[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] more cleanup, particularly in the conclusion

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] more cleanup, particularly in the conclusion
From: arma@seul.org (Roger Dingledine)
Date: Sun, 2 May 2004 19:18:36 -0400 (EDT)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Sun, 02 May 2004 19:19:01 -0400
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net

Update of /home2/freehaven/cvsroot/doc/e2e-traffic
In directory moria.mit.edu:/tmp/cvs-serv28174

Modified Files:
	e2e-traffic.tex 
Log Message:
more cleanup, particularly in the conclusion


Index: e2e-traffic.tex
===================================================================
RCS file: /home2/freehaven/cvsroot/doc/e2e-traffic/e2e-traffic.tex,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -d -r1.49 -r1.50
--- e2e-traffic.tex	2 May 2004 23:02:07 -0000	1.49
+++ e2e-traffic.tex	2 May 2004 23:18:34 -0000	1.50
@@ -944,7 +944,7 @@
 $\Pdelay$), padding does not thwart the attack even when Alice is online
 $99\%$ of the time.
 
-For our final dummy traffic simulation, we assumed that Alice performs
+For our final dummy traffic simulation, we assume that Alice performs
 threshold padding consistently, but that the attacker has had a chance to
 acquire a view of the network's background behavior before Alice first came
 online.\footnote{As usual, we assume that the background traffic patterns are
@@ -956,10 +956,10 @@
 messages Alice sends, but by preventing the attacker from learning how the
 network acts in Alice's absence.
 
-We present our results in Figure~\ref{fig5d}, which compares the results when
+Figure~\ref{fig5d} compares results when
 Alice uses consistent threshold padding and the attacker knows the background
-to results when Alice uses no padding and the background is unknown.
-Clearly, not only can an attacker who knows the background distribution
+to results when Alice does not pad and the background is unknown.
+Not only can an attacker who knows the background distribution
 identify Alice's recipients with ease (even in the presence of padding), but
 such an attacker is {\it not} delayed by increased variability in message
 delays.
@@ -1014,40 +1014,37 @@
 suggest several open questions for future work, and offer recommendations
 for mix network designs.
 
-\subsubsection{Towards a more realistic model:}
+\subsubsection{A more realistic model:}
 %\label{subsubsec:future-work}
 %Many questions remain before the effectiveness of long-term
 %intersection attacks can be considered a closed problem.
-Our model differs most from reality in four ways: First, real user behavior
-is more complex than we have assumed. Second, user behavior changes over
-time.  Third, real messages often exhibit full or partial linkability, which
-we have not simulated.  Fourth, real attackers are not limited to passive
-observation.  We consider each of these points below.
-% These need to get re-ordered. -NM
+Our model differs most from reality in four ways.
 
-Although real social networks behave more like scale-free networks than like
+First,
+although real social networks behave more like scale-free networks than like
 the original disclosure attack's model, our models for user behavior still
-have room for improvement.  For example, real users probably do not send
+have room for improvement. Real users probably do not send
 messages with a time-invariant geometric distribution: most people's email
 habits are based on a 24-hour day, and a 7-day week.  Early research on
 traffic patterns in actual mix-nets \cite{mixvreliable} suggests that this
 variation is probably significant.
 
-In section~\ref{subsec:strenghtening}, we briefly discuss how an attacker can
-try to handle a scenario where the background traffic changes slowly over
+Second, real user behavior changes over
+time. Section~\ref{subsec:strenghtening} discusses how an attacker might
+handle a scenario where the background traffic changes slowly over
 time, and perhaps a similar approach would also help against a sender whose
 recipients were not constant.  In the absence of a model for time-variant
 user behavior, however, we have not simulated attacks for these cases.
 
-It seems clear that systems with message linkability, such as pseudonymous
+Third, it seems clear that systems with message linkability, such as pseudonymous
 services, will fall to intersection attacks far faster than anonymizing
 services without linkability.  How linkable are messages ``in the wild,'' how
 much does this linkability help an attacker, and how can it be mitigated?
 
-The attacks we have discussed here assume a purely passive adversary, but
-they can easily be generalized to incorporate information gained by an active
-attacker.  Past work on avoiding blending attacks \cite{trickle02}
-% (flooding, trickle, $n-1$)
+Fourth, real attackers are not limited to passive observation. We should
+generalize our attacks
+to incorporate information gained by an active
+attacker.  Past work on avoiding blending attacks~\cite{trickle02}
 has concentrated on preventing an attacker from being certain of
 Alice's recipients---but in fact, an active attack that only reveals
 slight probabilities about Alice's recipients could provide information

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Prev by Author: [freehaven-cvs] rewrite a few things for space tweaks
Next by Author: [freehaven-cvs] rework the conclusion some more
Previous by thread: [freehaven-cvs] Tighenten the end of 3.1 and the start of 3.2
Next by thread: [freehaven-cvs] More tightening
Index(es):
- Author
- Thread