[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] typos, minor fixes, and fill-ins
Update of /home/freehaven/cvsroot/doc/wupss04
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/wupss04
Modified Files:
usability.tex
Log Message:
typos, minor fixes, and fill-ins
Index: usability.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/wupss04/usability.tex,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- usability.tex 20 Oct 2004 18:21:59 -0000 1.2
+++ usability.tex 22 Oct 2004 04:10:27 -0000 1.3
@@ -21,11 +21,11 @@
While security software is the product of developers, the operation of
software is a collaboration between developers and users. It's not enough
-to develop software that can be used securely; software that isn't usable
-often suffers in its security as a result.
+to develop software that is possible to use securely; software that
+isn't usable often suffers in its security as a result.
-For example, suppose that there are two popular mail encryption programs:
-HeavyCryto, which is more secure (when used correctly), and LightCrypto,
+For example, suppose there are two popular mail encryption programs:
+HeavyCrypto, which is more secure (when used correctly), and LightCrypto,
which is easier to use. Suppose you can use either one, or both. Which
should you choose?
@@ -54,7 +54,7 @@
can't or won't use it correctly, its ideal security properties are
irrelevant.
-* How bad usability can thwarts security
+* How bad usability can thwart security
[[Brainstorm up a big list. Possibilities include:
- Useless/insecure modes of operation.
@@ -71,14 +71,15 @@
Usability is an important parameter in systems that aim to protect data
confidentiality. But when the goal is {\it privacy}, it can become even
-more so. A large category of {\it anonymity networks}, such as XXX, XXX,
-and XXX, aim to hide not only what is being said, but also who is
+more important. A large category of {\it anonymity networks}, such as
+Tor, JAP, Mixminion, and Mixmaster, aim to hide not only what is being
+said, but also who is
communicating with whom, which users are using which websites, and so on.
These systems are used by XXX, XXX, XXX, and XXX.
Anonymity networks work by hiding users among users. An eavesdropper might
be able to tell that Alice, Bob, and Carol are all using the network, but
-should not be able to tell which one of them is talking to Dave. This
+should not be able to tell which of them is talking to Dave. This
property is summarized in the notion of an {\it anonymity set}---the total
set of people who, so far as the attacker can tell, might be the one engaging
in some activity of interest. The larger the set, the more anonymous the
@@ -95,24 +96,26 @@
need to act like each other. If Alice's client acts completely unlike Bob's
client, or if Alice's messages leave the system acting completely unlike
Bob's, the attacker can use this information. In the worst case, Alice's
-messages are distinguishable entering and leaving the network, and the
-attacker can treat Alice and those like her as if they were on a separate
-network of their own. But even if Alice's messages are only distinguishable
-as they leave, an attacker can use this information to break exiting messages
-into ``messages from User1,'' ``messages from User2,'' and so on, and can now
+messages stand out entering and leaving the network, and the attacker
+can treat Alice and those like her as if they were on a separate network
+of their own. But even if Alice's messages are only recognizable as
+they leave the network, an attacker can use this information to break
+exiting messages into ``messages from User1,'' ``messages from User2,''
+and so on, and can now
get away with linking messages to their senders as groups, rather than trying
to guess from individual messages. Some of this {\it partitioning} is
inevitable: if Alice speaks Arabic and Bob speaks Bulgarian, we can't force
them both to learn English in order to mask each other.
-What does this imply for usability? More so than before, users of anonymity
+What does this imply for usability? More so than with encryption systems,
+users of anonymity
networks may need to choose their systems based on how usable others will
find them, in order to get the protection of a larger anonymity set.
* Case study: Usability means users, users mean security.
-We'll consider an example. Practical anonymity networks fell into two broad
-classes. {\it High-latency} networks like Mixminion or XXX can resist very
+We'll consider an example. Practical anonymity networks fall into two broad
+classes. {\it High-latency} networks like Mixminion or Mixmaster can resist very
strong attackers who can watch the whole network and control a large part of
the network infrastructure. To prevent this ``global attacker'' from linking
senders to recipients by correlating when messages enter and leave the
@@ -165,3 +168,4 @@
XXXX NICK WRITES MORE HERE
\end{document}
+
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/