[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] first pass of editing
Update of /home/freehaven/cvsroot/doc/fc04
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/fc04
Modified Files:
minion-systems.bib minion-systems.tex
Log Message:
first pass of editing
Index: minion-systems.bib
===================================================================
RCS file: /home/freehaven/cvsroot/doc/fc04/minion-systems.bib,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- minion-systems.bib 8 Sep 2003 23:03:28 -0000 1.3
+++ minion-systems.bib 9 Sep 2003 04:33:03 -0000 1.4
@@ -1,4 +1,43 @@
+@techreport{freedom2-arch,
+ title = {Freedom Systems 2.0 Architecture},
+ author = {Philippe Boucher and Adam Shostack and Ian Goldberg},
+ institution = {Zero Knowledge Systems, {Inc.}},
+ year = {2000},
+ month = {December},
+ type = {White Paper},
+ note = {\url{http://freehaven.net/anonbib/\#freedom2-arch}},
+}
+
+@Misc{anonymizer,
+ key = {anonymizer},
+ title = {{T}he {A}nonymizer},
+ howpublished = {\url{http://www.anonymizer.com/}}
+}
+
+@inproceedings{tarzan:ccs02,
+ title = {Tarzan: A Peer-to-Peer Anonymizing Network Layer},
+ author = {Michael J. Freedman and Robert Morris},
+ booktitle = {Proceedings of the 9th {ACM} {C}onference on {C}omputer and {C}ommunications
+ {S}ecurity ({CCS 2002})},
+ year = {2002},
+ month = {November},
+ address = {Washington, DC},
+ note = {\url{http://pdos.lcs.mit.edu/tarzan/docs/tarzan-ccs02.pdf}},
+}
+
+@inproceedings{morphmix:wpes2002,
+ title = {{Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with
+ Collusion Detection}},
+ author = {Marc Rennhard and Bernhard Plattner},
+ booktitle = {{Proceedings of the Workshop on Privacy in the Electronic Society (WPES
+ 2002)}},
+ year = {2002},
+ month = {November},
+ address = {Washington, DC, USA},
+ note = {\url{http://www.tik.ee.ethz.ch/~rennhard/publications/morphmix.pdf}},
+}
+
@inproceedings{econymics,
title = {{On the Economics of Anonymity}},
author = {Alessandro Acquisti and Roger Dingledine and Paul Syverson},
@@ -10,7 +49,7 @@
note = {\url{http://freehaven.net/doc/fc03/econymics.pdf}},
}
-@inproceedings{mixminion,
+@inproceedings{minion-design,
title = {{Mixminion: Design of a Type III Anonymous Remailer Protocol}},
author = {George Danezis and Roger Dingledine and Nick Mathewson},
booktitle = {Proceedings of the 2003 IEEE Symposium on Security and Privacy},
@@ -178,7 +217,7 @@
note = {\url{http://www.rfc-editor.org/rfc/rfc1939.txt}},
}
-@InProceedings{syverson_2000,
+@InProceedings{onion-routing:pet2000,
author = {Paul F. Syverson and Gene Tsudik and Michael G. Reed
and Carl E. Landwehr},
title = {Towards an Analysis of Onion Routing Security},
@@ -318,12 +357,13 @@
note = {\url{http://www.obscura.com/~loki/remailer/remailer-essay.html}},
}
-@Misc{mixmaster-spec,
- author = {Ulf M\"oller and Lance Cottrell},
- title = {Mixmaster {P}rotocol --- {V}ersion 2},
- howpublished = {Unfinished draft, January 2000.},
- note = {\url{http://www.eskimo.com/~rowdenw/crypt/Mix/
- draft-moeller-mixmaster2-protocol-00.txt}},
+@misc{mixmaster-spec,
+ title = {{Mixmaster Protocol --- Version 2}},
+ author = {Ulf M{\"o}ller and Lance Cottrell and Peter Palfrader and Len Sassaman},
+ year = {2003},
+ month = {July},
+ howpublished = {Draft},
+ note = {\url{http://www.abditum.com/mixmaster-spec.txt}},
}
@Article{mitzenm-loss,
@@ -499,7 +539,7 @@
author = {David Chaum},
title = {Untraceable electronic mail, return addresses, and digital pseudo-nyms},
journal = {Communications of the ACM},
- year = {1982},
+ year = {1981},
volume = {4},
number = {2},
month = {February},
Index: minion-systems.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/fc04/minion-systems.tex,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- minion-systems.tex 8 Sep 2003 23:03:28 -0000 1.4
+++ minion-systems.tex 9 Sep 2003 04:33:05 -0000 1.5
@@ -6,15 +6,17 @@
\begin{document}
-\title{Mixminion: a Strong Anonymity System to Resist Traffic Analysis}
+%\title{Mixminion: a Strong Anonymity System to Resist Traffic Analysis}
+\title{Mixminion: Strong Anonymity for Financial Cryptography}
+%\title{Mixminion: The Case for Strong Anonymity in Financial Cryptography}
\author{Nick Mathewson and Roger Dingledine}
\institute{The Free Haven Project\\
\email{\{nickm,arma\}@freehaven.net}}
\maketitle
+\begin{center}Systems Track\end{center}
\begin{abstract}
-
Anonymous communication is a valuable but underused tool for the
security of financial communications. As early as the first
commercial telegraph codes, businesses have recognized the value of
@@ -26,29 +28,32 @@
Mixminion is an open-source, deployed research system that provides
strong resistance against known forms of traffic analysis, allowing
users to communicate without revealing their identities.
-
\end{abstract}
-%Keywords: anonymity, economics, incentives, decentralized, reputation
+\begin{center}
+Keywords: anonymity, privacy, traffic analysis, corporate espionage
+\end{center}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\section{Introduction: Anonymity and Finance}
+\section{Introduction: Anonymity and Business}
-In this paper, we argue that strongly anonymous communications that
-resist traffic analysis are valuable to the finance community.
+In this paper, we argue that strongly anonymous (traffic analysis
+resistant) communications are valuable to the business and finance
+community, and we present one such system that is currently in active
+development.
Soon after the first business-related telegram was sent to an
untrusted telegraph operator, businesses have recognized the
-importance of encrypting communication. Less well-recognized,
-however, is the importance of protecting business communications
-against traffic analysis.
+importance of encrypting communication on communications networks.
+Less well-recognized, however, is the importance of protecting business
+communications against traffic analysis.
Whenever data travels over public networks, an eavesdropper can
usually determine with little difficulty the sender and recipient of
that data. Although this information might initially seem of little
interest, there are many circumstances under which learning the volume
-of communication between a pair of sites can reveal confidential
+of communication between a pair of sites can reveal sensitive
information. For example, traffic analysis can reveal:
\begin{itemize}
\item Whether (and how often) the CEO of a Fortune 500 corporation has
@@ -57,6 +62,7 @@
\item Which prospective customers a vendor has emailed, and which of
them responded via email.
\end{itemize}
+[XXXX add an example specifically related to the finance community?]
When an organization is geographically distributed, its internal
communications can become a target of traffic analysis. In this way,
an eavesdropper may learn:
@@ -75,42 +81,60 @@
These attacks are certainly feasible today. On the simplest level,
corporate website administrators routinely survey logs to learn which
competitors and customers have viewed which parts of their websites,
-and how often. The more sophisticated attacks are almost certainly
+and how often. [XXXX have a sentence about mid-level adversaries like
+most corporations?] The more sophisticated attacks are almost certainly
within capabilities of the NSA-supported ECHELON eavesdropping system
(which has been probably used to advance the commercial interests of
its sponsor nations) [XXXX must confirm this], or the capabilities of
any COMINT-sophisticated nation inclined to use its resources for
-economic goals.
+economic goals. [not to mention janitors at phone companies]
+
+Indeed, traffic analysis resistance is also a critical component to
+more advanced financial cryptography systems, such as anonymous digital
+cash schemes and private auctions: without anonymous transport, these
+schemes provide very little security.
In this short paper, we discuss several existing systems and designs to
defeat traffic analysis. We focus on Mixminion, an open-source
application with a deployed research network.
-[XXXX What about pseudonymity?]
-
-[XXXX We never mention that anonymity = traffic analysis
- resistance. Uh oh!]
+[XXXX What about pseudonymity? -NM]
+[What about it? -RD]
-\subsection{Related work}
-David Chaum launched the study of anonymous communications in 1982,
-with his design for a network of anonymizing servers or ``Mixes''
-\cite{chaum-mix}. In Chaum's design, message senders public-key
-encrypt their messages to a sequence of servers, then send the
-messages to the first server in the sequence. Each server in turn
+\subsection{Background}
+David Chaum launched the study of anonymous communications in 1981,
+with his design for a network of anonymizing servers or \emph{mixes}
+\cite{chaum-mix}. In Chaum's design, message senders iteratively
+wrap their messages in the public keys of a sequence of mixes, then send
+the messages to the first mix in the sequence. Each mix in turn
removes a layer of encryption from the messages, waits until enough
messages have been received, then re-orders the messages and sends
-them to the next server in the sequence. If any server in the
-sequence correctly hides connections between incoming and outgoing
-messages, an eavesdropper should not be able to connect senders to
-recipients.
+them to the next mix in the sequence. If any mix in the sequence
+correctly hides the correlation between incoming and outgoing messages,
+an eavesdropper should not be able to connect senders to recipients.
-The first widely deployed mix net was [XXXX describe cypherpunks and
- Mixmaster.]
+The first widespread public implementations of mixes were produced by
+contributors to the Cypherpunks mailing list. These ``Type I''
+\emph{anonymous remailers}
+were inspired both by the problems surrounding the {\tt anon.penet.fi}
+service \cite{helsingius}, and by theoretical work on mixes. Hughes
+wrote the first Cypherpunk anonymous remailer \cite{remailer-history};
+Finney followed closely with a collection of scripts that used Phil
+Zimmermann's PGP to encrypt and decrypt remailed messages. Later, Cottrell
+implemented the Mixmaster system \cite{mixmaster-attacks,mixmaster-spec},
+or ``Type II'' remailers, which added message padding, message pools,
+and other mix features lacking in the Cypherpunk remailers.
+Unfortunately, Mixmaster does not support replies or anonymous recipients
+--- people who want these functions must use the older and less secure
+Cypherpunk network.
In parallel with the evolution of mix nets for mail-like
communication, other work has progressed on systems suitable for
-faster communication. [XXXX mention anonymizer and friends, freedom
-and friends, and of course onion routing.] While these system are
+faster communication. These systems range from the simple centralized
+Anonymizer \cite{anonymizer}, to distributed sets of servers like Freedom
+\cite{freedom2-arch} and Onion Routing \cite{onion-routing:pet2000},
+to totally decentralized p2p networks like Tarzan \cite{tarzan:ccs02}
+and Morphmix \cite{morphmix:wpes2002}. But while these system are
more suited for low-latency applications such as web browsing,
chatting, and VoIP, they are more vulnerable to certain attacks than
are traditional high-latency mix-net designs. Specifically, if an
@@ -120,15 +144,13 @@
certain kinds of traffic analysis, they cannot defend against an
adversary with significant COMINT abilities.
-
-
\section{Mixminion: Open source strong anonymity}
Mixminion is the reference implementation of the Type III mix-net,
which was first designed between 2001 and 2002 to address the (few)
-weaknesses of Type II, while obviating the need for Type I by
-reintroducing reply messages. Its design was first published in
-\cite{mixminion}; its specification is publicly available
-\cite{mixminion-spec}.
+weaknesses of Type II and also to reintroduce reply messages in a secure
+manner and thus allow us to retire the Type I network. Mixminion's design
+was first published in \cite{minion-design}; its specification is publicly
+available \cite{mixminion-spec}.
The Type III mix-net design improves on previously deployed designs
as follows:
@@ -156,10 +178,12 @@
\begin{itemize}
\item {\bf Usability and client implementation.} For an anonymity
system to hide its users' communications, it must have many users to
- hide them among. Usability is a security parameter
- \cite{econymics,back01}. The current Mixminion client runs only from a
+ hide them among. (Thus usability directly affects security
+ \cite{econymics,back01}.) The current Mixminion client runs only from a
command line on Unix-like platforms, though a Windows32 client is
- planned within the next few months. For maximum user acceptance,
+ planned within the next few months.
+ [XXX mention that the server runs on win32? does it? -RD]
+ For maximum user acceptance,
more work is needed to integrate Mixminion with existing email
applications.
\item {\bf Distributed directory design.} It's essential that all
@@ -176,7 +200,10 @@
anonymity is by mounting a denial of service attack against some or
all of the Type III mix-net, in order to force users onto
compromised servers, or to force them to use other (less secure)
- channels. At the same time,
+ channels. At the same time, we need a way to let uninterested recipients
+ opt out of anonymous mail, without letting them deny service to
+ legitimate users. We need more research on how much impact these
+ DoS opportunities can have on anonymity.
\item {\bf Enterprise integration.} The current implementation,
because of its volunteer roots, assumes that most installations are
for a single computer. In an enterprise environment, however, it
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/