[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freehaven-dev] Some possible weaknesses?

I was out of town this last week of IAP, so missed the Sunday meeting.  But
after reading over Proposal 1.0 and the archived threads, I had a few
notes, although they might have already been answered:

Statistical attacks:
	My understanding:  the amount a server is able to store in the servnet is
proportional to the amount of space it provides to the servnet (Section
5.2).  Is this is raw size (i.e., megabytes).  If so, it feels that one may
perform some statistical analysis to try to determine from where a document
originates.   In a very simple case, given 5 servers:  4 store 1 MG, 1
stores 50 MB.  The very large files floating around the servnet very likely
originated from the last server.

	A keeps a copy of what it shared with B around for a while - I'm assuming
the A will query B to ensure that B has not lost/corrupted the file.  Then,
after B's trust has increased to some threshold, A will permit it's copy to
be lost.   This is the same (yet unanswered?) problem as to B maliciously
gaining trust, and then only behaving as a "evil server" until it passes
certain trust threshholds.

Buddy System:  
	Using two corrupted servers, we attempt to trade around shares such that
the 2 copies are on the two corrupted servers.  As repetition increases,
even with more corrupted servers (physically harder to attain), the
difficulty in migrating all copies to corrupted servers should increase.
More repetition obviously adds overhead.  It probably would be useful to
study how many copies are necessary for "minimal robustness."

Hope these are useful,

  Michael J Freedman

Mail:  mfreed@mit.edu
Web:     griffen.mit.edu
Phone:    617.225.9381