[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] Misc fixes.
Update of /home2/freehaven/cvsroot/doc/pynchon-gate
In directory moria.mit.edu:/tmp/cvs-serv15614
Modified Files:
pynchon.bib pynchon.tex
Log Message:
Misc fixes.
Index: pynchon.bib
===================================================================
RCS file: /home2/freehaven/cvsroot/doc/pynchon-gate/pynchon.bib,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- pynchon.bib 15 Sep 2004 19:30:35 -0000 1.11
+++ pynchon.bib 16 Sep 2004 18:29:38 -0000 1.12
@@ -32,6 +32,22 @@
year = {1985},
}
+@article{jap-backdoor,
+ title = {Net anonymity service back-doored},
+ author = {Thomas C. Greene},
+ journal = {The Register},
+ year = {2003},
+ note = {\url{http://www.theregister.co.uk/2003/08/21/net_anonymity_service_backdoored/}},
+}
+
+@misc{jap-pr,
+ author = {Independent Centre for Privacy Protection},
+ title = {{AN.ON} still guarantees anonymity},
+ year = {2003},
+ howpublished = {\url{http://www.datenschutzzentrum.de/material/themen/presse/anonip_e.htm}},
+}
+
+
@phdthesis{ian-thesis,
title = {A Pseudonymous Communications Infrastructure for the Internet},
author = {Ian Goldberg},
@@ -71,6 +87,33 @@
ftp_ps_url = {ftp://ftp.inf.ethz.ch/pub/publications/papers/ti/isc/ElGamal.ps},
}
+@inproceedings{mixmaster-reliable,
+ title = {Comparison between two practical mix designs},
+ author = {Claudia D\'{\i}az and Len Sassaman and Evelyne Dewitte},
+ booktitle = {Proceedings of 9th European Symposiumon Research in Computer Security
+ (ESORICS)},
+ year = {2004},
+ month = {September},
+ address = {France},
+ series = {LNCS},
+ www_ps_gz_url = {http://www.esat.kuleuven.ac.be/~cdiaz/papers/cdiaz_esorics.ps.gz},
+ www_section = {Traffic analysis},
+}
+
+@inproceedings{jap,
+ title = {Web {MIX}es: A system for anonymous and unobservable {I}nternet access},
+ author = {Oliver Berthold and Hannes Federrath and Stefan K\"opsell},
+ booktitle = {Proceedings of Designing Privacy Enhancing Technologies: Workshop on Design
+ Issues in Anonymity and Unobservability},
+ year = {2000},
+ month = {July},
+ pages = {115--129},
+ editor = {H. Federrath},
+ publisher = {Springer-Verlag, LNCS 2009},
+ www_pdf_url = {http://www.inf.fu-berlin.de/~feder/publ/2001/BeFK2001BerkeleyLNCS2009.pdf},
+ www_section = {Anonymous communication},
+}
+
@misc{nguyen,
title = {{Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3}},
author = {Phong Q. Nguyen},
@@ -102,6 +145,15 @@
www_pdf_url = {http://www.cs.bgu.ac.il/~beimel/Papers/BIKR.pdf},
}
+@inproceedings{minx,
+ title = {Minx: A Simple and Efficient Anonymous Packet Format},
+ author = {George Danezis and Ben Laurie},
+ booktitle = {{Proceedings of the Workshop on Privacy in the Electronic Society (WPES
+ 2004)}},
+ year = {2004},
+ month = {October},
+ address = {Washington, DC, USA},
+
@inproceedings{nym-alias-net,
title = {{The Design, Implementation and Operation of an Email Pseudonym Server}},
author = {David Mazi\`eres and M. Frans Kaashoek},
@@ -287,7 +339,7 @@
note = {\url{http://cypherpunks.venona.com/date/1994/08/msg00185.html}},
}
-@Misc{remailer-attacks,
+@misc{remailer-attacks,
author = {Lance Cottrell},
title = {Mixmaster and Remailer Attacks},
note = {\url{http://www.obscura.com/~loki/remailer/remailer-essay.html}},
@@ -364,11 +416,15 @@
organization = {USENIX}
}
-@misc{danezis-traffic-analysis,
- title = {Personal Communication, further citation forthcoming},
- author = {George Danezis},
- year = {2003},
- month = {April},
+@inproceedings{danezis-pet2004,
+ title = {The Traffic Analysis of Continuous-Time Mixes},
+ author = {George Danezis},
+ booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2004)},
+ year = {2004},
+ month = {May},
+ series = {LNCS},
+ www_pdf_url = {http://www.cl.cam.ac.uk/users/gd216/cmm2.pdf},
+ www_section = {Traffic analysis},
}
@misc{pgp5-elgamal,
@@ -408,12 +464,14 @@
www_txt_url = {http://www.ietf.org/rfc/rfc2779.txt},
}
-@misc{tor-design,
- title = {{Tor: The Second-Generation Onion Router}},
- author = "Roger Dingledine and Nick Mathewson and Paul Syverson",
- month = {January},
- year = {2004},
- howpublished = {Manuscript},
+@inproceedings{tor-design,
+ title = {Tor: The Second-Generation Onion Router},
+ author = {Roger Dingledine and Nick Mathewson and Paul Syverson},
+ booktitle = {Proceedings of the 13th USENIX Security Symposium},
+ year = {2004},
+ month = {August},
+ www_pdf_url = {http://freehaven.net/tor/tor-design.pdf},
+ www_section = {Anonymous communication},
}
@misc{echolot,
Index: pynchon.tex
===================================================================
RCS file: /home2/freehaven/cvsroot/doc/pynchon-gate/pynchon.tex,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -d -r1.19 -r1.20
--- pynchon.tex 15 Sep 2004 22:27:24 -0000 1.19
+++ pynchon.tex 16 Sep 2004 18:29:38 -0000 1.20
@@ -16,15 +16,18 @@
\author{Len Sassaman\inst{1} \and Bram Cohen\inst{2} \and Nick Mathewson\inst{3}}
\institute{K. U. Leuven ESAT-COSIC \\
-Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium
+ Kasteelpark Arenberg 10, \\
+ B-3001 Leuven-Heverlee, Belgium \\
\email{len.sassaman@esat.kuleuven.ac.be}
\and
BitTorrent \\
227 Bellevue Way NE, Suite 152, \\
- Bellevue, WA 98004 USA. \\
+ Bellevue, WA 98004 USA \\
\email{bram@bitconjurer.org}
\and
The Free Haven Project\\
+ 316 Brookline Street, Suite 3, \\
+ Cambridge, MA 02139 USA \\
\email{nickm@freehaven.net}
}
@@ -32,12 +35,12 @@
\begin{abstract}
We present the Pynchon Gate, a practical pseudonymous message retrieval
-system. Our design uses a simple distributed-trust Private Information
-Retrieval protocol to prevent adversaries from linking recipients to their
+system. Our design uses a simple distributed-trust private information
+retrieval protocol to prevent adversaries from linking recipients to their
pseudonyms, even when some of the infrastructure has been compromised. The
Pynchon Gate design resists global traffic analysis significantly better than
existing deployed pseudonymous email solutions, at the cost of additional
-bandwidth costs---although unlike other high-bandwidth pseudonymity designs,
+bandwidth---although unlike other high-bandwidth pseudonymity designs,
the Pynchon Gate allows the costs to be distributed over many servers without
compromising security. We examine the security concerns raised by our model,
and propose solutions.
@@ -157,7 +160,7 @@
(Mixminion~\cite{mixminion}) systems do not permit multiple-use reply
blocks, and contain replay-attack protection mechanisms~\cite{replay}.
-\subsubsection{Single-use reply blocks.}
+\subsubsection{Single-use reply blocks.}
While the Type II system does not have any means of support for anonymous
reply blocks, the Type III system introduces single-use reply blocks
(SURBs)~\cite{surb} as a means of avoiding the replay attack issues. The
@@ -167,16 +170,16 @@
the storage of SURBs and transfer of pseudonymous mail through the
remailer network to the recipient. The technique used in Type III also has
the property that the forward and reply messages share the same anonymity
-set, which is a significant security improvement over Type I. However,
-since reply blocks are still being used, the reliability issues
-remain.\footnote {If any given node in the pre-selected SURB is defunct at
-the time mail is set to be delivered, the mail will be lost.} Reply block
-systems are also susceptible to intersection
-attacks~\cite{disad-free-routes}. A global observer can collect data on
-who is sending and receiving mail, and given enough time and data, will be
-able to reliably determine who is talking to whom via statistical
-correlation~\cite{statistical-disclosure}.
-
+set, which is a significant security improvement over Type I, and recent
+work has been done by Danezis and Laurie on attack-resistant anonymous
+packet formats suitable for reply messages~\cite{minx}. However, since
+reply blocks are still being used, the reliability issues remain.\footnote
+{If any given node in the pre-selected SURB is defunct at the time mail is
+set to be delivered, the mail will be lost.} Reply block systems are also
+susceptible to intersection attacks~\cite{disad-free-routes}. A global
+observer can collect data on who is sending and receiving mail, and given
+enough time and data, will be able to reliably determine who is talking to
+whom via statistical correlation~\cite{statistical-disclosure}.
\subsubsection {Network-level client anonymity.}
@@ -187,10 +190,12 @@
costs. Other network-level anonymity systems, such as
Pipenet~\cite{pipenet} and Onion Routing~\cite{goldschlag96} could be used
in much the same fashion; unfortunately, they also suffer the same
-barriers to deployment~\cite{fiveyearslater}. Low-latency anonymity
-systems such as these are also at greater risk of failure than the
-high-latency mixes, and are more susceptible to traffic analysis
-attacks~\cite {gd-thesis}.
+barriers to deployment~\cite{fiveyearslater}. The Java Anonymous
+Proxy~\cite{jap} has had greater adoption, but has suffered an anonymity
+compromise~\cite{jap-backdoor, jap-pr}. Low-latency anonymity systems such as
+these are also at greater risk of failure than the high-latency mixes, and
+are more susceptible to traffic analysis attacks~\cite {danezis-pet2004,
+gd-thesis, mixmaster-reliable}.
\subsubsection{Network-level server anonymity.}
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/