[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] further tweaks and edits
Update of /home/freehaven/cvsroot/doc/routing-zones
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/routing-zones
Modified Files:
routing-zones.tex routing-zones.bib
Log Message:
further tweaks and edits
Index: routing-zones.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.tex,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -d -r1.32 -r1.33
--- routing-zones.tex 28 Jan 2004 17:40:01 -0000 1.32
+++ routing-zones.tex 28 Jan 2004 17:44:53 -0000 1.33
@@ -168,7 +168,7 @@
but at
the cost of requiring high and variable latency. Other systems, such as
Onion Routing or its successor Tor~\cite{tor-design,or-jsac98} and the
-Freedom network~\cite{freedom21-arch}, support
+Freedom network~\cite{freedom2-arch}, support
low-latency transactions such as web browsing, but necessarily have a
weaker threat model.
@@ -363,9 +363,9 @@
are communicating. Onion Routing analysis~\cite{onion-routing:pet2000}
has shown that an adversary observing $c$ of the $n$ nodes in the network
can use endpoint attacks to break $\frac{c}{n}$ of the transactions. By
-requiring the connection from Alice to the anonymity network and the
-connection from the anonymity network to Bob to travel over separate
-ASes, as long as the ASes do not collude, we can prevent all of these
+requiring the path from Alice to the anonymity network and the
+path from the anonymity network to Bob to traverse separate
+ASes, as long as the ASes do not collude, we can stop all of these
observed transactions.
Intra-network attacks on low-latency networks can also be useful. In
@@ -378,13 +378,14 @@
A successful endpoint attack against a high-latency system like
Mixmaster takes a lot more time and effort than one against a low-latency
-system like Tor. But because an observer of even a few nodes may over
+system like Tor. But because an observer of even a few Mixmaster nodes
+may over
time be able to link Alice to her recipients~\cite{e2e-traffic}, our
work also has impact on protecting such high-latency systems from a
one-AS adversary. Further, intra-network observations on Mixmaster,
-along with flooding messages into the network~\cite{trickle} or
-just waiting for periods of low normal traffic, may be able to aid
-the attack by partitioning the set of messages that mix with Alice's
+along with flooding messages into the network~\cite{trickle02} or
+just waiting for periods of low traffic, may be able to aid
+the attack by shrinking the set of messages that mix with Alice's
message~\cite{disad-free-routes,minion-design}. As a simple example,
an adversary who learns the first half of Alice's path learns where to
make his next phone call to track Alice's recipient.
@@ -410,12 +411,13 @@
The pingers and
directory servers note whether each node is an \emph{exit node}---meaning
that node's operator is willing to allow traffic to exit the network
-from this node (some operators choose instead to be middleman nodes,
+from this node (some operators choose instead to be \emph{middleman} nodes,
to avoid needing to deal with abuse complaints.)
We abstract the details of fetching this list: assume Alice ends up
with a set $N$ of possible choices, of which $E \subseteq N$ are exit nodes.
-We also assume that all nodes in the network are listed as working.
+Also assume that all nodes in the network are listed as working (typically
+some nodes are listed as temporarily offline).
To build a path of length $\ell$, Alice first picks an exit node at
random from $E$, and then picks the other $\ell-1$ nodes from $N$. In the
@@ -898,7 +900,9 @@
choose entry and exit nodes to avoid traversing the same AS upon entry
and exit to the mix network.
-
+Against small adversaries (such as each AS between Alice and the anonymity
+network), it is clearly better to avoid exit nodes that traverse these
+ASes.
Even if you do something intelligent about selecting exit nodes, will
this choice provide the adversary information about where Alice is
coming from (i.e., what her direct upstream ISP is?) (I actually don't
Index: routing-zones.bib
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.bib,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- routing-zones.bib 27 Jan 2004 22:03:11 -0000 1.13
+++ routing-zones.bib 28 Jan 2004 17:44:53 -0000 1.14
@@ -13,6 +13,16 @@
type = {White Paper},
}
+@techreport{freedom2-arch,
+ title = {Freedom Systems 2.0 Architecture},
+ author = {Philippe Boucher and Adam Shostack and Ian Goldberg},
+ institution = {Zero Knowledge Systems, {Inc.}},
+ year = {2000},
+ month = {December},
+ type = {White Paper},
+ day = {18},
+}
+
@misc{riot-remap,
author = {Riot Admin},
title = {The Remailer Geographical Mapping Project},
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/