaster \cite{mixmaster}, and Mixminion \cite{mixminion}.
-% XXX also cite \cite{shuffle} and \cite{abe}
-We will not address the diferences between these systems in any detail: from
+Mixmaster \cite{mixmaster-spec}, and Mixminion \cite{minion-design}.
+% also \cite{shuffle} and \cite{abe}
+We will not address the differences between these systems in any detail: from
the point of view of a long-term intersection attack, the internals of the
network are irrelevant so long as the attacker can observe messages entering
and leaving the network, and can guess when a message entering the network is
@@ -221,12 +221,10 @@
%%and whats-this-called \cite{k-anonymous}, seek prevent eavesdroppers from
%%learning when participannts are sending and receiving.)
-% Mention that there are low-latency systems, but that they are too easy
-% to break with short-term end-to-end confirmation attacks.
-
-% talk about how we're only concerned here with systems where the
-% senders and receivers are distinct from the mix servers. in those
-% situations, maybe you're doing way better.
+Another class of anonymity designs is aimed at web browsing and other
+low latency activities \cite{web-mix:pet2000,tor-design,or-jsac98},
+but we neglect them in this paper because short-term timing and packet
+counting attacks seem sufficient against them \cite{SS03}.
Attacks against mix networks aim to reduce the anonymity of users by
linking anonymous senders with the messages they send, by linking
@@ -251,7 +249,7 @@
mount a \emph{long-term intersection attack} to correlate the times at
which senders and receivers are active \cite{disad-free-routes}.
-Researchers have provided a variety of countermeasures to increase
+A variety of countermeasures increase
the difficulty of the intersection attack. Kesdogan's Stop-and-go mix
\cite{stop-and-go} provides probabilistic anonymity by letting users
specify message latencies -- essentially broadening the range of times
@@ -293,11 +291,10 @@
intersection attack entirely passively, active attacks can help him
reduce the set of suspects at each round. For example, performing
blending attacks \cite{trickle02} against a suspected sender can greatly
-speed the attack. Danezis and Sassaman propose a ``heartbeat'' dummy
-scheme \cite{danezis:wpes2003} where dummies are sent from a node in
-the network back to itself, creating an early warning system to detect
-if the adversary is launching such a blending attack.
-% possibly take out the above sentence -RD
+speed the attack. %Danezis and Sassaman propose a ``heartbeat'' dummy
+%scheme \cite{danezis:wpes2003} where dummies are sent from a node in
+%the network back to itself, creating an early warning system to detect
+%if the adversary is launching such a blending attack.
\subsection{The disclosure attack}
\label{subsec:disclosure-attack}
@@ -368,7 +365,7 @@
\label{subsec:broadening}
In this subsection, we examine ways to extend Danezis's Statistical
Disclosure Attack to systems more closely resembling real-world mix-nets. In
-section \ref{sec:simulation}, we examine the time and information
+Section~\ref{sec:simulation}, we examine the time and information
requirements for these attacks against simulated networks.
\subsubsection{Complex senders, unknown background traffic}
@@ -390,7 +387,7 @@
which Alice has {\it not} contributed any messages.\footnote{The attack can
still proceed if few such Alice-free batches exist, so long as Alice
contributes more to some batches than to others. Specifically, the approach
- described in section \ref{subsubsec:complex-mix} can exploit differences
+ described in Section~\ref{subsubsec:complex-mix} can exploit differences
between low-Alice and high-Alice batches to infer background behavior.}
For each such
batch $i$, the attacker constructs a vector $\V{u_i}$ containing
@@ -496,7 +493,7 @@
attacker must spend to observe all messages leaving the system, it
has no additional effect on intersection attacks beyond changing the
delaying characteristics $P_R$ of the anonymity system as introduced
-in section \ref{subsubsec:complex-mix}.
+in Section~\ref{subsubsec:complex-mix}.
Assume for the sake of simplicity that all mixes share a single
$P_R$, and that Alice chooses a path of length $\ell_0$. The chance of
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/