[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] More clarity/grammar.

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] More clarity/grammar.
From: rabbi@seul.org
Date: Thu, 1 Jul 2004 06:59:31 -0400 (EDT)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Thu, 01 Jul 2004 06:59:42 -0400
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net

Update of /home2/freehaven/cvsroot/doc/mixmaster-vs-reliable
In directory moria.mit.edu:/tmp/cvs-serv26528

Modified Files:
	mixvreliable.tex 
Log Message:
More clarity/grammar.


Index: mixvreliable.tex
===================================================================
RCS file: /home2/freehaven/cvsroot/doc/mixmaster-vs-reliable/mixvreliable.tex,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -d -r1.42 -r1.43
--- mixvreliable.tex	1 Jul 2004 10:35:55 -0000	1.42
+++ mixvreliable.tex	1 Jul 2004 10:59:29 -0000	1.43
@@ -595,7 +595,7 @@
 underlying host server. Many factors can impact the underlying system's
 security. Some considerations include shared access to the system by
 untrusted users, access to key material on disk or in memory, and the
-ability to insert shims to attack dynamically loaded libraries called by
+ability to insert shims to intercept dynamically loaded libraries called by
 the remailer software~\cite{slimjim}.
 
 % Shared access by untrusted users
@@ -705,23 +705,23 @@
 pcre~\cite{pcre} and ncurses~\cite{ncurses}.
 
 Reliable requires many native Windows system calls as well as the
-third-party application, Mixmaster 2.0.4.\footnote{Mixmaster 2.0.x is
-derived from an entirely different codebase than that of Mixmaster 3.0.
-While Reliable relies on the Mixmaster 2.0.4 binary for some of its
-functionality, Reliable is a independent application in its own right, and
-should not be considered a mere extension to the Mixmaster codebase.}
+third-party application, Mixmaster 2.0.4.\footnote{Mixmaster 2.0.x has an
+entirely different codebase than that of Mixmaster 3.0. While Reliable
+relies on the Mixmaster 2.0.4 binary for some of its functionality,
+Reliable is an independent application in its own right, and should not be
+considered a mere extension to the Mixmaster codebase.}
 
 \subsection{Cryptographic functions}
 
 Both Mixmaster and Reliable avoid direct implementation of cryptographic
 algorithms when possible. Mixmaster 3.0 relies strictly on OpenSSL for
 these cryptographic functions. Any attackable flaws in the cryptographic
-library used to build Mixmaster that affect the security if the
+library used to build Mixmaster that affect the security of the
 algorithms\footnote{It is understood that flaws in the cryptographic
 algorithms will affect the security of software that relies upon those
 algorithms. However, since most attacks on cryptographic applications are
 due to flaws in the implementation, care must be taken when evaluating the
-shared cryptographic libraries.} used by Mixmaster may be a an attack
+shared cryptographic libraries.} used by Mixmaster may be an attack
 against Mixmaster as well.
 
 Reliable abstracts the cryptographic operations one step further. To
@@ -739,7 +739,7 @@
 The quality of the entropy source plays an extremely important role in
 both the pool mix and S-G mix schemes. In pool mix systems, the mixing in
 the pool must be cryptographically random in order to mix the traffic in a
-non-deterministic way. The timestamps used to determine how long a message
+non-deterministic way. The timestamps that determine how long a message
 should be held by an S-G mix implementation must also be from a strong
 entropy source for the same reasons. In addition, the Mixmaster message
 format specifies the use of random data for its message and header
@@ -760,7 +760,7 @@
 and header padding (which is done by the supporting Mixmaster 2.0.4
 binary). The Rnd() function is not a cryptographically strong source of
 entropy~\cite{MSKBVB-Rnd}. Rnd() starts with a seed value and generates 
-numbers which fall within a finite range. Previous work has demonstrated
+numbers which fall within a limited range. Previous work has demonstrated
 that systems that use a known seed to a deterministic PRNG are trivially
 attackable~\cite{daw-ian-netscape}. While its use of Rnd() to determine
 the latency for a message injected into the mix is the most devastating,
@@ -770,8 +770,8 @@
 
 By analyzing the input and output traffic of a mix, a skilled attacker may
 be able to deduce the value of pool variables by timing observation. This
-affects pool-mixes more than S-G mixes, and possibly aids attacker in some
-non-host based active attacks such as $(n-1)$ attacks. The anonymity
+affects pool mixes more than S-G mixes, and possibly aids an attacker in
+some non-host based active attacks such as $(n-1)$ attacks. The anonymity
 strength of a remailer should not require pool values to be hidden, and
 countermeasures to this class of active attacks should be
 taken~\cite{rgb-mix}.
@@ -790,14 +790,14 @@
 We measure the anonymity of the pool mix scheme used in Mixmaster by
 applying a metric previously proposed in the literature. We provide our
 own metric for evaluating the anonymity of the S-G mix variant used in
-Reliable which does not assume a Poisson traffic pattern.
+Reliable that does not assume a Poisson traffic pattern.
 
 Our comparison of the two predominant mixing applications shows that
 Mixmaster provides superior anonymity, and is better suited for the
 anonymization of email messages than Reliable. Mixmaster provides a
 minimum level of anonymity at all times; Reliable does not. Reliable's
 anonymity drops to nearly zero if the traffic is very low. In high-traffic
-situations, Mixmaster provides a higher maximum of anonymity than Reliable
+situations, Mixmaster provides a higher maximum anonymity than Reliable
 for the same stream of input: $10.5$ of Mixmaster versus $10$ of Reliable.
 We have shown that Mixmaster provides higher average anonymity than
 Reliable for the same input and same average delay. Due to its nature as a
@@ -808,18 +808,18 @@
 In addition, we have identified a number of key points of attack and
 weakness in mix software to which anonymity software designers need to pay
 particular attention. In addition to the areas of theoretical weakness
-which we have identified, we discovered a fatal flaw in the use of
+that we have identified, we discovered a fatal flaw in the use of
 randomness in Reliable, which diminishes its ability to provide anonymity,
 independent of our findings with regard to the S-G mix protocol.
 
 
 We can conclude from our analysis of the mixing algorithms used by these
-mix implementations that Reliable mixes are not suitable for use with systems
-that may have occurrences of low traffic on the network. While
-Reliable mixes may be an appropriate solution for systems with a
-steady input rate, they are not suited for systems with variable input
-traffic. Mixmaster should be used for systems with fluctuating
-traffic loads. 
+mix implementations that S-G mix variants such as the one used in Reliable
+are not suitable for use with systems that may have occurrences of low
+traffic on the network. While S-G mixes may be an appropriate
+solution for systems with a steady input rate, they are not suited for
+systems with variable input traffic. Pool mixes such as Mixmaster
+should be used for systems with fluctuating traffic loads.
 
 %%% end input Len
 

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Prev by Author: [freehaven-cvs] brokering the peace between subjects and verbs -- lo...
Next by Author: [freehaven-cvs] Thank Roger and Ben, reword the timestamp thing some...
Previous by thread: [freehaven-cvs] brokering the peace between subjects and verbs -- lo...
Next by thread: [freehaven-cvs] Thank Roger and Ben, reword the timestamp thing some...
Index(es):
- Author
- Thread