[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] Restored replay attack section, made minor layout ch...

To: freehaven-cvs@xxxxxxxxxxxxx
Subject: [freehaven-cvs] Restored replay attack section, made minor layout ch...
From: rabbi@xxxxxxxx
Date: Sun, 4 Sep 2005 16:22:40 -0400 (EDT)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Sun, 04 Sep 2005 16:22:54 -0400
Reply-to: freehaven-dev@xxxxxxxxxxxxx
Sender: owner-freehaven-cvs@xxxxxxxxxxxxx
Update of /home2/freehaven/cvsroot/doc/pynchon-gate
In directory moria:/tmp/cvs-serv13022

Modified Files:
	pynchon.pdf pynchon.tex 
Log Message:
Restored replay attack section, made minor layout changes. This should be 
the final version.


Index: pynchon.pdf
===================================================================
RCS file: /home2/freehaven/cvsroot/doc/pynchon-gate/pynchon.pdf,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
Binary files /tmp/cvsAroGH5 and /tmp/cvsA5CyLp differ

Index: pynchon.tex
===================================================================
RCS file: /home2/freehaven/cvsroot/doc/pynchon-gate/pynchon.tex,v
retrieving revision 1.76
retrieving revision 1.77
diff -u -d -r1.76 -r1.77
--- pynchon.tex	2 Sep 2005 07:48:52 -0000	1.76
+++ pynchon.tex	4 Sep 2005 20:22:38 -0000	1.77
@@ -57,7 +57,7 @@
 \author{
 \alignauthor Len Sassaman\\
         \affaddr{Katholieke Universiteit Leuven}\\
-        \email{len.sassaman@xxxxxxxxxxxxxxxx}
+        \email{lsassama@xxxxxxxxxxxxxxxx}
 \alignauthor Bram Cohen\\
         \affaddr{BitTorrent}\\
         \email{bram@xxxxxxxxxxxxxxx}
@@ -105,7 +105,7 @@
 messages that originate at a pseudonymous address (or ``nym'') unlinked to
 the user, and to receive messages sent to that address, without allowing
 an attacker to deduce which users are associated with which pseudonyms.
-These systems can be used for users
+These systems can be used for parties
 to communicate without revealing their identities, or can be used as a
 building-block for other systems that need a bi-directional anonymous
 communication channel, such as Free Haven~\cite{freehaven-berk}. But, as
@@ -586,7 +586,7 @@
 has ever received.
 In the interest of retaining little information for an attacker,
 implementations should discard old secrets \emph{as soon as they are no
-longer needed.} Thus, at the start of each cycle i, a nymserver should
+longer needed.} Thus, at the start of each cycle $i$, a nymserver should
 derive $S[i+1]$, $\UserID{}[i]$, and $\SUBKEY(0,i)$, and immediately discard
 $S[i]$.
 After using each $\SUBKEY(j,i)$, the nymserver should calculate $\SUBKEY(j+1,i)$
@@ -618,15 +618,15 @@
 %used to authenticate the distributor and establish the TLS session for the
 %PIR protocol, and should be rotated regularly to provide forward secrecy.
 
-%\subsubsection{Replay attacks.}
-%An attacker capable of monitoring the communications network may attempt
-%to obtain information about nym holders by comparing network and user
-%behavior when a given message or packet is transmitted multiple times.
-%
-%The Pynchon Gate uses TLS when communicating between components and the
-%client, so that data is encrypted with a short-lived session key. The
-%topology of the Pynchon Gate infrastructure further eliminates areas of
-%potential replay attack risk.
+\subsubsection{Replay attacks.}
+An attacker capable of monitoring the communications network may attempt
+to obtain information about nym holders by comparing network and user
+behavior when a given message or packet is transmitted multiple times.
+
+The Pynchon Gate uses TLS when communicating between components and the
+client, so that data is encrypted with a short-lived session key. The
+topology of the Pynchon Gate infrastructure further eliminates areas of
+potential replay attack risk.
 
 \subsubsection{Tagging and known-cleartext attacks.}
 \label{subsec:tagging}
@@ -711,60 +711,6 @@
 
 \subsection{Statistical disclosure against reply-block-based nym servers}
 \label{subsec:disclosure}
-
-
-\begin{figure*}[t]
-\begin{center}
-\begin{minipage}{\linewidth}
-\renewcommand{\thefootnote}{\thempfootnote}
-{\tiny
-\begin{tabular}{|r|c|c|c|c|}
-\hline
-{\bf System} & {\bf Nymserver bandwidth} &
-    {\bf Infrastructure bandwidth}  &
-    {\bf User bandwidth} &
-    {\bf Nymserver storage} \\
-% Infrastructure storage?
-\hline
-Type I nymservers &
-    $\sum \Vol_i + CVol_i$ &
-    $\CVol_i$ &
-    $\frac{2 \ell \sum \CVol_i}{S}$ &
-    $r N$ \\Type III nymserver
-\footnote{\tiny Underhill can be used in a full padding mode. In this case, the
-performance evaluation is the same, except that $CVol_i$ is calculated as
-the maximum compressed volume a user can receive, rather than the
-average.} &
-    $\sum \Vol_i + (M+r) \sum \left\lceil \frac{\CVol_i}{P} \right\rceil $&
-    $\frac{2 L (M+r)}{S} \sum \left\lceil \frac{\CVol_i}{P} \right\rceil $&
-    $(P+r) \left\lceil \frac{\CVol_i}{P} \right\rceil $ &
-    $r W \sum \left\lceil \frac{\CVol_i}{P} \right\rceil $ (best
-      case) \\
-Usenet drop &
-    n/a &
-    $\frac{W}{S} \sum \CVol_i$ &
-    $\left[ \frac{N}{S} +1 \right] \sum \CVol_i $ &
-    $\sum \CVol_i$
-    n/a \\
-The Pynchon Gate &
-   $\sum \Vol_i + \mbox{Pool} $ &
-   $\frac{1}{S}\left[ \sum \mbox{ClientB}_i + \mbox{Pool} \right]$ &
-%   $2 \mbox{ME} I + \mbox{Buckets}_i \left[ (K-1) SS + \frac{(m+I)}{8} + B
-%            \right] $ &
-   $2 \mbox{ME} I + \mbox{ClientPIRVol}$\footnote{\tiny ClientPIRVol is the
-amount of data sent and received during PIR, or 
-  $\mbox{Buckets}_i \left[ (K-1) SS + \frac{(m+I)}{8} + B \right]$} &
-   $W \mbox{Pool}$
-\\
-\hline
-\end{tabular}
-}
-\end{minipage}
-\end{center}
-\caption{Performance comparison for several pseudonymity designs.}
-\label{fig:performance}
-\end{figure*}
-
 Nym servers based on reply blocks (discussed in Section
 \ref{subsec:related-work} above) are currently the most popular option for
 receiving messages pseudonymously.  Nevertheless, they are especially
@@ -898,7 +844,7 @@
 to distribute everything to the distributors efficiently. Other similar tradeoffs between 
 latency, bandwidth, storage, and computation also exist.
 
-\subsection{Comparing The Pynchon Gate to other systems}
+\subsection{Comparing the Pynchon Gate to other systems}
 %XXXX write this.  Describe the other systems:
 %  Type I nymservers, aam, underhill, underhill with full padding,
 %   pynchon gate. (Is this necessary? We discuss these earlier.)
@@ -916,6 +862,58 @@
 %Moved table figure to the previous section to get it on the correct page.
 
 
+\begin{figure*}[t]
+\begin{center}
+\begin{minipage}{\linewidth}
+\renewcommand{\thefootnote}{\thempfootnote}
+{\tiny
+\begin{tabular}{|r|c|c|c|c|}
+\hline
+{\bf System} & {\bf Nymserver bandwidth} &
+    {\bf Infrastructure bandwidth}  &
+    {\bf User bandwidth} &
+    {\bf Nymserver storage} \\
+% Infrastructure storage?
+\hline
+Type I nymservers &
+    $\sum \Vol_i + CVol_i$ &
+    $\CVol_i$ &
+    $\frac{2 \ell \sum \CVol_i}{S}$ &
+    $r N$ \\Type III nymserver
+\footnote{\tiny Underhill can be used in a full padding mode. In this case, the
+performance evaluation is the same, except that $CVol_i$ is calculated as
+the maximum compressed volume a user can receive, rather than the
+average.} &
+    $\sum \Vol_i + (M+r) \sum \left\lceil \frac{\CVol_i}{P} \right\rceil $&
+    $\frac{2 L (M+r)}{S} \sum \left\lceil \frac{\CVol_i}{P} \right\rceil $&
+    $(P+r) \left\lceil \frac{\CVol_i}{P} \right\rceil $ &
+    $r W \sum \left\lceil \frac{\CVol_i}{P} \right\rceil $ (best
+      case) \\
+Usenet drop &
+    n/a &
+    $\frac{W}{S} \sum \CVol_i$ &
+    $\left[ \frac{N}{S} +1 \right] \sum \CVol_i $ &
+    $\sum \CVol_i$
+    n/a \\
+The Pynchon Gate &
+   $\sum \Vol_i + \mbox{Pool} $ &
+   $\frac{1}{S}\left[ \sum \mbox{ClientB}_i + \mbox{Pool} \right]$ &
+%   $2 \mbox{ME} I + \mbox{Buckets}_i \left[ (K-1) SS + \frac{(m+I)}{8} + B
+%            \right] $ &
+   $2 \mbox{ME} I + \mbox{ClientPIRVol}$\footnote{\tiny ClientPIRVol is the
+amount of data sent and received during PIR, or 
+  $\mbox{Buckets}_i \left[ (K-1) SS + \frac{(m+I)}{8} + B \right]$} &
+   $W \mbox{Pool}$
+\\
+\hline
+\end{tabular}
+}
+\end{minipage}
+\end{center}
+\caption{Performance comparison for several pseudonymity designs.}
+\label{fig:performance}
+\end{figure*}
+
 We have evaluated the resource requirements of various pseudonymity systems
 described in Section~\ref{subsec:related-work}, and compare their
 respective performance in Figure~\ref{fig:performance}. Bandwidth
@@ -1010,7 +1008,7 @@
 We thank Russell O'Connor for review of several candidate
 PIR systems; Adam Back for optimizations on the message request
 protocol; Lucky Green for valuable comments; Ben Laurie for review of an
-early sketch of the PIR Protocol; Sonia Ara\~na, Roger
+early sketch of the PIR Protocol; Sonia Ara\~na, Nikita Borisov, Roger
 Dingledine, Peter Palfrader, and Adam Shostack for proofreading and
 comments on the paper. Finally, thanks to the many members of the
 Cypherpunks mailing list who have contributed to the field of

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxx with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/
Prev by Author: [freehaven-cvs] Nikita caught a spelling error, an awkward sentence,...
Previous by thread: [freehaven-cvs] ispell
Index(es):
- Author
- Thread