[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] clean up node selection subsec

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] clean up node selection subsec
From: arma@seul.org (Roger Dingledine)
Date: Tue, 27 Jan 2004 00:26:30 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Tue, 27 Jan 2004 00:27:09 -0500
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net

Update of /home/freehaven/cvsroot/doc/routing-zones
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/routing-zones

Modified Files:
	routing-zones.tex routing-zones.bib 
Log Message:
clean up node selection subsec


Index: routing-zones.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.tex,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- routing-zones.tex	27 Jan 2004 04:56:54 -0000	1.18
+++ routing-zones.tex	27 Jan 2004 05:26:28 -0000	1.19
@@ -134,6 +134,7 @@
 number of mix nodes in the path.
 
 \section{Threat Model}
+\label{sec:threat-model}
 
 We aim to improve anonymity against an adversary who can monitor a single
 AS. Such an adversary might be a curious ISP or a corrupt law enforcement
@@ -147,7 +148,7 @@
 accountability and risk associated with obtaining multiple unapproved
 subpoenas. 
 
-By requiring the adversary to control multiple AS's, we raise the bar
+By requiring the adversary to control multiple ASes, we raise the bar
 for breaking the anonymity of the system.
 
 \section{Background}
@@ -161,6 +162,7 @@
 network, we also provide some background on Internet routing. 
 
 \subsection{Anonymity networks}
+\label{subsec:background-anonymity}
 
 Chaum~\cite{chaum81} proposed hiding the correspondence between sender
 and recipient by wrapping messages in layers of public-key cryptography,
@@ -228,7 +230,7 @@
 interdomain routing (i.e., routing between ISPs) on the Internet. We
 then describe available data on Internet topologies and our assumptions
 regarding how well this data reflects the paths that packets actually
-travel.  
+travel.
 
 \subsubsection{Border Gateway Protocol}
 
@@ -240,7 +242,6 @@
 destinations using the information propagated by routing protocols.  To
 find the route to a destination IP address, a router typically performs
 a longest prefix match on that IP address to find the smallest IP prefix
-% XXX do you mean 'longest' above, rather than 'smallest'? confused.
 in the routing table that contains that IP address.  For example, a
 router performing a route lookup for {\em IP address} {\tt 18.31.0.82}
 might find a route for the {\em prefix} {\tt 18.0.0.0/8}, a prefix that
@@ -362,38 +363,40 @@
 
 In this section, we describe how we model mix-nets and Internet routing
 to draw conclusions about how vulnerable a mix-net might be to
-eavesdropping by an adversary.  We first provide a detailed description
-of our threat model; i.e., the types of adversaries that we are trying
-to defend against.  Then, we describe our model of mix-net node
-selection.  Finally, we present our techniques for estimating the
+eavesdropping by the adversary detailed in Section~\ref{sec:threat-model}.
+First we describe our model of mix-net node selection, and then we
+present our techniques for estimating the
 AS-level path between two arbitrary hosts on the Internet.
 
-\subsection{Node Selection in Mix Networks}\label{sec:path-selection}
-
-the basic route selection algorithm is very easy.
-
-you take the set of nodes, call it N. a subset of that nodes is E,
-the ones that will allow exiting. As a first approximation for testing,
-you can just let E=N and ignore the differences.
-
-then you pick an exit node at random from E.
-
-In the variant called Mixmaster, then you pick an entry node at random
-from N.  Whereas in the variant called Tor, you pick an entry node at
-random from N minus the entry node you picked.  That is, in Mixmaster,
-you could pick the same node with probability $(1/|N|)(1/|E|)$. Whereas
-in Tor you never do.
-
-I would guess for large or widespread adversaries the two strategies
-will be approximately equivalent, but that's something to find out
-rather than something to assume. :)
+\subsection{Node Selection in Mix Networks}
+\label{sec:path-selection}
 
-We are ignoring all the nodes in the middle of the path, for reasons
-that I've sort of sketched out in Background|Anonymity networks, but
-clearly need to sketch out better before it'll be convincing.
+To build a path in an anonymity network, clients must somehow learn a set
+of currently available nodes. In Mixmaster, clients examine the output
+of ``pinger'' software that measures node reliability and publishes keys
+and addresses for each remailer~\cite{echolot}. In Tor, clients download
+a similar network snapshot from special nodes called directory servers
+that play a role similar to pingers~\cite{tor-design}.  The pingers and
+directory servers note whether each node is an \emph{exit node}---meaning
+that node's operator is willing to allow traffic to exit the network
+from this node (some operators choose instead to be middleman nodes,
+to avoid needing to deal with abuse complaints.)
 
+We abstract away the details of fetching this list: assume Alice ends up
+with a set $N$ of possible choices, of which $E \subset N$ are exit nodes.
+First she picks the last node on her path, at random, from $E$. In the
+case of Mixmaster, she then picks an entry node at random from $N$,
+and she's done. In Tor, she picks from the set $N$ minus the exit node
+she just picked. Note that we also abstract away the details of picking
+internal path nodes; see Section~\ref{subsec:background-anonymity}.
 
+%That is, in Mixmaster,
+%you could pick the same node with probability $(1/|N|)(1/|E|)$. Whereas
+%in Tor you never do.
 
+%I would guess for large or widespread adversaries the two strategies
+%will be approximately equivalent, but that's something to find out
+%rather than something to assume. :)
 
 \subsection{AS-level Mix Network Path Estimation}\label{sec:mix_aspath}
 

Index: routing-zones.bib
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.bib,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- routing-zones.bib	27 Jan 2004 03:20:33 -0000	1.10
+++ routing-zones.bib	27 Jan 2004 05:26:28 -0000	1.11
@@ -1,3 +1,9 @@
+@misc{echolot,
+  author = {Peter Palfrader},
+  title = {Echolot: a pinger for anonymous remailers},
+  note = {\url{http://www.palfrader.org/echolot/}},
+}
+
 @Misc{mixmaster-spec,
    author =      {Ulf M{\"o}ller and Lance Cottrell and Peter
                   Palfrader and Len Sassaman}, 

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Prev by Author: [freehaven-cvs] give us a real abstract, fix typos throughout
Next by Author: [freehaven-cvs] shift the threat model,
Previous by thread: [freehaven-cvs] Fixed lots of typos and grammar issues. Now preach l...
Next by thread: [freehaven-cvs] results of paths with overlapping ASes
Index(es):
- Author
- Thread