[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] add the start of a dist-trust section. roger--what a...

To: freehaven-cvs@xxxxxxxxxxxxx
Subject: [freehaven-cvs] add the start of a dist-trust section. roger--what a...
From: nickm@xxxxxxxx (Nick Mathewson)
Date: Sat, 1 Jan 2005 15:59:31 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Sat, 01 Jan 2005 16:00:02 -0500
Reply-to: freehaven-dev@xxxxxxxxxxxxx
Sender: owner-freehaven-cvs@xxxxxxxxxxxxx

Update of /home/freehaven/cvsroot/doc/wupss04
In directory moria.mit.edu:/tmp/cvs-serv24039/wupss04

Modified Files:
	usability.tex 
Log Message:
add the start of a dist-trust section. roger--what analysis do we want here?

Index: usability.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/wupss04/usability.tex,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- usability.tex	31 Dec 2004 20:02:28 -0000	1.17
+++ usability.tex	1 Jan 2005 20:59:28 -0000	1.18
@@ -109,7 +109,7 @@
 %  - Confusion about what's really happening.
 %  - Too easy to social-engineer users into abandoning.
 
-\section{Usability is even more a security parameter when it comes to privacy}
+\section{Usability is even more a security parameter for privacy}
 
 Usability affects security in systems that aim to protect data
 confidentiality.  But when the goal is {\it privacy}, it can become even
@@ -161,6 +161,7 @@
 networks may need to choose their systems based on how usable others will
 find them, in order to get the protection of a larger anonymity set.
 
+
 \section{Case study: Usability means users, users mean security}
 
 We'll consider an example.  Practical anonymizing networks fall into two broad
@@ -211,6 +212,34 @@
 what their expected attacker can do, the researchers still don't know
 what parameter values to recommend.
 
+\section{Case study: security versus simplicity}
+
+% This prose is kinda ugly.
+Readers familiar with existing commercial anonymity solutions may be
+surprised by the discussion of anonymity networks above, since most of the
+market (with the exception of Zero Knowledge's Systems' defunct Freedom
+offering~\cite{freedom}) have been based on a set of single-hop proxies.  In
+these systems, a user connects to a single proxy, which then relays the
+user's traffic.  This has negative security implications, in that a single
+compromised proxy can trivially observe all of its users' actions; and in
+that an eavesdropper only needs to watch a single proxy to perform timing
+correlation attacks against all its users' traffic.
+
+With distributed-trust anonymity networks like Tor, JAP, Mixminion,
+Mixmaster, however, users direct their traffic through a series of servers,
+each of which removes a single layer of encryption, and none of which knows
+the entire path from the user to the user's chosen destination.  Because of
+this, an attacker can't break the user's anonymity by compromising or
+eavesdropping on only a single server.
+
+Despite their increased security, distributed-trust anonymity networks have
+their disadvantages.  Because traffic needs to be relayed through multiple
+servers, performance is often (but not always) worse.  Also, the software to
+implement a distributed-trust anonymity network is significantly more
+difficult to design and implement.
+
+% XXXX arma -- can you add some analysis here?
+
 \section{Case study: against options}
 
 Too often, designers faced with a security decision bow out, and instead

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxx with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Next by Author: [freehaven-cvs] fix freedom cite
Next by thread: [freehaven-cvs] fix freedom cite
Index(es):
- Author
- Thread