[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] Commit some edits and new text. This is getting long.
Update of /home/freehaven/cvsroot/doc/fc04
In directory moria.mit.edu:/tmp/cvs-serv7234
Modified Files:
minion-systems.tex
Log Message:
Commit some edits and new text. This is getting long.
Index: minion-systems.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/fc04/minion-systems.tex,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- minion-systems.tex 9 Sep 2003 09:43:21 -0000 1.6
+++ minion-systems.tex 9 Sep 2003 18:33:40 -0000 1.7
@@ -17,17 +17,17 @@
\begin{center}Systems Track\end{center}
\begin{abstract}
-Anonymous communication is a valuable but underused tool for the
-security of financial communications. As early as the first
-commercial telegraph codes, businesses have recognized the value of
-using cryptography to conceal the contents of their communication from
-prying eyes. But simply encrypting communications still allows
-adversaries to learn confidential business relationships by performing
-traffic analysis to discover the {\it presence} of such communication.
+Anonymous communication is a valuable but underused tool for securing
+financial communications. As early as the first commercial telegraph
+codes, businesses have recognized the value of cryptography to protect
+their communication from prying eyes. But cryptography alone still
+allows adversaries to discover confidential business relationships by
+performing traffic analysis to reveal the {\it presence} of such
+communication.
-Mixminion is an open-source, deployed research system that provides
-strong resistance against known forms of traffic analysis, allowing
-users to communicate without revealing their identities.
+Mixminion is an open-source, deployed research system that resists
+known forms of traffic analysis, allowing parties to communicate
+without revealing their identities.
\end{abstract}
\begin{center}
@@ -40,29 +40,31 @@
In this paper, we argue that strongly anonymous (traffic analysis
resistant) communications are valuable to the business and finance
-community, and we present one such system that is currently in active
-development.
+community, and we present Mixminion, an anonymous communication system
+currently in active development.
-Soon after the first business-related telegram was sent to an
+As early as the first business-related telegrams were received by an
untrusted telegraph operator, businesses have recognized the
-importance of encrypting messages on communications networks.
-Less well-recognized, however, is the importance of protecting business
+importance of encrypting messages on communications networks. Less
+well-recognized, however, is the importance of protecting business
communications against traffic analysis.
Whenever data travels over public networks, an eavesdropper can
-usually determine with little difficulty the sender and recipient of
-that data. Although this information might initially seem of little
-interest, there are many circumstances under which learning the volume
-of communication between a pair of sites can reveal sensitive
-information. For example, traffic analysis can reveal:
+usually link messages to their senders and receivers with little
+difficulty. Although this linkage might initially seem of little
+interest, there are many circumstances under which the volume of
+communication between two sites can reveal sensitive information. For
+example, linking senders and recipients can reveal:
\begin{itemize}
\item Whether (and how often) the CEO of a Fortune 500 corporation has
-been exchanging email with the CEO of a rumored buyout partner.
+ been exchanging email with the CEO of a rumored buyout partner.
\item Which suppliers' websites a given purchaser is visiting.
\item Which prospective customers a vendor has emailed, and which of
them responded via email.
+\item In some digital cash designs, the volume and frequency of
+ transactions between participants and between participants and
+ banks.
\end{itemize}
-[XXXX add an example specifically related to the finance community?]
When an organization is geographically distributed, its internal
communications can become a target of traffic analysis. In this way,
an eavesdropper may learn:
@@ -81,29 +83,27 @@
These attacks are certainly feasible today. On the simplest level,
corporate website administrators routinely survey logs to learn which
competitors and customers have viewed which parts of their websites,
-and how often. The more sophisticated attacks are almost certainly
+and how often. The more sophisticated attacks are almost certainly
within capabilities of the NSA-supported ECHELON eavesdropping system
(which has been probably used to advance the commercial interests of
-its sponsor nations) [XXXX must confirm this], or the capabilities of
-any COMINT-sophisticated nation inclined to use its resources for
-economic goals. But while companies doing secure digital commerce
-are right to consider the threat of mid-sized foreign governments,
-perhaps the threat of espionage from competing companies is more
-compelling. The risk that an adversary might pay off a janitor in a
-nearby telcom isn't something well-explored in the public literature.
+its sponsor nations), or the capabilities of any COMINT-sophisticated
+nation inclined to use its resources for economic goals. But while
+companies doing secure digital commerce are right to consider the
+threat of mid-sized foreign governments, the threat of espionage from
+competing companies may be more compelling. The risk of a competitor
+bribing a janitor in a nearby telcom, or sneaking eavesdropping
+equipment into a colocation facility, is not well explored in
+the public literature.
-Traffic analysis resistance is also a critical component to
-more advanced financial cryptography systems, such as anonymous digital
+Traffic analysis resistance is also a critical component to more
+advanced financial cryptography systems, such as anonymous digital
cash schemes and private auctions: without anonymous transport, these
-schemes provide very little security.
+schemes provide very little of the privacy that they promise.
In this short paper, we discuss several existing systems and designs to
defeat traffic analysis. We focus on Mixminion, an open-source
application with a deployed research network.
-[XXXX What about pseudonymity? -NM]
-[What about it? -RD]
-
\subsection{Background}
David Chaum launched the study of anonymous communications in 1981,
with his design for a network of anonymizing servers or \emph{mixes}
@@ -116,17 +116,17 @@
correctly hides the correlation between incoming and outgoing messages,
an eavesdropper should not be able to connect senders to recipients.
-The first widespread public implementations of mixes were produced by
+The first widespread public implementations of mixes was produced by
contributors to the Cypherpunks mailing list. These ``Type I''
\emph{anonymous remailers}
were inspired both by the problems surrounding the {\tt anon.penet.fi}
service \cite{helsingius}, and by theoretical work on mixes. Hughes
wrote the first Cypherpunk anonymous remailer \cite{remailer-history};
Finney followed closely with a collection of scripts that used Phil
-Zimmermann's PGP to encrypt and decrypt remailed messages. Later, Cottrell
+Zimmermann's PGP to encrypt remailed messages. Later, Cottrell
implemented the Mixmaster system \cite{mixmaster-attacks,mixmaster-spec},
or ``Type II'' remailers, which added message padding, message pools,
-and other mix features lacking in the Cypherpunk remailers.
+and other mix features lacking in the original Cypherpunk remailers.
Unfortunately, Mixmaster does not support replies or anonymous recipients
--- people who want these functions must use the older and less secure
Cypherpunk network.
@@ -138,33 +138,52 @@
\cite{freedom2-arch} and Onion Routing \cite{onion-routing:pet2000},
to totally decentralized p2p networks like Tarzan \cite{tarzan:ccs02}
and Morphmix \cite{morphmix:wpes2002}. But while these system are
-more suited for low-latency applications such as web browsing,
+more suitable than mixes for low-latency applications such as web browsing,
chatting, and VoIP, they are more vulnerable to certain attacks than
are traditional high-latency mix-net designs. Specifically, if an
-eavesdropper can observe both sides of the communication, watching the
-timing of message sending and delivery will quickly reveal linkage
-between senders and recipients. Although these systems prevent
+eavesdropper can observe both sides of the communication, the
+timing of message sending and delivery will quickly link
+senders and recipients. Although these systems block
certain kinds of traffic analysis, they cannot defend against an
adversary with significant COMINT abilities.
\section{Mixminion: Open source strong anonymity}
Mixminion is the reference implementation of the Type III mix-net,
which was first designed between 2001 and 2002 to address the (few)
-weaknesses of Type II and also to reintroduce reply messages in a secure
-manner and thus allow us to retire the Type I network. Mixminion's design
-was first published in \cite{minion-design}; its specification is publicly
-available \cite{mixminion-spec}.
+weaknesses of Type II and also to reintroduce reply messages in a
+secure manner, thus allowing us to retire the (insecure) Type I
+network. Mixminion's design was first published in
+\cite{minion-design}; its specification is publicly available
+\cite{mixminion-spec}.
The Type III mix-net design improves on previously deployed designs
as follows:
\begin{itemize}
-\item {\bf Secure single-use reply blocks, with indistinguishable replies.}
+\item {\bf Secure single-use reply blocks, with indistinguishable
+ replies.} In order to prevent earlier attacks in which multiple-use
+ reply channels can be used to break anonymity, Type II supports only
+ single-use reply channels. These replies are indistinguishable from
+ forward messages to all parties except their senders and recipients.
\item {\bf Forward-secure, email-independent transfer protocol.}
-\item {\bf Integrated directory design.}
-\item {\bf Replay prevention and integrated key rotation.}
-\item {\bf Dummy traffic}
+ Integration with mail transfer agents (such as Sendmail) has
+ been a fragile issue with earlier remailer networks. Type III uses
+ its own TLS-based transfer protocol to relay messages between
+ mixes. The protocol is forward secure so future mix compromises
+ cannot compromise past traffic recorded by an eavesdropper.
+\item {\bf Integrated directory design.} Earlier deployed mix-nets
+ have left the issue of mix discovery to a set of unspecified,
+ uncoordinated, out-of-band keyservers. Type III introduces
+ synchonized directory servers to sign mix directories and avoid
+ single-point-of-failure issues.
+\item {\bf Integrated key rotation.} Under Type I and Type II, key
+ rotation occurs out of band, when a mix's administrator publicly
+ announces a new key and tries to persuade other mixes and users to
+ stop using the old key. This process can take weeks to months. In
+ Type III, mixes publish new keys to directories so that clients can
+ retrieve them automatically, thus making key rotation practical.
+\item {\bf Dummy traffic.} Type III introduces a simple cover traffic
+ design to complicate traffic analysis within the network.
\end{itemize}
-[XXXX say more, of course.]
The first public version of Mixminion was released in December of
2002. Since then, we have grown a deployed network of 22 testing
@@ -213,9 +232,6 @@
allows the enterprise's security administrators to do their jobs while
still protecting the company's activities from outside observers.
\end{itemize}
-
-[XXXX Should we talk more about the academic/research side of our
-status?] [what would we say?]
[ i think the paper should conclude with an emphasis
on systemsy stuff, as well as a call for the finance / data security
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/