[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] clean secs 3 and 4

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] clean secs 3 and 4
From: arma@seul.org (Roger Dingledine)
Date: Wed, 28 Jan 2004 17:14:02 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Wed, 28 Jan 2004 17:14:27 -0500
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net
Update of /home/freehaven/cvsroot/doc/routing-zones
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/routing-zones

Modified Files:
	routing-zones.tex 
Log Message:
clean secs 3 and 4


Index: routing-zones.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.tex,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -d -r1.43 -r1.44
--- routing-zones.tex	28 Jan 2004 21:43:02 -0000	1.43
+++ routing-zones.tex	28 Jan 2004 22:14:00 -0000	1.44
@@ -392,10 +392,10 @@
 
 \section{Modeling Techniques}
 
-In this section, we describe how we model mix-nets and Internet routing
-to draw conclusions about how vulnerable a mix-net might be to
+Here we describe how we model mix networks and Internet routing
+to draw conclusions about an anonymity network's vulnerability to
 eavesdropping by the adversary detailed in Section~\ref{sec:threat-model}.
-First we describe our model of mix-net node selection, and then we
+First we describe our model of node selection, and then we
 present our techniques for estimating the
 AS-level path between two arbitrary hosts on the Internet.
 
@@ -407,11 +407,10 @@
 of ``pinger'' software that measures node reliability and publishes keys
 and addresses for each remailer~\cite{echolot}. In Tor, clients download
 a similar network snapshot from special nodes called directory
-servers~\cite{tor-design} that play a role similar to pingers.
-The pingers and
+servers~\cite{tor-design}. The pingers and
 directory servers note whether each node is an \emph{exit node}---meaning
-that node's operator is willing to allow traffic to exit the network
-from this node (some operators choose instead to be \emph{middleman} nodes,
+its operator is willing to allow traffic to exit the network
+from the node (some operators choose instead to be \emph{middleman} nodes,
 to avoid needing to deal with abuse complaints.)
 
 We abstract how Alice gets the list: assume she has
@@ -435,27 +434,27 @@
 with the route that is the longest prefix match for $i+1$'s IP address.
 
 Unfortunately, Alice cannot generally ask for routing tables for
-each of the mix nodes when it wishes to construct a mix tunnel.  First,
-her act of requesting a routing table from a particular
-network might raise the suspicion of an eavesdropper (particularly if she
-asks for a large number of routing tables, since each full
-routing table is approximate 10 megabytes).  Second, asking each network
-that contains a mix node for its current routing table is likely to be
-quite slow, given the size of routing tables; additionally, as routes
+each of the mix nodes when constructing a mix tunnel.  First,
+her act of requesting a routing table from a particular network might
+attract the attention of an eavesdropper, particularly if she asks for a
+large number of routing tables. Second, asking each network that contains
+a mix node for its current routing table is likely to be quite slow,
+since each full routing table is approximately 10 megabytes; additionally,
+as routes
 are continually changing, parts of the table are likely to be
-out-of-date before the initiator even receives it.  Third, this method
+out-of-date even before she requests it.  Third, this method
 introduces another vulnerability to attack: if an adversary compromises
-any of the domains that contain a mix node, it could send back an
+any of the domains that contain a mix node, he could send back an
 inaccurate version of the routing table.  Because of these shortcomings,
-the initiator must be able to {\em passively} determine the AS-level
+Alice must be able to {\em passively} determine the AS-level
 path (or a reasonable approximation of it) without having visibility
-into the routing tables of each hop in the mix path.
+into the routing tables of each hop in her intended mix path.
 
 Fortunately, examining the AS paths in a BGP routing table gives a
-reasonable estimation of the Internet's AS-level topology (i.e., what
-ASes connect to what other ASes, etc.) and can provide reasonable
+reasonable estimation of %the Internet's AS-level topology (i.e.,
+what ASes connect to what other ASes, and can provide reasonable
 information about what path an arbitrary Internet host might take to
-reach any given destination.  
+reach any given destination.
 %Mao {\em et al.} have recently developed
 %similar techniques for passively determining AS-level paths between two
 %Internet hosts~\cite{Mao2004}, given a view of the AS-level topology.
@@ -481,8 +480,8 @@
   when advertising routes to another peer or provider), certain
   edges in this graph will not be globally visible.  As a result, our
   approximation of the AS-level graph may omit certain edges.
-  Typically, these missing edges will be between smaller ASes; this means
-  that our algorithm may not realize that a particular edge exists
+  Typically, these missing edges will be between smaller ASes; thus
+  our algorithm may not realize that a particular edge exists
   between two ASes and, as a result, infer the wrong AS-level path to a
   destination.  
 
@@ -512,9 +511,9 @@
   The basic idea is to exploit the {\em valley-free} property of
   Internet paths to assign pairwise relationships between ASes.  That
   is, an AS path traverses a sequence of customer-provider edges, zero
-  or one peering edges, followed by a sequence of provider-customer
-  edges.  Then, in each AS path, a AS pair can be assigned either a
-  customer-provider or a provider-customer relationship; every pair
+  or one peering edges, and then a sequence of provider-customer
+  edges.  Therefore an AS pair in each AS path can be assigned either a
+  customer-provider or a provider-customer relationship: every pair
   before the AS with the highest degree in the path is assigned a
   customer-provider relationship, and every pair after this AS is
   assigned a provider-customer relationship.  The complete details of
@@ -525,10 +524,9 @@
   the shortest AS path that complies with common policy practices.}  
 
   As AS-level path estimation techniques improve,
-  the accuracy of our analysis will also improve.  More importantly,
-  more accurate techniques for estimating the AS-level path between two
-  arbitrary Internet hosts will allow the initiator of a mix-net to make
-  more informed decisions about the mix nodes it should choose.
+  the accuracy of our analysis will also improve. %  More importantly,
+  Thus Alice can expect to be able to make informed decisions about the
+  mix nodes she should choose.
 \end{enumerate}
 
 Given both a model for how anonymizing networks select nodes and a way
@@ -920,7 +918,7 @@
 mix networks could benefit from increased diversity in node placement,
 to reduce the probability that inter-node paths traverse the same AS.
 But as mix networks expand, would nodes in certain ASes help to achieve
-better diversity than others?
+diversity better than others?
 %An interesting avenue for future work would be to explore which ASes
 %would have the most impact
 %would be most suitable for new nodes.

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/
Prev by Author: [freehaven-cvs] clean up sec3
Next by Author: [freehaven-cvs] fix earlier things, plus polish sec5
Previous by thread: [freehaven-cvs] clean up sec3
Next by thread: [freehaven-cvs] minor punctuation stuff, etc.
Index(es):
- Author
- Thread