[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] Conclusions.
Update of /home2/freehaven/cvsroot/doc/mixmaster-vs-reliable
In directory moria.mit.edu:/tmp/cvs-serv5100
Modified Files:
mixvreliable.tex
Log Message:
Conclusions.
Index: mixvreliable.tex
===================================================================
RCS file: /home2/freehaven/cvsroot/doc/mixmaster-vs-reliable/mixvreliable.tex,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- mixvreliable.tex 26 Mar 2004 17:19:00 -0000 1.11
+++ mixvreliable.tex 26 Mar 2004 17:41:55 -0000 1.12
@@ -774,27 +774,45 @@
%(... Len, here's the input, can you phrase it nicely?)
-We have analyzed the traffic pattern of a real traffic stream going
-through a working mix node and found that the traffic is not Poisson,
-as it is commonly assumed in the literature.
+In this paper we have analyzed the traffic pattern of a real traffic
+stream going through a working mix node and found that the traffic is not
+Poisson, as it is commonly assumed in the literature. The traffic pattern
+is highly impredictable. Therefore, no assumptions on the traffic should
+be made when designing a mix.
-The traffic pattern is highly impredictable. Therefore, no assumptions
-on the traffic should be made when designing a mix.
+We measure the anonymity of the pool mix scheme used in Mixmaster by
+applying a metric previously proposed in the literature. We provide our
+own metric for evaluating the anonymity of the S-G mix variant used in
+Reliable which does not assume a Poisson traffic pattern.
-Mixmaster provides a minimum anonymity; Reliable does not. Reliable's
-amnonymity drops to nearly zero if the traffic is very low.
+Our comparison of the two predominant mixing applications shows that
+Mixmaster provides superior anonymity, and is better suited for the
+anonymization of email messages than Reliable. Mixmaster provides a
+minimum level of anonymity at all times; Reliable does not. Reliable's
+anonymity drops to nearly zero if the traffic is very low. In high-traffic
+situations, Mixmaster provides a higher maximum of anonymity than Reliable
+for the same stream of input. $10.5$ of Mixmaster versus $10$ of Reliable.
+We have shown that Mixmaster provides higher average anonymity than
+Reliable for the same input and same average delay. Due to its nature as a
+pool mix, Mixmaster provides higher delays than Reliable in low traffic
+conditions. Comparatively, due to the nature of S-G Mixes, Reliable's
+delay is not dependent on the traffic.
-Mixmaster provides a higher maximum of anonymity than Reliable for the
-same stream of input. $10.5$ of Mixmaster versus $10$ of Reliable.
+In addition, we have identified a number of key points of attack and
+weakness in mix software to which anonymity software designers need to pay
+particular attention. In addition to the areas of theoretical weakness
+which we have identified, we discovered a fatal flaw in the use of
+randomness in Reliable, which diminishes its ability to provide anonymity,
+independent of our findings with regard to the S-G mix protocol.
-Mixmaster provides higher average anonymity than Reliable for the same
-input and same average delay.
+We can conclude from our analysis of the mixing algorithms used by these
+mix implementations that S-G mixes are not suitable for use with systems
+that may have occurrences of low traffic on the network. While S-G mixes
+are an appropriate solution to low-latency applications such as web
+mixing, pool mixes should be used for higher latency systems with
+fluctuating traffic loads.
-Mixmaster provides higher delays than Reliable in low traffic
-conditions. Reliable's delay is not dependent on the traffic.
-...also look at section ``Mixmaster vs Reliable'' to get more
-conclusions.
\subsection*{Acknowledgments}
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/