[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] some patches to sec6, more needed

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] some patches to sec6, more needed
From: arma@seul.org (Roger Dingledine)
Date: Wed, 28 Jan 2004 21:34:35 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Wed, 28 Jan 2004 21:35:18 -0500
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net
Update of /home/freehaven/cvsroot/doc/routing-zones
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/routing-zones

Modified Files:
	routing-zones.tex 
Log Message:
some patches to sec6, more needed


Index: routing-zones.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.tex,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -d -r1.46 -r1.47
--- routing-zones.tex	29 Jan 2004 01:38:41 -0000	1.46
+++ routing-zones.tex	29 Jan 2004 02:34:33 -0000	1.47
@@ -499,8 +499,6 @@
 \vspace{0.1in} Because ASes often allocate address space to their
   customers from their own address space, this technique should be
   applied to the longest matching prefix in the routing table.
-%%{\bf XXX multiple origin AS conflicts}
-
 
 \item {\em Determine the relationships between each pair of ASes.}  This
   is a notoriously difficult problem, because ASes typically guard the
@@ -545,7 +543,7 @@
 
 \section{Data}
 
-In this section, we summarize the data that we use in our analysis of
+Here we summarize the data that we use in our analysis of
 AS-level paths in mix networks. % In our analysis of mix networks, we
 Our analysis of mix networks is based 
 %We base our analysis 
@@ -605,14 +603,16 @@
 
 \section{Results}\label{sec:results}
 
-In this section, we present the results of our analysis.  First, we
+%In this section, we present the results of our analysis.
+[Will leave this paragraph to you]
+First, we
 discuss the fundamental robustness properties of existing mix networks
-and how these properties would change in response to increased numbers
+and how these properties would change in response to an increased number
 and diversity of mix nodes.  This analysis is independent of our model
 for mix network users (i.e., senders and receivers), since we are only
 examining properties of the mix nodes themselves.  (To the extent
 possible, a user should try to minimize the ASes that can observe
-multiple edges along a mix network path.)  Second, we use our estimates
+multiple links along a mix network path.)  Second, we use our estimates
 for typical locations of senders and receivers to determine the
 robustness properties of current node selection algorithms in mix
 networks; again, we note how these properties change as the number and
@@ -630,11 +630,11 @@
 
 \subsection{Jurisdictional Independence of Mix Nodes and Paths}
 
-In this section, we explore the extent to which the nodes and paths are
-independent.  First, we analyze the ASes in which the mix nodes are
+In this section, we explore the independence of the nodes and the links
+between them. First, we analyze the ASes in which the mix nodes are
 located, for the existing Tor and Mixmaster networks.  Next, we examine
 the path properties between pairs of existing mix nodes and characterize
-the extent to which the AS-level paths pairwise mix nodes traverse
+the extent to which the AS-level paths traverse
 common ASes.  Finally, we analyze the extent to which these properties
 are dependent on the current set of nodes in each mix network;
 specifically, we examine how these robustness properties change in
@@ -648,12 +648,12 @@
 three mix nodes in AS 23504 (Speakeasy DSL), and Mixmaster has two nodes
 each in ASes 3269 (Telecom Italia), 6939 (Hurricane Electric), 7132
 (SBC), 23504 (Speakeasy DSL), and 24940 (Hetzner Online).  This lack of
-jurisdictional independence in node placement it not surprising; in
-particular, it seems to reflect the fact that these network nodes are
+jurisdictional independence in node placement is not surprising; in
+particular, it reflects the fact that these network nodes are
 operated by {\em volunteers}, many of whom commonly operate mix nodes
 from their Internet connections at home (i.e., DSL providers, etc.).
-However, the fact that there both of these networks have multiple nodes
-located in the same jurisdiction suggests that users of these mix
+However, the fact that both of these networks have multiple duplicated
+jurisdictions suggests that users of these mix
 networks should exercise caution when selecting mix nodes (particularly
 the entry and exit nodes).
 
@@ -661,7 +661,7 @@
 nodes from disjoint subsets of the IP address space will achieve
 independence in node placement; it is clear from our survey of Mixmaster
 and Tor that these types of prefix-based mechanisms are, in general,
-ineffective, and they can lead the user of the mix network into a false
+ineffective, and they can lead the user into a false
 sense of security.  For example, Tarzan and MorphMix suggest subdividing
 the node
 space into {\tt /16} prefixes, and subsequently into {\tt /24} prefixes
@@ -670,12 +670,12 @@
 single AS~\cite{freedman:ccs02,morphmix:fc04}.  Unfortunately, this
 technique does not
 necessarily increase the likelihood of jurisdictional independence: of
-the five pairs Mixmaster nodes that are located in the same AS, three of
+the five pairs of Mixmaster nodes that are located in the same AS, three of
 these pairs (those in ASes 3269, 7132, and 23504) not only have distinct
 {\tt /16} prefixes, they also have distinct {\tt /8} prefixes.
 Similarly, one of the Tor network nodes in AS 23504 has a distinct {\tt
-/16} prefix.  This suggests that, to achieve jurisdictional
-independence, a mix network should explicitly consider the actual AS of
+/16} prefix.  Thus, to achieve jurisdictional
+independence, a mix network must explicitly consider the actual AS of
 a host, not simply its IP address.
 
 Finally, we note that all of the Tor network's exit nodes are currently
@@ -763,24 +763,25 @@
 
 Second, many paths in the Internet, particularly those between two edge
 networks, will traverse at least one large ``tier-1'' ISP (i.e., an ISP
-that operates its own backbone and does not by upstream service from
+that operates its own backbone and does not buy upstream service from
 another ISP).  Not surprisingly, Table~\ref{tab:path_ind} shows that
 many of the ASes that are between a large number of mix node pairs are
 tier-1 ISPs (e.g., UUNet, Qwest, Global Crossing, AT\&T, AOL, Verio, and
 Abovenet).  
 
-The prevalence of certain ISPs between mix node pairs suggests that, as
+The prevalence of certain ISPs between mix node pairs suggests that as
 the length of a mix network path increases, the likelihood that an AS
-will be able to observe the mix network at more than one location
-increases.  To test this hypothesis, we generated random mix paths (both
-remailer paths and onion routing paths) through the mix network of
-lengths two hops through eight hops and measured the probability that
-these paths crossed the same AS on multiple edges.  For each length and
+will be able to observe the path at more than one location
+increases.  To test this hypothesis, we generated random mix paths through
+the mix network. Using both the \emph{remailer} node selection
+algorithm and the \emph{onion routing} algorithm, and varying lengths from
+two hops to eight hops, we measured the probability that
+a path crosses the same AS on multiple edges.  For each length and
 type of path, we ran 100,000 trials and counted the number of times the
 mix network path traversed the same AS more than once.
 
 Figure~\ref{fig:as_observe} shows the probability that an AS will be
-able to observe more than half of the edges along the mix network path,
+able to observe more than half of the links on the mix network path,
 for mix network paths of different lengths.  The figure shows results
 for both the Tor and Mixmaster networks, with two different node
 selection schemes: (1)~allowing the same mix node to be used twice along
@@ -789,9 +790,9 @@
 each mix node to be used only once (Tor's scheme).
 Figure~\ref{fig:as_observe} shows two interesting results.  First, for
 all mix paths longer than four hops, a single AS can observe at least half
-of the edges along the mix network path.  Second, Tor's node selection
+of the links on the mix network path.  Second, Tor's node selection
 algorithm seems to defend it slightly against observation at multiple
-edges, but this node selection scheme helps Mixmaster less.  This result
+links, but this node selection scheme helps Mixmaster less.  This result
 makes sense: because Tor has only 14 nodes, random node selection is much
 more likely to result in the same hop being used twice along a single
 mix path, if this is not explicitly prevented.

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/
Prev by Author: [freehaven-cvs] fix earlier things, plus polish sec5
Next by Author: [freehaven-cvs] edge"->"link" for mix-to-mix paths
Previous by thread: [freehaven-cvs] x-axis range was fucked
Next by thread: [freehaven-cvs] edits to 6
Index(es):
- Author
- Thread