[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] fix spelling, grammar, clarity, and correctness.

To: freehaven-cvs@xxxxxxxxxxxxx
Subject: [freehaven-cvs] fix spelling, grammar, clarity, and correctness.
From: arma@xxxxxxxx
Date: Sat, 8 Jul 2006 15:27:30 -0400 (EDT)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Sat, 08 Jul 2006 15:27:39 -0400
Reply-to: freehaven-dev@xxxxxxxxxxxxx
Sender: owner-freehaven-cvs@xxxxxxxxxxxxx
Update of /home/freehaven/cvsroot/doc/alpha-mixing
In directory moria:/home/arma/work/freehaven/doc/alpha-mixing

Modified Files:
	alpha-mixing.tex alpha-mixing.bib 
Log Message:
fix spelling, grammar, clarity, and correctness.
i believe none of these fixes will be controversial.


Index: alpha-mixing.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/alpha-mixing/alpha-mixing.tex,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -d -r1.38 -r1.39
--- alpha-mixing.tex	2 Jun 2006 21:49:33 -0000	1.38
+++ alpha-mixing.tex	8 Jul 2006 19:27:28 -0000	1.39
@@ -30,8 +30,8 @@
 
 \begin{document}
 
-\title{Blending different latency traffic\\with alpha-mixing\\
-\normalsize{(Pre-proceedings Draft)}}
+\title{Blending different latency traffic\\with alpha-mixing}
+%\normalsize{(Pre-proceedings Draft)}}
 %\title{Alpha-mixing or Getting Personal with the Adversary}
 
 \author{Roger Dingledine\inst{1} \and Andrei Serjantov\inst{2} \and Paul Syverson\inst{3}}
@@ -121,7 +121,8 @@
 and analysing the anonymity properties they can provide to users with
 different security preferences. Next we look at the strategies users
 should follow when picking the security parameter for each mix in the
-message's path.  Thirdly, we look at the incentives users have for
+message's path.  In Section~\ref{sec:strategic-choice}, we look at the
+incentives users have for
 choosing a high security parameter themselves rather than expecting
 others to take the latency penalty (and thus provide more anonymity to
 everyone). Lastly we consider more sophisticated alpha-mixing
@@ -191,7 +192,7 @@
 It is also possible to have a threshold-or-timed alpha mix in which
 all messages are decremented in the alpha stack if either $t$ seconds
 have passed or $n$ messages have arrived.
-Similarly, one can have a threshold-and-timed mix
+Similarly, one can have a threshold-and-timed alpha mix
 to reduce the effective rate of flooding attacks~\cite{trickle02}.
 Even more complex variants of these designs are discussed in
 Section~\ref{sec:beta-alpha}.
@@ -201,9 +202,9 @@
 \label{sec:passive-adversary-anonymity}
 
 Here we describe the anonymity for a threshold alpha mix during
-steady-state (messages arrive with various alphas at a regular rate, and
+steady-state (i.e., messages arrive with various alphas at a regular rate, and
 the mix fires at regular intervals). In this case the threshold mix is
-indistinguishable by a local external passive adversary from a timed mix.
+indistinguishable by a local observer from a timed mix.
 
 We assume the adversary does not know the specific alpha of any
 message entering the mix, e.g., that this is provided to the mix
@@ -241,7 +242,7 @@
 \end{proof}
 
 If the adversary does know the strategy (although still not the actual
-initial $\alpha$) for each message, then the anonymity of $M$ is
+$\alpha$) for each incoming message, then the anonymity of $M$ is
 unaffected by the strategy that other messages use for choosing $\alpha$
 in a steady-state network. However, if the strategies are not known,
 then choosing $\alpha$ from a broader range increases the anonymity
@@ -287,15 +288,15 @@
 Consider sender anonymity in the setting of just one mix, illustrated
 on two rounds only (equivalently, suppose maximum alpha is 1):
 
-Round 1: $I_1 = i_{1,1} \ldots i_{n,1}$ entered the mix, messages
+Round 1: $I_1 = i_{1,1} \ldots i_{m,1}$ entered the mix, messages
 $o_{1,1} \ldots o_{x,1}$ came out.
 
-Round 2: $I_2 = i_{1,2} \ldots i_{m,2}$ entered, messages $o_{1,2}
+Round 2: $I_2 = i_{1,2} \ldots i_{n,2}$ entered, messages $o_{1,2}
 \ldots o_{y,2}$ came out.
 
-$\alpha(x)$ is the set of possible alphas of message $x$ as known by
+Let $\alpha(x)$ be the set of possible alphas of message $x$ as known by
 the attacker. Note that if the attacker knows nothing, then $\forall x,\ 
-\alpha(x) = \{0,1\}$
+\alpha(x) = \{0,1\}$.
 
 Our target message is $o_{1,2}$. The sender anonymity set (in
 messages) is:
@@ -378,7 +379,7 @@
 \label{sec:distributing-alpha}
 
 In the previous section we discussed the fact that an adversary who
-can learn about the senders's alphas can weaken her anonymity. For
+can learn about the sender's alphas can weaken her anonymity. For
 example, sending only high
 value messages and picking high security parameters for them can actually
 decrease anonymity.
@@ -397,7 +398,7 @@
 is concerned about security.
 
 One possible solution for picking a sequence of $\alpha^{(i)}$ (where
-the `$(i)$' represents the $i^{th}$ mix in the route) is precisely to
+the ``$(i)$'' represents the $i^{th}$ mix in the route) is simply to
 pick from a uniform distribution over the partitions of $\Sigma
 \alpha$ into $\ell$ buckets where the buckets themselves are
 indistinguishable. The number of such partitions are given by
@@ -429,13 +430,14 @@
 and hence obtain a sequence of alphas to insert into the message.
 
 If we wish to guarantee that neither the first nor the last mix can
-locally know anything the about sensitivity level of a message, we can
+locally know anything about the sensitivity level of a message, we can
 simply stipulate for message $M$ that $\alpha^{(0)}_{M} =
 \alpha^{(n)}_{M} = 0$ (for a path length of $n+1$). Similarly we
 could stipulate that $\alpha^{(1)}_{M} = \alpha^{(n-1)}_{M} \leq
 1$, etc.  The tradeoff is that with each such move we are reducing
 what an adversary observing just the endpoints can learn about
-sensitivity of messages, but fewer nodes in the center learn more
+sensitivity of messages, but a more concentrated set of nodes in the
+center learn more
 about the sensitivity of messages. Against an adversary who controls
 the central
 node(s) combined with, e.g., a global passive observer, our protection
@@ -477,7 +479,7 @@
 Our focus so far has been on steady-state networks with
 passive adversaries. However, we want to provide uncertainty
 even in edge cases where there is a momentarily lull in
-traffic~\cite{pet2003-diaz,trickle02}.  An active attacker
+traffic~\cite{mixmaster-reliable,pet2003-diaz,trickle02}.  An active attacker
 can arrange an edge case via blending attacks, but a passive attacker
 can also simply wait for an edge case to occur.  For timed mixes there
 will be occasions when only a single message enters and leaves the mix in
@@ -538,6 +540,7 @@
 (cf.\ Section~\ref{sec:distributing-alpha}).
 
 \section{Strategic Choice of Alpha}
+\label{sec:strategic-choice}
 
 As observed in Section~\ref{sec:passive-adversary-anonymity}, the
 anonymity of any message can be improved by greater uncertainty about
@@ -548,7 +551,7 @@
 This can be viewed as a commons: everybody will hope that somebody
 else takes the latency hit.
 
-There are two ways to resolve this risk though.
+There are two ways to resolve this risk.
 First, note that not all users have the same sensitivity level: some
 users favor performance and others favor anonymity. Three factors are
 most important in characterizing the utility function for our users:
@@ -589,7 +592,7 @@
 the behavior of others, and their own needs. Thus if we can prescribe
 recommendations for choice of alpha, for example based on analysis and
 observed patterns within the network, we can expect most people to
-heed them. (Although they may not follow them --- we can expect
+heed them. (On the other hand, they may not --- we can also expect
 hyperbolic discounting of risk, disregard of risk for expedience,
 etc.~\cite{acquisti04}.)
 
@@ -614,7 +617,7 @@
 complex designs that are harder to analyse fully but may provide better
 protection against stronger attacks.
 
-\subsection{Preventing end-to-end timing on alpha mixnets}
+\subsection{Preventing end-to-end timing attacks on alpha mixnets}
 
 The prior work that is probably most similar to alpha mixing is
 stop-and-go mixing~\cite{stop-and-go}. In stop-and-go mixing, the sender
@@ -628,13 +631,13 @@
 even if some nodes in the path are not adequately synchronized.
 On the other hand, this flexibility is also a flaw: an adversary that
 is global-passive except for being able to delay messages from a single
-sender could, e.g., batch up a victim's messages and
+sender could batch up a victim's messages and
 send them through an alpha mixnet all at once. Unless all the messages have
 $\sum \alpha = 0$ the adversary will gain limited information from this attack,
-but can in principle still learn more than from a stop-and-go mixnet.
+but he can still learn more than from a stop-and-go mixnet.
 
 We could include timestamps along with the $\alpha$ that each mix
-receives with a message and require that the message be dropped if it
+receives, and require that the message be dropped if it
 arrives more than some delta from the timestamp. This would make
 timed alpha mixes essentially equivalent to stop-and-go mixes, which
 might prove useful against timing correlations by such an adversary.
@@ -671,7 +674,7 @@
 more sensitive by their senders than the first, in a stepped linear
 order of sensitivity. And by sending in messages of his own at known
 alpha levels above $0$ the adversary can learn the exact levels of the
-messages that emerge between his messages at that alpha level. Then,
+messages that emerge between his messages. Then,
 by flooding first $\alpha = \ell$, then $\alpha = \ell-1$, \ldots, then
 $\alpha = 0$, the adversary can guarantee a flush of the mix all the
 way up to $\alpha = \ell$ while also learning the alpha level of most of
@@ -692,12 +695,12 @@
 %An alternate threshold alpha mixing scheme would only fire when
 %$n$ messages of $\alpha = 0$ have arrived. That is, 
 
-We could also require that the firing of the mix be
-threshold-and-timed, which would prevent the adversary from triggering
-an alpha-stack dump by only allowing messages of one alpha level to
-emerge in one time interval. It is unclear what the local advantage is
+We could also use a
+threshold-and-timed mix, which would prevent the adversary from triggering
+an alpha-stack dump because only messages of one alpha level will
+emerge in each time interval. It is unclear what the local advantage is
 of this vs.\ the above multilevel-batching threshold mix. In addition,
-having timed-and-threshold batching would preclude the predictability
+having threshold-and-timed batching would preclude the predictability
 advantages of timed mixes while the multilevel-batching approach could
 potentially offer faster performance. The primary risk of not having
 timing limitations on mix firing is the end-to-end effects that the
@@ -719,7 +722,7 @@
 $\alpha_{M,i+1} = f(\alpha_{M,i}, \mathit{Pool}(\alpha_{M,i}))$
 where \\
 $\mathit{Pool}(\alpha_{M,i}) = | \{M' : 1 \leq \alpha_{M',i-1} \leq
-\alpha_{M',i-1} \} | $
+\alpha_{M,i-1} \} | $
 
 We believe that $f$ would typically be monotonically nonincreasing.
 The sender gives $f_M$ to a mix along with $\alpha_{M}$. We would
@@ -728,7 +731,7 @@
 idea is that alphas decrease but only as a function of the
 current alpha level of the message and how many messages
 are in the pool below it. We have also limited the input of
-$f$ to messages that were given an $\alpha > 0$, although this
+$f$ to messages that arrived with a non-zero alpha, although this
 is not necessary. This effectively puts each message in a dynamic
 pool, which could also be timed.
 
@@ -808,11 +811,11 @@
 some scenarios of attacker's knowledge about it. However, the more
 complex dynamic-alpha mixes and tau mixes are yet to be analysed; this seems
 difficult as we need to make some assumptions both about how users
-choose ther security parameters and what the attacker knows about them.
+choose their security parameters and what the attacker knows about them.
 
 \paragraph{User behavior:} However much we postulate about how users
 behave, there is no substitute for actually getting user profiles
-and learning how to incent them to behave securely. We expect that
+and learning how to create incentives for secure behavior. We expect that
 unless we protect our users, they will try to condition their security
 parameter on the threat level of the message; as we have seen above
 this reduces rather than increases anonymity.

Index: alpha-mixing.bib
===================================================================
RCS file: /home/freehaven/cvsroot/doc/alpha-mixing/alpha-mixing.bib,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- alpha-mixing.bib	2 Jun 2006 21:49:33 -0000	1.8
+++ alpha-mixing.bib	8 Jul 2006 19:27:28 -0000	1.9
@@ -547,3 +547,13 @@
   month = {June},
 }
 
+@inproceedings{mixmaster-reliable,
+  title = {Comparison between two practical mix designs},
+  author = {Claudia D\'{\i}az and Len Sassaman and Evelyne Dewitte},
+  booktitle = {Proceedings of ESORICS 2004},
+  year = {2004},
+  month = {September},
+  address = {France},
+  series = {LNCS},
+}
+

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxx with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/
Next by Author: [freehaven-cvs] three questions that need more attention, possibly c...
Next by thread: [freehaven-cvs] three questions that need more attention, possibly c...
Index(es):
- Author
- Thread