[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freehaven-cvs] abstract, keywords, cleaner intro

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] abstract, keywords, cleaner intro
From: arma@seul.org (Roger Dingledine)
Date: Fri, 13 Sep 2002 04:58:22 -0400 (EDT)
Delivered-To: archiver@seul.org
Delivered-To: freehaven-cvs-outgoing@seul.org
Delivered-To: freehaven-cvs@seul.org
Delivery-Date: Fri, 13 Sep 2002 04:58:23 -0400
Reply-To: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net
Update of /home/freehaven/cvsroot/doc/fc03
In directory moria.seul.org:/home/arma/work/freehaven/doc/fc03

Modified Files:
	econymics.tex 
Log Message:
abstract, keywords, cleaner intro


Index: econymics.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/fc03/econymics.tex,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- econymics.tex	13 Sep 2002 00:57:14 -0000	1.2
+++ econymics.tex	13 Sep 2002 08:58:20 -0000	1.3
@@ -90,43 +90,79 @@
 
 \maketitle
 
+\begin{abstract}
+
+Decentralized anonymity infrastructures are still not in wide use today.
+Here we explore some reasons why anonymity systems are particularly
+hard to successfully deploy, enumerate the incentives people have to
+participate either as senders or as nodes, and build a general model to
+take into account each of these incentives. We then describe and justify
+some simplifying assumptions to make the model manageable, and compare
+optimal strategies for participants based on a variety of scenarios.
+
+\end{abstract}
+
+Keywords: anonymity, economics, incentives, reputation
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
 \section{Introduction and motivation}
 
-Anonymity in communication over networks---such as the Internet---has
-received alot of technical attention and is widely (though not
-uncontroversially) regarded as both desirable and necessary.  People
+Anonymity in communication over public networks such as the Internet
+%has received a lot of technical attention and 
+is widely (though not
+uncontroversially) regarded as both desirable and necessary. People
 want to be able to surf the Web, purchase online, send email, etc.\
 without revealing their information, interests, and activities to
-others. This is all the more true for corporate and military entities.
-It might thus seem that there is a ready market for services in this
-area. It should be possible to offer such services and develop a
-paying customer base. However, with one notable exception, the
-Anonymizer \cite{anonymizer}, commercial offerings in this area have
-not met with sustained success. Part of this can no doubt be
-attributed to the still relatively new and uncharted aspects of any
-commercial online services, and part can be attributed to the current
-economic environment in general. However, this is not the whole story.
+others. Corporate and military entities have an even stronger need for
+this technology. With all these interested users,
+it might seem that there is a ready market for services in this area ---
+that is, it should be possible to offer such services and develop a
+paying customer base. However, with one notable exception (the
+Anonymizer \cite{anonymizer}) commercial offerings in this area have
+not met with sustained success. We can attribute these failures to
+the fact that commercial online services are still relatively new and
+uncharted, and we can also point to the current economic environment in
+general. However, this is not the whole story.
 
-Single-hop web proxies like the Anonymizer do seem sufficient to
-protect end users from simple threats like profile-creating websites.
-Thus another aspect of this is that the market is not as big as might
-be thought.  Further, anonymity systems actually use messages to hide
-among each other. So from an anonymity perspective, you're always
-better off going where the noise is provided. Whether or not people do
-so intentionally, there may be good anonymity reasons for having fewer
-providers. Also note that when you send a message you are both a
+Single-hop web proxies like the Anonymizer do seem sufficient to protect
+end users from simple threats like profile-creating websites.
+%Thus users
+%who want anonymity and are happy with the Anonymizer decrease the market
+%share of the stronger anonymity systems.
+But many users, particularly
+large organizations, are %sensitive about their transactions and are
+hesitant to use an anonymity infrastructure they do not control. However,
+a system that carries traffic for only one organization does not
+provide much protection at all --- it must carry traffic from others
+to provide cover. Yet those others don't want to trust their traffic
+to just one entity either. The only viable solution which allows all
+the messages to be mixed together is for each group to run a node in a
+shared \emph{strong anonymity} infrastructure. Users with more modest
+budgets or shorter-term interest in the system also benefit from this
+decentralized model, because they can be confident that a few colluding
+nodes are unlikely to uncover their anonymity.
+
+More generally, anonymity systems use messages to hide messages. So from
+an anonymity perspective, users are always
+better off going where the noise is provided.
+% Whether or not people do so intentionally,
+%   what does this clause mean, paul? -RD
+There may be good anonymity reasons for having fewer
+providers. Also note that a sender is both a
 consumer and provider of anonymity. We will return to both of these
 points below.
 
 High traffic is necessary for strong anonymity. High traffic and
 better performance complement each other: a system that processes only
-a few messages at a time must delay service to achieve adequately
+light traffic must delay service to achieve adequately
 large anonymity sets. Better performance attracts users both for its
 convenience value and the better potential anonymity protection. But
-this does not simply mean that systems processing the most traffic
+systems processing the most traffic do not necessarily
 provide the best hiding. If trust is not well distributed, a high
-volume system is a point of vulnerability, from insiders and attackers
-who try to bridge the trust bottlenecks. Systems must also be robust
+volume system is a point of vulnerability, both from insiders and from
+attackers who try to bridge the trust bottlenecks. Systems must also
+be robust
 against active attacks, e.g., trickle attacks in which known traffic
 is mixed with targeted traffic \cite{trickle02}.
 
@@ -134,7 +170,7 @@
 Internet sites that aim to be resistant to DDoS, can benefit from
 \emph{location protection} of their servers --- effectively hiding
 them behind several levels of indirection so the location or IP is
-hidden from direct attack. Indeed, for companies that \emph{are}
+hidden from direct attack. Indeed, for companies that are
 protecting high-value corporate information, relying on firewalls,
 VPNs, and encrypted communication may not be quite the right
 approach. Whit Diffie has remarked that traffic analysis is the
@@ -143,10 +179,10 @@
 but this has simply not been recognized or been given a viable business
 model.
 
-This paper is intended to explore the incentives of agents to both
-offer and use anonymity services, thus to set a foundation for
-understanding speculations such as above. We will primarily be
-focussed on the strategic motivations of honest agents. The
+Here we explore the incentives of agents to both
+offer and use anonymity services. We aim to set a foundation for
+understanding speculations such as those above. We will primarily
+focus on the strategic motivations of honest agents. However, the
 motivations of dishonest agents are at least as important.  For
 example, note that an anonymity-breaking adversary with an adequate
 budget would do best to provide very good service, possibly also
@@ -157,7 +193,7 @@
 diffusion are lost. But, a reliability-breaking adversary will
 obviously have very different goals and approaches.  The complexity of
 representing both honest and dishonest agents strategically is beyond
-the scope of the current study, thus dishonest agents are just
+the scope of the current study, and so we treat dishonest agents as just
 part of a given \emph{adversary}, a context within which strategic
 agents must operate.
 

***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/
Prev by Date: [freehaven-cvs] minor edits plus a draft introduction
Next by Date: [freehaven-cvs] headings for draft and pages.
Prev by thread: [freehaven-cvs] minor edits plus a draft introduction
Next by thread: [freehaven-cvs] headings for draft and pages.
Index(es):
- Date
- Thread