[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] clean up sec3

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] clean up sec3
From: arma@seul.org (Roger Dingledine)
Date: Wed, 28 Jan 2004 16:43:04 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Wed, 28 Jan 2004 16:43:38 -0500
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net

Update of /home/freehaven/cvsroot/doc/routing-zones
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/routing-zones

Modified Files:
	routing-zones.tex 
Log Message:
clean up sec3


Index: routing-zones.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.tex,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -d -r1.42 -r1.43
--- routing-zones.tex	28 Jan 2004 20:15:35 -0000	1.42
+++ routing-zones.tex	28 Jan 2004 21:43:02 -0000	1.43
@@ -106,8 +106,6 @@
 we can assess the vulnerability of existing mix networks to certain classes
 of adversary.  Specifically, we define a {\em jurisdictional
 independence} metric that reflects the probability that the path to the
-% XXX unless it reflects something else. intra-network independence and
-% user-network independence? hm.
 entry point of a mix network and the path from the exit point will
 traverse the same AS.  We then consider the topologies and node
 selection algorithms of two existing mix
@@ -345,12 +343,12 @@
 \section{Threat Models}
 \label{sec:threat-model}
 
-We aim to improve anonymity against an adversary who can monitor a single
-AS. Such an adversary might be a curious ISP or a corrupt law enforcement
-officer abusing his subpoena powers.
-This threat model is based on the assumption that the ability to control
-more than one AS is significantly more difficult, either because far fewer
-ISPs exist that control multiple ASes, or because law enforcement will
+Alice wants to anonymously communicate with Bob. We aim to improve
+Alice's anonymity against an adversary who can monitor a single AS,
+for example, a curious ISP or a corrupt law enforcement officer abusing
+his subpoena powers.  We assume that the ability to control
+more than one AS is significantly more difficult, either because few
+ISPs control multiple ASes, or because law enforcement will
 be less willing to face the increased accountability and risk associated
 with obtaining multiple unapproved subpoenas.
 %By requiring the adversary to control multiple ASes, we raise the
@@ -361,14 +359,14 @@
 attacks into intra-network attacks and endpoint attacks, as described
 in Section~\ref{subsec:background-anonymity}.
 
-Endpoint attacks on low-latency networks are most likely to succeed:
+Endpoint attacks on low-latency networks are the most straightforward:
 an adversary observing both Alice and Bob can quickly learn that they
 are communicating. Onion Routing analysis~\cite{onion-routing:pet2000}
 has shown that an adversary observing $c$ of the $n$ nodes in the network
-can use endpoint attacks to break $\frac{c}{n}$ of the transactions. By
+can use endpoint attacks to break $(\frac{c}{n})^2$ of the transactions. By
 requiring the path from Alice to the anonymity network and the
 path from the anonymity network to Bob to traverse separate
-ASes, as long as the ASes do not collude, we can stop all of these
+ASes, as long as the ASes do not collude, we can prevent all of these
 observed transactions.
 
 Intra-network attacks on low-latency networks can also be useful. In
@@ -382,10 +380,9 @@
 A successful endpoint attack against a high-latency system like
 Mixmaster takes a lot more time and effort than one against a low-latency
 system like Tor. But because an observer of even a few Mixmaster nodes
-may over
-time be able to link Alice to her recipients~\cite{e2e-traffic}, our
-work also has impact on protecting such high-latency systems from a
-one-AS adversary.  Further, intra-network observations on Mixmaster,
+may over time be able to link Alice to her recipients~\cite{e2e-traffic},
+our work here also has impact on protecting such high-latency systems
+from a one-AS adversary.  Further, intra-network observations,
 along with flooding messages into the network~\cite{trickle02} or
 just waiting for periods of low traffic, may be able to aid
 the attack by shrinking the set of messages that mix with Alice's

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Prev by Author: [freehaven-cvs] put a mixmaster cite back in
Next by Author: [freehaven-cvs] clean secs 3 and 4
Previous by thread: [freehaven-cvs] put a mixmaster cite back in
Next by thread: [freehaven-cvs] clean secs 3 and 4
Index(es):
- Author
- Thread