[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] cleanups on section 4

To: freehaven-cvs@xxxxxxxxxxxxx
Subject: [freehaven-cvs] cleanups on section 4
From: arma@xxxxxxxx
Date: Fri, 10 Mar 2006 21:34:21 -0500 (EST)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Fri, 10 Mar 2006 21:34:28 -0500
Reply-to: freehaven-dev@xxxxxxxxxxxxx
Sender: owner-freehaven-cvs@xxxxxxxxxxxxx

Update of /home/freehaven/cvsroot/doc/alpha-mixing
In directory moria:/home/arma/work/freehaven/doc/alpha-mixing

Modified Files:
	alpha-mixing.bib alpha-mixing.tex 
Log Message:
cleanups on section 4


Index: alpha-mixing.bib
===================================================================
RCS file: /home/freehaven/cvsroot/doc/alpha-mixing/alpha-mixing.bib,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- alpha-mixing.bib	10 Mar 2006 23:59:23 -0000	1.6
+++ alpha-mixing.bib	11 Mar 2006 02:34:19 -0000	1.7
@@ -1,3 +1,13 @@
+@inproceedings{e2e-traffic,
+  title = {Practical Traffic Analysis: Extending and Resisting Statistical Disclosure},
+  author = {Nick Mathewson and Roger Dingledine},
+  booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2004)},
+  volume = {3424},
+  year = {2004},
+  month = {May},
+  series = {LNCS},
+}
+
 %Non-Uniform Random Variate Generation
 %(originally published with Springer-Verlag, New York, 1986)
 %Luc Devroye

Index: alpha-mixing.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/alpha-mixing/alpha-mixing.tex,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- alpha-mixing.tex	11 Mar 2006 02:09:33 -0000	1.25
+++ alpha-mixing.tex	11 Mar 2006 02:34:19 -0000	1.26
@@ -361,7 +361,8 @@
 Also, if a given user is the only sender with extremely
 high alpha values, then intersection attacks over time (watching the
 high-value messages and what senders were active before each) will
-reveal her. But we will ignore these black-box network attacks since
+reveal her~\cite{statistical-disclosure,e2e-traffic}.
+But we will ignore these black-box network attacks since
 they are not the focus of this paper.
 
 Below we will see that some strategies for choosing the alpha values are
@@ -468,25 +469,27 @@
 \section{Dummies}
 \label{sec:dummies}
 
-Our focus so far has been on steady-state networks with passive
-adversaries. However, we want to provide uncertainty even in edge
-cases~\cite{trickle02,pet2003-diaz}.  An active attacker
+Our focus so far has been on steady-state networks with
+passive adversaries. However, we want to provide uncertainty
+even in edge cases where there is a momentarily lull in
+traffic~\cite{pet2003-diaz,trickle02}.  An active attacker
 can arrange an edge case via blending attacks, but a passive attacker
 can also simply wait for an edge case to occur.  For timed mixes there
-will be occasions when only single messages enter and leave the mix in
-a single round. Alpha mixes have a clear advantage here since there is
+will be occasions when only a single message enters and leaves the mix in
+a given round. Alpha mixes have a clear advantage here since there is
 no guarantee that the message that exited the mix is the same message
 that entered. The attack is never exact (guaranteed to recognize a
 target message as it exits the mix) unless the adversary can bound the
 range of $\alpha_0$ with certainty for all messages he observes.
 
-A very lightweight dummy policy can guarantee that no exact attack is
-possible against an alpha mix, even for active attackers. Simply
+We provide a very lightweight dummy policy that guarantees that no exact
+attack is
+possible against an alpha mix, even for active attackers: simply
 initialize the mix with a single dummy message set at an arbitrary
 alpha. Before firing, always check the mix for the presence of a dummy
 somewhere in the alpha-stack. If none is present, add one.
 
-What do we mean by ``arbitrary alpha''? Obviously it must occur within
+But what do we mean by ``arbitrary alpha''? Obviously it must occur within
 some finite range. It could be uniformly chosen between $0$ and the
 maximum expected $\alpha_0$. If a message is ever received with a
 higher $\alpha_0$, then the maximum should be raised to this level.
@@ -508,6 +511,9 @@
 level $\alpha$ with probability $1/2^{\alpha+1}$. Dummy policy can
 then be periodically shifted to reflect the distribution of alphas for
 actual traffic through the mix.
+More research remains here to make this dummy approach resistant to an
+adversary who sends lots of messages with non-standard alphas into a
+particular mix to influence its view of a typical value for alpha.
 
 If active attacks are suspected, the amount of dummy traffic added to
 the alpha stack can be increased according to the expected duration of
@@ -516,7 +522,8 @@
 maintain for messages so attacked.
 
 The easiest way to disguise dummies from others in the network is to
-route them in a circuit leading back to the mix that generates them.
+route them in a circuit leading back to the mix that generates
+them~\cite{danezis:wpes2003}.
 The length of the path should be randomly chosen as suggested
 in~\cite{trickle02}. Obviously the alphas chosen for the dummy
 message at other mixes in the path should be distributed to minimize

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxx with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Prev by Author: [freehaven-cvs] happier with 2.2 and 3 now
Next by Author: [freehaven-cvs] more touch-ups
Previous by thread: [freehaven-cvs] happier with 2.2 and 3 now
Next by thread: [freehaven-cvs] dynamic-alpha and tau mixing sections
Index(es):
- Author
- Thread