[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] More minor fixes. Last commit until morning.
Update of /home2/freehaven/cvsroot/doc/pynchon-gate
In directory moria.mit.edu:/tmp/cvs-serv26701
Modified Files:
pynchon.tex
Log Message:
More minor fixes. Last commit until morning.
Index: pynchon.tex
===================================================================
RCS file: /home2/freehaven/cvsroot/doc/pynchon-gate/pynchon.tex,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -d -r1.27 -r1.28
--- pynchon.tex 16 Sep 2004 21:08:14 -0000 1.27
+++ pynchon.tex 16 Sep 2004 21:39:56 -0000 1.28
@@ -1,15 +1,16 @@
\documentclass[runningheads]{llncs}
%
% TODO:
-% - Revise design section, make it correct.
-% - Add figures for design.
-% - Add performance section.
-% - Compute and add results for statistical disclosure section.
-% - ????
+% - Revise design section, make it correct. (NM, LS)
+% - Add figures for design. (LS, mockups from NM?)
+% - Add performance section. (NM)
+% - Compute and add results for statistical disclosure section. (NM)
+% - Write conclusion. (LS)
+% - Finish "known attacks" section. (LS)
%
-% - Proofread more
+% - Proofread more (LS, NM)
% - Get it under 15 pages, if needed.
-% - Submit.
+% - Submit. (LS)
\usepackage{url}
\usepackage{graphics}
@@ -221,13 +222,13 @@
networks~\cite{danezis-pet2004,gd-thesis,mixmaster-reliable}.
\subsubsection{Network-level server anonymity.}
-The second generation implementation of Onion Routing~\cite {tor-design}
-implements rendezvous points~\cite {ian-thesis} that
-allow users to offer location-hidden services. A user wishing to
-anonymously receive messages could use this to receive mail at a hidden
-location: Messages would be delivered to the server over
-the Onion Routing network, and successful delivery would not require the
-sender to know the IP address of the destination server.
+The second generation implementation of Onion Routing, Tor~\cite
+{tor-design}, implements rendezvous points~\cite {ian-thesis} that allow
+users to offer location-hidden services. A user wishing to anonymously
+receive messages could use this to receive mail at a hidden location:
+Messages would be delivered to the server over the Onion Routing network,
+and successful delivery would not require the sender to know the IP
+address of the destination server.
Rendezvous points offer an alternative method of leveraging network-level
anonymity systems for anonymous mail receipt; however, they do not address
@@ -261,7 +262,9 @@
%implementation security of the ElGamal cryptosystem remain.}
%
%% I think the thing above is kinda FUDdy -- the entire anonymity field is
-%% less well analyzed than the discrete log problem.
+%% less well analyzed than the discrete log problem. (NM)
+%%
+%% I agree we should take this out. (LS)
\subsubsection{Broadcast messages and dead-drops.}
Chaum discusses a traffic-analysis prevention method wherein all reply
@@ -294,35 +297,38 @@
\subsection{Known attacks against pseudonymity systems}
\label{subsec:known-attacks}
%XXXX writeme
-We discuss the security implications in pesudonymity systems throughout
+We discuss the security implications in pseudonymity systems throughout
this paper. Most attacks on pseudonymity systems fall into one of the
following categories.
-Legal and hacking attacks. Attackers may attempt to coerce the operators
-of pseudonymity systems through lawsuits or other means, or may attempt to
-surreptitiously obtain information about nym-holders. Systems should be
-designed so that such information cannot be obtained.
+\subsubsection{Legal and hacking attacks.}
+ Attackers may attempt to coerce the operators of pseudonymity systems
+through lawsuits or other means, or may attempt to surreptitiously obtain
+information about nym-holders. Systems should be designed so that such
+information cannot be obtained.
-Mix attacks. Systems based on the mix-net primative must be concerned with
-attacks against the underlying mix-network, as they rely upon it for
-security. Additionally, reply-block-based nym server systems require
-additional security properties that normal mix-net systems may not
-have~\cite{minx}.
+\subsubsection{Mix attacks.}
+Systems based on the mix-net primative must be concerned with attacks
+against the underlying mix-network, as they rely upon it for security.
+Additionally, reply-block-based nym server systems require additional
+security properties that normal mix-net systems may not have~\cite{minx}.
-Replay attacks. An attacker capable of monitoring the communications
-network may attempt to obtain information about nym holders by comparing
-network and user behavior when a given message or packet is transmitted
-multiple times.
+\subsubsection{Replay attacks.}
+An attacker capable of monitoring the communications network may attempt
+to obtain information about nym holders by comparing network and user
+behavior when a given message or packet is transmitted multiple times.
-Who am I? attack. An attacker may send messages intended for nym Alice
-intended fo nym Bob, in order to confirm that Alice and Bob are the same
+\subsubsection{{\it Who am I?} attack.}
+An attacker may send messages intended for nym Alice intended fo nym Bob,
+in order to confirm that Alice and Bob are the same
nym-holder~\cite{gd-thesis}.
-Usage pattern and intersection attacks. An attacker may analyze network
-usage and anonymity set members over time to sub-divide anonymity sets
-such that a given user is identified.
+\subsubsection{Usage pattern and intersection attacks.}
-Statistical-disclosure attacks.
+An attacker may analyze network usage and anonymity set members over time
+to sub-divide anonymity sets such that a given user is identified.
+
+\subsubsection{Statistical-disclosure attacks.}
\subsection{Statistical disclosure against reply-block-based nym servers}
\label{subsec:disclosure}
@@ -523,7 +529,7 @@
will contain the desired message or messages.
To prevent man-in-the-middle attacks, TLS is used as the protocol's
-transport layer~\cite{rfc-2249}. Users negotiate a TLS connection with a
+transport layer~\cite{rfc-2246}. Users negotiate a TLS connection with a
given distributor, and then relay PIR messages as described. The
connection is authenticated using a certificate in a two-level certificate
chain. The top-level certificate is a self-signed long-term certificate
@@ -659,6 +665,7 @@
\section{A Note on Usability}
%XXXX Merge into conclusion, where we evaluate our success.
+%XXXX I don't mind chopping this whole section out if we need to. -LS.
The most popular pseudonym system ever deployed was {\tt
anon.penet.fi}~\cite{helsingius}. This system provided users with an easy,
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/