[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] further tweaks and edits

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] further tweaks and edits
From: arma@seul.org (Roger Dingledine)
Date: Wed, 28 Jan 2004 12:44:55 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Wed, 28 Jan 2004 12:45:41 -0500
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net

Update of /home/freehaven/cvsroot/doc/routing-zones
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/routing-zones

Modified Files:
	routing-zones.tex routing-zones.bib 
Log Message:
further tweaks and edits


Index: routing-zones.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.tex,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -d -r1.32 -r1.33
--- routing-zones.tex	28 Jan 2004 17:40:01 -0000	1.32
+++ routing-zones.tex	28 Jan 2004 17:44:53 -0000	1.33
@@ -168,7 +168,7 @@
 but at
 the cost of requiring high and variable latency. Other systems, such as
 Onion Routing or its successor Tor~\cite{tor-design,or-jsac98} and the
-Freedom network~\cite{freedom21-arch}, support
+Freedom network~\cite{freedom2-arch}, support
 low-latency transactions such as web browsing, but necessarily have a
 weaker threat model.
 
@@ -363,9 +363,9 @@
 are communicating. Onion Routing analysis~\cite{onion-routing:pet2000}
 has shown that an adversary observing $c$ of the $n$ nodes in the network
 can use endpoint attacks to break $\frac{c}{n}$ of the transactions. By
-requiring the connection from Alice to the anonymity network and the
-connection from the anonymity network to Bob to travel over separate
-ASes, as long as the ASes do not collude, we can prevent all of these
+requiring the path from Alice to the anonymity network and the
+path from the anonymity network to Bob to traverse separate
+ASes, as long as the ASes do not collude, we can stop all of these
 observed transactions.
 
 Intra-network attacks on low-latency networks can also be useful. In
@@ -378,13 +378,14 @@
 
 A successful endpoint attack against a high-latency system like
 Mixmaster takes a lot more time and effort than one against a low-latency
-system like Tor. But because an observer of even a few nodes may over
+system like Tor. But because an observer of even a few Mixmaster nodes
+may over
 time be able to link Alice to her recipients~\cite{e2e-traffic}, our
 work also has impact on protecting such high-latency systems from a
 one-AS adversary.  Further, intra-network observations on Mixmaster,
-along with flooding messages into the network~\cite{trickle} or
-just waiting for periods of low normal traffic, may be able to aid
-the attack by partitioning the set of messages that mix with Alice's
+along with flooding messages into the network~\cite{trickle02} or
+just waiting for periods of low traffic, may be able to aid
+the attack by shrinking the set of messages that mix with Alice's
 message~\cite{disad-free-routes,minion-design}. As a simple example,
 an adversary who learns the first half of Alice's path learns where to
 make his next phone call to track Alice's recipient.
@@ -410,12 +411,13 @@
 The pingers and
 directory servers note whether each node is an \emph{exit node}---meaning
 that node's operator is willing to allow traffic to exit the network
-from this node (some operators choose instead to be middleman nodes,
+from this node (some operators choose instead to be \emph{middleman} nodes,
 to avoid needing to deal with abuse complaints.)
 
 We abstract the details of fetching this list: assume Alice ends up
 with a set $N$ of possible choices, of which $E \subseteq N$ are exit nodes.
-We also assume that all nodes in the network are listed as working.
+Also assume that all nodes in the network are listed as working (typically
+some nodes are listed as temporarily offline).
 
 To build a path of length $\ell$, Alice first picks an exit node at
 random from $E$, and then picks the other $\ell-1$ nodes from $N$. In the
@@ -898,7 +900,9 @@
 choose entry and exit nodes to avoid traversing the same AS upon entry
 and exit to the mix network.
 
-
+Against small adversaries (such as each AS between Alice and the anonymity
+network), it is clearly better to avoid exit nodes that traverse these
+ASes.
 Even if you do something intelligent about selecting exit nodes, will
 this choice provide the adversary information about where Alice is
 coming from (i.e., what her direct upstream ISP is?)  (I actually don't

Index: routing-zones.bib
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.bib,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- routing-zones.bib	27 Jan 2004 22:03:11 -0000	1.13
+++ routing-zones.bib	28 Jan 2004 17:44:53 -0000	1.14
@@ -13,6 +13,16 @@
   type = {White Paper}, 
 }
 
+@techreport{freedom2-arch,
+  title = {Freedom Systems 2.0 Architecture},
+  author = {Philippe Boucher and Adam Shostack and Ian Goldberg},
+  institution = {Zero Knowledge Systems, {Inc.}},
+  year = {2000},
+  month = {December},
+  type = {White Paper},
+  day = {18},
+}
+
 @misc{riot-remap,
   author = {Riot Admin},
   title = {The Remailer Geographical Mapping Project},

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Prev by Author: [freehaven-cvs] make the threat model not suck
Next by Author: [freehaven-cvs] clean up 7.1
Previous by thread: [freehaven-cvs] first pass of edits
Next by thread: [freehaven-cvs] tweaks
Index(es):
- Author
- Thread