[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] clean secs 3 and 4
Update of /home/freehaven/cvsroot/doc/routing-zones
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/routing-zones
Modified Files:
routing-zones.tex
Log Message:
clean secs 3 and 4
Index: routing-zones.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.tex,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -d -r1.43 -r1.44
--- routing-zones.tex 28 Jan 2004 21:43:02 -0000 1.43
+++ routing-zones.tex 28 Jan 2004 22:14:00 -0000 1.44
@@ -392,10 +392,10 @@
\section{Modeling Techniques}
-In this section, we describe how we model mix-nets and Internet routing
-to draw conclusions about how vulnerable a mix-net might be to
+Here we describe how we model mix networks and Internet routing
+to draw conclusions about an anonymity network's vulnerability to
eavesdropping by the adversary detailed in Section~\ref{sec:threat-model}.
-First we describe our model of mix-net node selection, and then we
+First we describe our model of node selection, and then we
present our techniques for estimating the
AS-level path between two arbitrary hosts on the Internet.
@@ -407,11 +407,10 @@
of ``pinger'' software that measures node reliability and publishes keys
and addresses for each remailer~\cite{echolot}. In Tor, clients download
a similar network snapshot from special nodes called directory
-servers~\cite{tor-design} that play a role similar to pingers.
-The pingers and
+servers~\cite{tor-design}. The pingers and
directory servers note whether each node is an \emph{exit node}---meaning
-that node's operator is willing to allow traffic to exit the network
-from this node (some operators choose instead to be \emph{middleman} nodes,
+its operator is willing to allow traffic to exit the network
+from the node (some operators choose instead to be \emph{middleman} nodes,
to avoid needing to deal with abuse complaints.)
We abstract how Alice gets the list: assume she has
@@ -435,27 +434,27 @@
with the route that is the longest prefix match for $i+1$'s IP address.
Unfortunately, Alice cannot generally ask for routing tables for
-each of the mix nodes when it wishes to construct a mix tunnel. First,
-her act of requesting a routing table from a particular
-network might raise the suspicion of an eavesdropper (particularly if she
-asks for a large number of routing tables, since each full
-routing table is approximate 10 megabytes). Second, asking each network
-that contains a mix node for its current routing table is likely to be
-quite slow, given the size of routing tables; additionally, as routes
+each of the mix nodes when constructing a mix tunnel. First,
+her act of requesting a routing table from a particular network might
+attract the attention of an eavesdropper, particularly if she asks for a
+large number of routing tables. Second, asking each network that contains
+a mix node for its current routing table is likely to be quite slow,
+since each full routing table is approximately 10 megabytes; additionally,
+as routes
are continually changing, parts of the table are likely to be
-out-of-date before the initiator even receives it. Third, this method
+out-of-date even before she requests it. Third, this method
introduces another vulnerability to attack: if an adversary compromises
-any of the domains that contain a mix node, it could send back an
+any of the domains that contain a mix node, he could send back an
inaccurate version of the routing table. Because of these shortcomings,
-the initiator must be able to {\em passively} determine the AS-level
+Alice must be able to {\em passively} determine the AS-level
path (or a reasonable approximation of it) without having visibility
-into the routing tables of each hop in the mix path.
+into the routing tables of each hop in her intended mix path.
Fortunately, examining the AS paths in a BGP routing table gives a
-reasonable estimation of the Internet's AS-level topology (i.e., what
-ASes connect to what other ASes, etc.) and can provide reasonable
+reasonable estimation of %the Internet's AS-level topology (i.e.,
+what ASes connect to what other ASes, and can provide reasonable
information about what path an arbitrary Internet host might take to
-reach any given destination.
+reach any given destination.
%Mao {\em et al.} have recently developed
%similar techniques for passively determining AS-level paths between two
%Internet hosts~\cite{Mao2004}, given a view of the AS-level topology.
@@ -481,8 +480,8 @@
when advertising routes to another peer or provider), certain
edges in this graph will not be globally visible. As a result, our
approximation of the AS-level graph may omit certain edges.
- Typically, these missing edges will be between smaller ASes; this means
- that our algorithm may not realize that a particular edge exists
+ Typically, these missing edges will be between smaller ASes; thus
+ our algorithm may not realize that a particular edge exists
between two ASes and, as a result, infer the wrong AS-level path to a
destination.
@@ -512,9 +511,9 @@
The basic idea is to exploit the {\em valley-free} property of
Internet paths to assign pairwise relationships between ASes. That
is, an AS path traverses a sequence of customer-provider edges, zero
- or one peering edges, followed by a sequence of provider-customer
- edges. Then, in each AS path, a AS pair can be assigned either a
- customer-provider or a provider-customer relationship; every pair
+ or one peering edges, and then a sequence of provider-customer
+ edges. Therefore an AS pair in each AS path can be assigned either a
+ customer-provider or a provider-customer relationship: every pair
before the AS with the highest degree in the path is assigned a
customer-provider relationship, and every pair after this AS is
assigned a provider-customer relationship. The complete details of
@@ -525,10 +524,9 @@
the shortest AS path that complies with common policy practices.}
As AS-level path estimation techniques improve,
- the accuracy of our analysis will also improve. More importantly,
- more accurate techniques for estimating the AS-level path between two
- arbitrary Internet hosts will allow the initiator of a mix-net to make
- more informed decisions about the mix nodes it should choose.
+ the accuracy of our analysis will also improve. % More importantly,
+ Thus Alice can expect to be able to make informed decisions about the
+ mix nodes she should choose.
\end{enumerate}
Given both a model for how anonymizing networks select nodes and a way
@@ -920,7 +918,7 @@
mix networks could benefit from increased diversity in node placement,
to reduce the probability that inter-node paths traverse the same AS.
But as mix networks expand, would nodes in certain ASes help to achieve
-better diversity than others?
+diversity better than others?
%An interesting avenue for future work would be to explore which ASes
%would have the most impact
%would be most suitable for new nodes.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/