[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] patches on sec 3.2

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] patches on sec 3.2
From: arma@seul.org (Roger Dingledine)
Date: Sun, 25 Jan 2004 04:47:32 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Sun, 25 Jan 2004 04:48:01 -0500
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net

Update of /home/freehaven/cvsroot/doc/e2e-traffic
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/e2e-traffic

Modified Files:
	e2e-traffic.tex 
Log Message:
patches on sec 3.2


Index: e2e-traffic.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/e2e-traffic/e2e-traffic.tex,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -d -r1.26 -r1.27
--- e2e-traffic.tex	24 Jan 2004 22:53:55 -0000	1.26
+++ e2e-traffic.tex	25 Jan 2004 09:47:30 -0000	1.27
@@ -607,35 +607,34 @@
 
 \subsection{Strengthening the attack}
 \label{subsec:strenghtening}
-Our previous extensions to the original statistical disclosure attack
-have shown how to reveal sender--recipient links in a broader range of
-circumstances.
-In order to compensate for these circumstances (as will be shown below in
-section \ref{sec:simulation}) the attacker has been
-forced to observe an increasingly large number of rounds of traffic.
+Section \ref{subsec:broadening} showed how to extend the original
+statistical disclosure attack to reveal sender--recipient links in a
+broader range of circumstances. In Section \ref{sec:simulation} we will
+show that these extensions force the attacker to observe an increasingly
+large number of rounds of traffic.
 
-In this section, rather than broadening the attack at the expense of needing
-increased traffic, we discuss ways to reduce the amount of traffic required
-for the attack by incorporating additional information.
+In this section, rather than talking about how to broaden the attack so it
+works in new situations (at the expensive of needing increased traffic),
+we discuss ways to reduce the amount of traffic required for the attack
+by incorporating additional information.
 
 \subsubsection{Exploiting message partitioning:}
 %\label{subsubsec:full-linkability}
-The attacker's work can be greatly simplified if some messages leaving
-the system are
-{\it linkable}.  Two messages are said to be {\it linkable} if they are
+The attacker's work can be greatly simplified if some output messages are
+{\it linkable}.  Two messages are said to be linkable if they are
 likelier to originate from the same sender than are two randomly chosen
 messages.  We consider a special case of linkability, in which we discover
 linkage by {\it partitioning} messages into separate classes such that
 messages in the same class are likelier to come from the same sender than two
 messages chosen at random.
 
-The easiest case is of partitioning is pseudonymity: in a typical
+The easiest case of partitioning is pseudonymity: in a typical
 pseudonym service, each sender has one or more pseudonyms and all
 delivered messages are associated with a pseudonym.
-Clearly, an eavesdropper attacker who can connect senders to their pseudonyms
+An eavesdropper who can connect senders to their pseudonyms
 could trivially use this information to connect senders and recipients.
-One way to do this
-is by treating classes of fully linkable messages as virtual message
+For example, he might treat
+classes of fully linkable messages as virtual message
 destinations.  Instead of collecting observations $\V{o_i}$ of
 recipients who receive messages in round $i$, the attacker now
 collects observations $\V{o_i}$ of linkable classes
@@ -653,8 +652,8 @@
 keywords and try to link messages based on their textual content.
 
 To exploit these scenarios, the attacker begins as above by
-choosing a set of $c$ `partitioning classes' (such as languages,
-patterns of usage, or so on), and assigning to each observed output
+choosing a set of $c$ `partitioning classes' (such as languages or
+patterns of usage), and assigning to each observed output
 message a probability of belonging to each class.  The attacker then
 proceeds as before, but instead of collecting observation
 vectors with elements corresponding the recipients, the attacker now
@@ -683,7 +682,7 @@
 about astrophysics.
 
 To exploit this knowledge, an attacker can (as suggested in the
-original Statistical Disclosure paper \cite{statistical-disclosure})
+original statistical disclosure paper)
 modify the estimated probabilities in $\V{o_i}$ of Alice having sent
 each delivered message.  For example, if 100 messages are sent in a
 round, and the attacker judges that 50 of them are twice as likely to
@@ -695,7 +694,8 @@
 %======================================================================
 \section{Simulation results}
 \label{sec:simulation}
-Above, we've repeatedly said that each complication of the sender or the
+In Section \ref{subsec:broadening}, we repeatedly claimed that each
+complication of the sender or the
 network forces the attacker to gather more information. But how much?
 
 To find out, we ran a series of simulations of our attacks, first against the

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Prev by Author: [freehaven-cvs] clean and tighten sec 3.1
Next by Author: [freehaven-cvs] clean trials 1 and 2, merge figs 1 and 2
Previous by thread: [freehaven-cvs] Tweaks throughout. Discussion of throughput, latency...
Next by thread: [freehaven-cvs] clean trials 1 and 2, merge figs 1 and 2
Index(es):
- Author
- Thread