[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] tweaks throughout, update bib entries, shrink our ma...

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] tweaks throughout, update bib entries, shrink our ma...
From: arma@seul.org (Roger Dingledine)
Date: Tue, 8 Jun 2004 00:12:43 -0400 (EDT)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Tue, 08 Jun 2004 00:13:48 -0400
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net
Update of /home/freehaven/cvsroot/doc/routing-zones
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/routing-zones

Modified Files:
	routing-zones.tex routing-zones.bib 
Log Message:
tweaks throughout, update bib entries, shrink our margins


Index: routing-zones.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.tex,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -d -r1.63 -r1.64
--- routing-zones.tex	29 Jan 2004 07:11:31 -0000	1.63
+++ routing-zones.tex	8 Jun 2004 04:12:41 -0000	1.64
@@ -12,6 +12,12 @@
     %  \setlength{\topsep}{0mm}
     }}{\end{list}}
 
+\textwidth16cm
+\textheight21cm
+\topmargin0mm
+\oddsidemargin3mm
+\evensidemargin3mm
+
 \begin{document}
 
 %\title{Automated Jurisdictional Arbitrage}
@@ -27,8 +33,8 @@
 
 \begin{abstract}
 
-Anonymity networks have long relied on the diversity of nodes in the
-infrastructure for protection against attacks---typically an adversary who
+Anonymity networks have long relied on diversity of node location for
+protection against attacks---typically an adversary who
 can observe a larger fraction of the network can launch a more effective
 attack. We investigate the diversity of two deployed anonymity networks,
 Mixmaster and Tor, with respect to an adversary who controls a single
@@ -59,11 +65,11 @@
 \cite{mixmaster-spec}, an adversary who observes a large volume of
 network traffic can notice over time that certain recipients are more
 likely to receive messages after particular senders have transmitted messages
-\cite{disad-free-routes,statistical-disclosure,e2e-traffic}. Low-latency
+\cite{statistical-disclosure,e2e-traffic}. Low-latency
 networks like Onion Routing~\cite{tor-design,or-jsac98} are more directly
 vulnerable: an eavesdropper on both ends of the connection can quickly
 link sender to recipient through packet counting or timing attacks
-\cite{defensive-dropping,SS03}.
+\cite{defensive-dropping,SS03,danezis-pet2004}.
 
 Anonymity designs use three major strategies to mitigate these attacks.
 \begin{tightlist}
@@ -76,7 +82,7 @@
 receiver~\cite{langos02,pipenet,defensive-dropping}.
 \item {\bf{Dispersal:}} Reducing the chance that the adversary sees
 both endpoints for a given communication may entirely block some
-attacks on low-latency networks, and disrupting intersection attacks on
+attacks on low-latency networks, and slow intersection attacks on
 high-latency networks.
 \end{tightlist}
 
@@ -87,8 +93,7 @@
 topology so messages can enter or exit at more places in the network
 (compared to a cascade topology~\cite{disad-free-routes});
 or by \emph{jurisdictional arbitrage} --- coordinating network behavior
-so each transaction is spread over multiple administrative domains,
-or jurisdictions.
+so each transaction is spread over multiple jurisdictions.
 
 In this paper, we investigate a variant of jurisdictional arbitrage that
 takes advantage of the fact that the Internet is divided into thousands
@@ -104,7 +109,7 @@
 evaluate the independence metric for these networks.
 
 This paper presents several interesting results.
-First, we find that both Tor and Mixmaster have multiple mix nodes in
+First, we find that both Tor and Mixmaster have multiple nodes in
 the same autonomous system.  Users of these networks should take care to
 avoid selecting two nodes from the same AS.  In light of this, we argue
 that node selection algorithms that look only at IP prefixes, such as
@@ -126,7 +131,7 @@
 random node selection---even when the initiator never chooses the same node
 for both entry and exit---are likely to be observed by a single AS between
 10\% and 30\% of the time, depending on the location of the initiator
-and responder and that the single AS that can observe these paths is
+and responder, and that the single AS that can observe these paths is
 always a backbone ISP.  We conclude that a slightly different node
 selection algorithm can allow users of these networks to minimize the
 likelihood that their entry path and exit path traverse the same AS.
@@ -168,7 +173,7 @@
 attacks. Attacks inside the network aim to partition anonymity sets
 through passive observation~\cite{disad-free-routes,minion-design}
 or active traffic manipulation~\cite{trickle02}, or otherwise narrow
-out suspects for a given transaction. Endpoint attacks treat the
+the set of suspects for a given transaction. Endpoint attacks treat the
 network as a black box and consider only the entry node and exit node
 for the transaction; such attacks include simple timing and counting
 attacks against low-latency systems~\cite{defensive-dropping,SS03},
@@ -188,10 +193,10 @@
 to get an informal intuition of the independence of the
 network~\cite{riot-remap}. Previous anonymity networks, such as Tarzan
 and Morphmix, aim to provide collusion resistance by comparing the IP of
-each peer~\cite{freedman:ccs02,morphmix:fc04} (our results show that
-this technique is ineffective). In this paper, we evaluate the
-topologies of {\em real anonymity networks in the context of the
-properties of Internet routing at the AS-level}, and design ways to
+each peer~\cite{freedman:ccs02,morphmix:fc04} (our results show that this
+technique is less effective than claimed). In this paper, we evaluate the
+topologies of {\em real anonymity networks} in the context of the
+properties of Internet routing at the AS-level, and design ways to
 quantify the results.
 
 \subsection{Overview of Internet Routing and Topology}
@@ -233,7 +238,7 @@
 ASes.  A router will typically readvertise the route to neighboring
 ASes, prepending its own AS number to the AS path in the process.  In
 this fashion, BGP allows each AS to learn the AS-level path of a route to
-a destination that it learns via BGP.  
+a destination that it learns via BGP.
 
 ASes do not blindly propagate routes to all of their neighbors; rather,
 each pair of ASes has a commercial relationship, and an AS may prefer to
@@ -334,10 +339,10 @@
 \section{Threat Models}
 \label{sec:threat-model}
 
-Alice wants to anonymously communicate with Bob. We aim to improve
-Alice's anonymity against an adversary who can monitor a single AS,
-for example, a curious ISP or a corrupt law enforcement officer abusing
-his subpoena powers.  We assume that the ability to observe
+Alice wants to communicate with Bob without revealing her location. We
+aim to improve Alice's anonymity against an adversary who can monitor a
+single AS (for example, a curious ISP or a corrupt law enforcement officer
+abusing his subpoena powers).  We assume that the ability to observe
 multiple ASes is significantly more difficult than observing a single
 AS, either because few 
 ISPs control multiple ASes, or because law enforcement will
@@ -347,7 +352,7 @@
 %bar for breaking the anonymity of the system.
 
 To investigate further, we must consider which attacks are most
-effective against different classes of anonymity network. We divide
+effective against different classes of anonymity networks. We divide
 attacks into intra-network attacks and endpoint attacks, as described
 in Section~\ref{subsec:background-anonymity}.
 
@@ -355,7 +360,7 @@
 an adversary observing both Alice and Bob can quickly learn that they
 are communicating. Onion Routing analysis~\cite{onion-routing:pet2000}
 has shown that an adversary observing $c$ of the $n$ nodes in the network
-can use endpoint attacks to break $(\frac{c}{n})^2$ of the transactions. By
+can use endpoint attacks to break $\frac{c^2}{n^2}$ of the transactions. By
 requiring the path from Alice to the anonymity network and the
 path from the anonymity network to Bob to traverse separate
 ASes, we can prevent all of these
@@ -384,12 +389,12 @@
 
 \section{Modeling Techniques}
 
-%We now describe how we model mix networks and Internet routing to draw
-%conclusions about an anonymity network's vulnerability to eavesdropping
-%by the adversary detailed in Section~\ref{sec:threat-model}.  First we
-%describe our model of node selection, and then we present our techniques
-%for estimating the AS-level path between two arbitrary hosts on the
-%Internet.
+We now describe how we model mix networks and Internet routing to draw
+conclusions about an anonymity network's vulnerability to eavesdropping
+by the adversary detailed in Section~\ref{sec:threat-model}.  First we
+describe our model of node selection, and then we present our techniques
+for estimating the AS-level path between two arbitrary hosts on the
+Internet.
 
 \subsection{Node Selection in Mix Networks}
 \label{sec:path-selection}
@@ -535,13 +540,10 @@
 
 \section{Data}
 
-%Here we summarize the data that we use in our analysis of
-%AS-level paths in mix networks. % In our analysis of mix networks, we
-%Our analysis of mix networks is based 
-%%We base our analysis 
-%on the location of mix
-%nodes in deployed systems today.  We then
-%describe the data we used to generate the AS-level network topology.
+Here we summarize the data that we use in our analysis of AS-level paths
+in mix networks. We base our analysis on the location of mix nodes in
+deployed systems today. We then describe the data we used to generate
+the AS-level network topology.
 
 \subsection{Mix Networks, Senders, and Receivers}
 
@@ -636,7 +638,7 @@
 and Mixmaster nodes are located in the same AS.  We also examine the
 AS-level path properties between pairs of existing mix nodes and
 quantify the extent to which the AS-level paths between two mix nodes
-traverse common ASes.  
+traverse common ASes.
 
 \subsubsection{Node properties}
 
@@ -747,7 +749,7 @@
 another ISP).  Not surprisingly, Table~\ref{tab:path_ind} shows that
 many of the ASes that are between a large number of mix node pairs are
 tier-1 ISPs (e.g., UUNet, Qwest, Global Crossing, AT\&T, AOL, Verio, and
-Abovenet).  
+Abovenet).
 
 The prevalence of certain ISPs between mix node pairs suggests that as
 the length of a mix network path increases, the likelihood that an AS
@@ -1021,7 +1023,7 @@
 We propose that mix networks aiming to achieve jurisdictional diversity
 should consider the underlying AS-level paths. %  Our paper
 %brings to light several interesting and important results:
-Our results include:
+In particular, our results include:
 
 \begin{tightlist}
 \item While previous systems have proposed

Index: routing-zones.bib
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.bib,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- routing-zones.bib	30 Jan 2004 16:15:23 -0000	1.18
+++ routing-zones.bib	8 Jun 2004 04:12:41 -0000	1.19
@@ -63,7 +63,7 @@
   booktitle = {Financial Cryptography},
   year = {2004}, 
   editor = {Ari Juels},
-  publisher = {Springer-Verlag, LNCS (forthcoming)}, 
+  publisher = {Springer-Verlag, LNCS 3110},
 }
 
 @inproceedings{babel,
@@ -140,14 +140,14 @@
   booktitle = {Financial Cryptography},
   year = {2004},
   editor = {Ari Juels},
-  publisher = {Springer-Verlag, LNCS (forthcoming)},
+  publisher = {Springer-Verlag, LNCS 3110},
 }
 
 @inproceedings{SS03,
   title = {Passive Attack Analysis for Connection-Based Anonymity Systems},
   author = {Andrei Serjantov and Peter Sewell},
   booktitle = {Computer Security -- ESORICS 2003},
-  publisher =   {Springer-Verlag, LNCS (forthcoming)},
+  publisher =   {Springer-Verlag, LNCS 2808},
   year = {2003},
   month = {October},
 }
@@ -213,20 +213,30 @@
   publisher =    {Springer-Verlag, LNCS 2482}
 }
 
-@misc{e2e-traffic,
+@InProceedings{e2e-traffic,
   author = "Nick Mathewson and Roger Dingledine",
   title = "Practical Traffic Analysis: Extending and Resisting Statistical Disclosure",
-  howpublished = {Manuscript},
-  month = {January},
+  booktitle= {Privacy Enhancing Technologies (PET 2004)},
+  editor = {David Martin and Andrei Serjantov},
+  month = {May},
   year = {2004},
 }
 
-@misc{tor-design,
+@InProceedings{danezis-pet2004,
+  author = "George Danezis",
+  title = "The Traffic Analysis of Continuous-Time Mixes",
+  booktitle= {Privacy Enhancing Technologies (PET 2004)},
+  editor = {David Martin and Andrei Serjantov},
+  month = {May},
+  year = {2004},
+}
+
+@inproceedings{tor-design,
   author = "Roger Dingledine and Nick Mathewson and Paul Syverson",
   title = {{Tor: The Second-Generation Onion Router}},
-  howpublished = {Manuscript},
-  month = {January},
+  booktitle = {Proceedings of the 13th USENIX Security Symposium},
   year = {2004},
+  month = {August},
 }
 
 @inproceedings{statistical-disclosure,

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/
Prev by Author: [freehaven-cvs] Thanks.
Next by Author: [freehaven-cvs] change title, expand acronym in abstract
Previous by thread: [freehaven-cvs] Clarify some stuff we are still missing
Next by thread: [freehaven-cvs] change title, expand acronym in abstract
Index(es):
- Author
- Thread