[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] happier with 2.2 and 3 now
Update of /home/freehaven/cvsroot/doc/alpha-mixing
In directory moria:/home/arma/work/freehaven/doc/alpha-mixing
Modified Files:
alpha-mixing.tex
Log Message:
happier with 2.2 and 3 now
Index: alpha-mixing.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/alpha-mixing/alpha-mixing.tex,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -d -r1.24 -r1.25
--- alpha-mixing.tex 11 Mar 2006 01:25:51 -0000 1.24
+++ alpha-mixing.tex 11 Mar 2006 02:09:33 -0000 1.25
@@ -152,7 +152,7 @@
the other hand, threshold mixes can provide minimum anonymity properties.
As we will see, one of the virtues of alpha mixing is that
-the timed/threshold distinction for mixes can somewhat break down, and it
+the timed/threshold distinction for mixes can blur, and it
becomes more a distinction for firing strategies of individual
messages than of mixes. For our initial analysis we will assume
a steady-state network with constant rate of incoming messages, which
@@ -321,7 +321,7 @@
\[
\mbox{Normalise}(\{p | x \in I_1 \wedge p = P(x_{\alpha}=0)\} \cup
-\{p | x \in I_2 \wedge p = P(x_{\alpha}=1))
+\{p | x \in I_2 \wedge p = P(x_{\alpha}=1)\})
\]
and the anonymity is the entropy of this distribution. Clearly, the
@@ -368,26 +368,27 @@
more effective than others at preventing the attacker from learning the
security preferences of senders.
-\section{Distributing $\sum \alpha$ against a distributed adversary}
+\section{Allocating $\sum \alpha$ against a distributed adversary}
\label{sec:distributing-alpha}
-In the previous section we discussed the fact that we should pay close
-attention to picking the security parameter alpha. Sending only high
-value messages and picking high security parameters for them actually
-decreases anonymity.
+In the previous section we discussed the fact that an adversary who
+can learn about the senders's alphas can weaken her anonymity. For
+example, sending only high
+value messages and picking high security parameters for them can actually
+decrease anonymity.
-In this section we deal with the problem of distributing the security
-parameter over the route (i.e. the mixes which constitute the route)
-that the message takes. There are two problems. First, if a bad mix
+In this section we examine an attack that a compromised mix can perform
+to deduce the sender's alphas, and we deal with the problem of allocating
+the overall message's security parameter $\Sigma \alpha$
+over the mixes in the message's path.
+There are two problems to solve. Firstly, if a bad mix
observes one of the alphas, it should get as little information as
-possible about the other alphas of this message\footnote{Note the
+possible about the other alphas of this message.\footnote{Note the
similarity between picking an alpha and message splitting~\cite{SM05}
--- in both cases they are distributions over partitions.}
-
Secondly, it should be hard for the bad mixes to link any alpha
parameter to a particular sender, i.e. figure out how much any sender
-is concerned about security. This matters for the reasons described
-in the previous section.
+is concerned about security.
One possible solution for picking a sequence of $\alpha^{(i)}$ (where
the `$(i)$' represents the $i^{th}$ mix in the route) is precisely to
@@ -396,41 +397,41 @@
indistinguishable. The number of such partitions are given by
\[
-\sum_k=1^\ell Q(\Sigma \alpha, k)
+\sum_{k=1}^\ell Q(\Sigma \alpha, k)
\]
-where $Q(n,k)$ denotes the number of ways of partitioning $n$ into
+where $Q$ denotes the number of ways of partitioning $\Sigma \alpha$ into
exactly $k$ distinct parts. Generating values from such a distribution
is possible, for instance, using the algorithm described in~\cite{devroye86}.
This seems to deal with the first problem (the
analysis to show this is beyond the scope of this paper). For the
-second part,it depends what the sender wants to protect:
-does she care
-about having an estimate of the security parameter
+second part, it depends what the sender wants to protect:
+does she care about having an estimate of the security parameter
associated with just herself, with herself and the recipient,
-or just the recipient. Note that if the first and
-the last mixes are bad and can observe a 'higher security' message
+or just the recipient? Note that if the first and
+the last mixes are bad and can observe a ``higher security'' message
passing through each of them, they can conjecture that it is one
of a relatively small set of sensitive messages.
There are a variety of properties to explore in this
-area; we merely observe that by reordering our value which we have
-obtained from the uniform distribution over partitions, we can make
+area; we merely observe that by reordering the value that we
+obtain from the uniform distribution over partitions, we can make
sure that the minimum values in that partition are sent to the first
and the last mix. For example, if $\Sigma \alpha = 5$, then the
distribution is uniform over:
-$\{5,0,0,0\}\{4,1,0,0\},\{3,2,0,0\},\{3,1,1,0\},\{2,1,1,1\}$. Supposing
+$\{5,0,0,0\},\{4,1,0,0\},\{3,2,0,0\},\{3,1,1,0\},\{2,1,1,1\}$. Supposing
we draw the partition $\{3,1,1,0\}$, we reorder it into $\{0,3,1,1\}$
and hence obtain a sequence of alphas to insert into the message.
If we wish to guarantee that neither the first nor the last mix can
locally know anything the about sensitivity level of a message, we can
simply stipulate for message $M$ that $\alpha^{(0)}_{M,0} =
-\alpha^{(n)}_{M,0} = 0$ (for a path length of $n+1$. Similarly we
+\alpha^{(n)}_{M,0} = 0$ (for a path length of $n+1$). Similarly we
could stipulate that $\alpha^{(1)}_{M,0} = \alpha^{(n-1)}_{M,0} \leq
1$, etc. The tradeoff is that with each such move we are reducing
what an adversary observing just the endpoints can learn about
sensitivity of messages, but fewer nodes in the center learn more
-about the sensitivity of messages. Against an adversary of the central
+about the sensitivity of messages. Against an adversary who controls
+the central
node(s) combined with, e.g., a global passive observer, our protection
is diminished. We can gain advantage against both types of adversaries
by increasing path length, with the usual concomitant risk to
@@ -709,15 +710,16 @@
streams. But the \emph{stream model} introduces many end-to-end anonymity
attacks that seem hard to resolve simply with better batching strategies.
-\paragraph{A full analysis of an alpha mix design:} The alpha mix design
+\paragraph{A full analysis of the alpha mix design:} Here we
has added an additional user-defined security parameter and explored
some scenarios of attacker's knowledge about it. However, the more
complex dynamic alpha mixes are yet to be analysed; this seems
-difficult as we need to make some assumptions both about how user's
-choose the security parameter and what the attacker knows about it.
+difficult as we need to make some assumptions both about how users
+choose ther security parameters and what the attacker knows about them.
-\paragraph{User behaviour:} However much we postulate about how users
-behave, there is no substitute for actually doing so. We expect that
+\paragraph{User behaviour:} However much we postulate about how users
+behave, there is no substitute for actually getting user profiles
+and learning how to incent them to behave securely. We expect that
unless we protect our users, they will try to condition their security
parameter on the threat level of the message; as we have seen above
this reduces rather than increases anonymity.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxx with
unsubscribe freehaven-cvs in the body. http://freehaven.net/