[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freehaven-cvs] more patches from conversation with adam

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] more patches from conversation with adam
From: arma@seul.org (Roger Dingledine)
Date: Fri, 6 Sep 2002 18:20:46 -0400 (EDT)
Delivered-To: archiver@seul.org
Delivered-To: freehaven-cvs-outgoing@seul.org
Delivered-To: freehaven-cvs@seul.org
Delivery-Date: Fri, 06 Sep 2002 18:20:46 -0400
Reply-To: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net

Update of /home/freehaven/cvsroot/doc/batching-taxonomy
In directory moria.seul.org:/home/arma/work/freehaven/doc/batching-taxonomy

Modified Files:
	taxonomy.bib taxonomy.tex 
Log Message:
more patches from conversation with adam


Index: taxonomy.bib
===================================================================
RCS file: /home/freehaven/cvsroot/doc/batching-taxonomy/taxonomy.bib,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- taxonomy.bib	31 Aug 2002 10:23:24 -0000	1.6
+++ taxonomy.bib	6 Sep 2002 22:20:43 -0000	1.7
@@ -1,5 +1,22 @@
 % Note that this file requires a \usepackage{url} which seems to be
 % one of the standard latex packages
+@Misc{mixmaster-spec,
+   author =      {Ulf M\"oller and Lance Cottrell},
+   title =       {{Mixmaster Protocol --- Version 2}},
+   howpublished = {Unfinished draft},
+   month = {January},
+   year = 2000,
+   note =        {\url{http://www.eskimo.com/~rowdenw/crypt/Mix/
+                       draft-moeller-mixmaster2-protocol-00.txt}},
+}
+
+@Misc{mixminion,
+    author =     {George Danezis and Roger Dingledine and David Hopwood and Nick Mathewson},
+    title =      {{Mixminion: Design of a Type III Anonymous Remailer Protocol}},
+    howpublished = {Manuscript},
+    year =       2002,
+}
+
 @InProceedings{flash-mix,
    author =      {Markus Jakobsson},
    title =       {{Flash Mixing}},

Index: taxonomy.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/batching-taxonomy/taxonomy.tex,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- taxonomy.tex	6 Sep 2002 20:56:50 -0000	1.25
+++ taxonomy.tex	6 Sep 2002 22:20:43 -0000	1.26
@@ -71,7 +71,7 @@
 anonymity tradeoffs between them.
 
 In fact, some of the mixes used in well-known fielded systems such as
-Mixmaster \cite{Cott94} are mentioned only briefly or not at all in
+Mixmaster \cite{Cott94,mixmaster-spec} are mentioned only briefly or not at all in
 the literature. We aim to start closing this gap by enumerating and
 exploring a variety of mix architectures. In particular, we consider
 the extent to which the mixes are vulnerable to active attacks such as
@@ -81,10 +81,9 @@
 a mix can manipulate the batch of messages entering that mix so the
 only message unknown to him in the batch is the target message
 \cite{Cott94,babel}.  This manipulation may involve delaying or
-dropping most or all other incoming messages (a \emph{trickle} attack),
-flooding the batch with attacker messages (a \emph{flooding}
-attack), or some combination of the two which we call the
-\emph{blending} attack.
+dropping most or all other incoming messages (a \emph{trickle} attack), or
+flooding the batch with attacker messages (a \emph{flooding} attack). We
+call these attacks or combinations of them \emph{blending} attacks.
 
 %Chaff and winnow to be inserted here or elsewhere in the text?
 
@@ -103,8 +102,6 @@
 applicable method to prevent this attack''. In this paper we discuss
 ways of reducing this vulnerability.
 
-%New intro. Opinions?
-
 Here we consider a global \emph{active} adversary who is not only able
 to see the traffic on all the links, but also to delay (remove) and
 insert arbitrarily many messages into the system in a short (constant)
@@ -123,9 +120,6 @@
 inserting attacker) and one who can only delay messages (global
 delaying attacker).
 
-%\framebox{\parbox{11cm}{Paul says:\\
-%    Note the footnote.}}
-
 It is well known that the ability to insert or delay messages may
 allow the attacker to determine, for instance, the recipient of a
 particular message originating from a sender.  We illustrate this in
@@ -187,8 +181,6 @@
 to the inverse of the cube of the number of messages expended in the
 attack. This mix can be seen as ``more vulnerable'' than Mix 2 which is
 always compromised by $10^6$ attacker messages.
-%(but otherwise has the anonymity proportional to the inverse of the
-% number of attacker messages). 
 Note that Mix 1 is vulnerable only to non-exact blending attacks,
 while the Mix 2 is vulnerable to exact certain attacks.
 
@@ -230,7 +222,15 @@
 finite number of messages. Further, they have finite bandwidth, so can
 only receive a certain number of messages in a given amount of time.
 
-\item Mixes prevent message replays.
+\item Mixes prevent message replays.\footnote{Actually, flooding to
+overflow replay caches is a closely related problem --- for example,
+Mixmaster \cite{mixmaster-spec} expires entries in the replay cache
+when there are too many, providing a window of attack for a flooding
+adversary. But since \cite{mixminion} shows the feasibility of a
+free-route network that protects against replays until a periodic key
+rotation event (after which the history can be forgotten), we think our
+assumption is reasonable; we will ignore replays and related issues for
+the rest of this paper.}
 
 %  \framebox{\parbox{11cm}{Paul says:\\
 %      This seemed implicit in the paper, and I think was explicit in
@@ -307,7 +307,7 @@
 $t$, period.
 
 \paragraph*{Flushing Algorithm:}
-The mix fires every $t$ seconds.
+The mix fires (flushes all messages) every $t$ seconds.
 
 \paragraph*{Message Delay:} 
 The minimum delay is $\epsilon$, which occurs if the message arrives
@@ -368,8 +368,8 @@
 $n$, threshold; $t$, period.
 
 \paragraph*{Flushing Algorithm:}
-The mix fires every $t$ seconds or when $n$ messages accumulate in
-the mix.
+The mix fires (flushes all messages) every $t$ seconds or when $n$
+messages accumulate in the mix.
 
 \paragraph*{Message Delay:} 
 The maximum message delay is $t - \epsilon$, the minimum is $\epsilon$.
@@ -396,8 +396,8 @@
 $n$, threshold; $t$, period.
 
 \paragraph*{Flushing Algorithm:}
-A mix fires every $t$ seconds but only when at least $n$ messages have
-accumulated in the mix.
+A mix fires (flushes all messages) every $t$ seconds but only when at
+least $n$ messages have accumulated in the mix.
 
 \paragraph*{Message Delay:} 
 The minimum delay is $\epsilon$, and there is no maximum delay.
@@ -458,7 +458,7 @@
 
 \paragraph*{Flushing Algorithm:} 
 The mix fires when $n+f$ messages accumulate in the mix. A pool of $f$
-messages (chosen uniformly at random from all the messages) is
+messages, chosen uniformly at random from all the messages, is
 retained in the mix. (Consider these messages as feedback into the
 mix.) The other $n$ are forwarded on. Note
 that the threshold is the threshold of messages that must be received

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Prev by Date: [freehaven-cvs] patches suggested by adam shostack
Next by Date: [freehaven-cvs] cleaner bibliography for taxonomy paper
Prev by thread: [freehaven-cvs] patches suggested by adam shostack
Next by thread: [freehaven-cvs] cleaner bibliography for taxonomy paper
Index(es):
- Date
- Thread