[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] some patches to sec6, more needed
Update of /home/freehaven/cvsroot/doc/routing-zones
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/routing-zones
Modified Files:
routing-zones.tex
Log Message:
some patches to sec6, more needed
Index: routing-zones.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.tex,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -d -r1.46 -r1.47
--- routing-zones.tex 29 Jan 2004 01:38:41 -0000 1.46
+++ routing-zones.tex 29 Jan 2004 02:34:33 -0000 1.47
@@ -499,8 +499,6 @@
\vspace{0.1in} Because ASes often allocate address space to their
customers from their own address space, this technique should be
applied to the longest matching prefix in the routing table.
-%%{\bf XXX multiple origin AS conflicts}
-
\item {\em Determine the relationships between each pair of ASes.} This
is a notoriously difficult problem, because ASes typically guard the
@@ -545,7 +543,7 @@
\section{Data}
-In this section, we summarize the data that we use in our analysis of
+Here we summarize the data that we use in our analysis of
AS-level paths in mix networks. % In our analysis of mix networks, we
Our analysis of mix networks is based
%We base our analysis
@@ -605,14 +603,16 @@
\section{Results}\label{sec:results}
-In this section, we present the results of our analysis. First, we
+%In this section, we present the results of our analysis.
+[Will leave this paragraph to you]
+First, we
discuss the fundamental robustness properties of existing mix networks
-and how these properties would change in response to increased numbers
+and how these properties would change in response to an increased number
and diversity of mix nodes. This analysis is independent of our model
for mix network users (i.e., senders and receivers), since we are only
examining properties of the mix nodes themselves. (To the extent
possible, a user should try to minimize the ASes that can observe
-multiple edges along a mix network path.) Second, we use our estimates
+multiple links along a mix network path.) Second, we use our estimates
for typical locations of senders and receivers to determine the
robustness properties of current node selection algorithms in mix
networks; again, we note how these properties change as the number and
@@ -630,11 +630,11 @@
\subsection{Jurisdictional Independence of Mix Nodes and Paths}
-In this section, we explore the extent to which the nodes and paths are
-independent. First, we analyze the ASes in which the mix nodes are
+In this section, we explore the independence of the nodes and the links
+between them. First, we analyze the ASes in which the mix nodes are
located, for the existing Tor and Mixmaster networks. Next, we examine
the path properties between pairs of existing mix nodes and characterize
-the extent to which the AS-level paths pairwise mix nodes traverse
+the extent to which the AS-level paths traverse
common ASes. Finally, we analyze the extent to which these properties
are dependent on the current set of nodes in each mix network;
specifically, we examine how these robustness properties change in
@@ -648,12 +648,12 @@
three mix nodes in AS 23504 (Speakeasy DSL), and Mixmaster has two nodes
each in ASes 3269 (Telecom Italia), 6939 (Hurricane Electric), 7132
(SBC), 23504 (Speakeasy DSL), and 24940 (Hetzner Online). This lack of
-jurisdictional independence in node placement it not surprising; in
-particular, it seems to reflect the fact that these network nodes are
+jurisdictional independence in node placement is not surprising; in
+particular, it reflects the fact that these network nodes are
operated by {\em volunteers}, many of whom commonly operate mix nodes
from their Internet connections at home (i.e., DSL providers, etc.).
-However, the fact that there both of these networks have multiple nodes
-located in the same jurisdiction suggests that users of these mix
+However, the fact that both of these networks have multiple duplicated
+jurisdictions suggests that users of these mix
networks should exercise caution when selecting mix nodes (particularly
the entry and exit nodes).
@@ -661,7 +661,7 @@
nodes from disjoint subsets of the IP address space will achieve
independence in node placement; it is clear from our survey of Mixmaster
and Tor that these types of prefix-based mechanisms are, in general,
-ineffective, and they can lead the user of the mix network into a false
+ineffective, and they can lead the user into a false
sense of security. For example, Tarzan and MorphMix suggest subdividing
the node
space into {\tt /16} prefixes, and subsequently into {\tt /24} prefixes
@@ -670,12 +670,12 @@
single AS~\cite{freedman:ccs02,morphmix:fc04}. Unfortunately, this
technique does not
necessarily increase the likelihood of jurisdictional independence: of
-the five pairs Mixmaster nodes that are located in the same AS, three of
+the five pairs of Mixmaster nodes that are located in the same AS, three of
these pairs (those in ASes 3269, 7132, and 23504) not only have distinct
{\tt /16} prefixes, they also have distinct {\tt /8} prefixes.
Similarly, one of the Tor network nodes in AS 23504 has a distinct {\tt
-/16} prefix. This suggests that, to achieve jurisdictional
-independence, a mix network should explicitly consider the actual AS of
+/16} prefix. Thus, to achieve jurisdictional
+independence, a mix network must explicitly consider the actual AS of
a host, not simply its IP address.
Finally, we note that all of the Tor network's exit nodes are currently
@@ -763,24 +763,25 @@
Second, many paths in the Internet, particularly those between two edge
networks, will traverse at least one large ``tier-1'' ISP (i.e., an ISP
-that operates its own backbone and does not by upstream service from
+that operates its own backbone and does not buy upstream service from
another ISP). Not surprisingly, Table~\ref{tab:path_ind} shows that
many of the ASes that are between a large number of mix node pairs are
tier-1 ISPs (e.g., UUNet, Qwest, Global Crossing, AT\&T, AOL, Verio, and
Abovenet).
-The prevalence of certain ISPs between mix node pairs suggests that, as
+The prevalence of certain ISPs between mix node pairs suggests that as
the length of a mix network path increases, the likelihood that an AS
-will be able to observe the mix network at more than one location
-increases. To test this hypothesis, we generated random mix paths (both
-remailer paths and onion routing paths) through the mix network of
-lengths two hops through eight hops and measured the probability that
-these paths crossed the same AS on multiple edges. For each length and
+will be able to observe the path at more than one location
+increases. To test this hypothesis, we generated random mix paths through
+the mix network. Using both the \emph{remailer} node selection
+algorithm and the \emph{onion routing} algorithm, and varying lengths from
+two hops to eight hops, we measured the probability that
+a path crosses the same AS on multiple edges. For each length and
type of path, we ran 100,000 trials and counted the number of times the
mix network path traversed the same AS more than once.
Figure~\ref{fig:as_observe} shows the probability that an AS will be
-able to observe more than half of the edges along the mix network path,
+able to observe more than half of the links on the mix network path,
for mix network paths of different lengths. The figure shows results
for both the Tor and Mixmaster networks, with two different node
selection schemes: (1)~allowing the same mix node to be used twice along
@@ -789,9 +790,9 @@
each mix node to be used only once (Tor's scheme).
Figure~\ref{fig:as_observe} shows two interesting results. First, for
all mix paths longer than four hops, a single AS can observe at least half
-of the edges along the mix network path. Second, Tor's node selection
+of the links on the mix network path. Second, Tor's node selection
algorithm seems to defend it slightly against observation at multiple
-edges, but this node selection scheme helps Mixmaster less. This result
+links, but this node selection scheme helps Mixmaster less. This result
makes sense: because Tor has only 14 nodes, random node selection is much
more likely to result in the same hop being used twice along a single
mix path, if this is not explicitly prevented.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/