[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freehaven-dev] paper outline
This is a draft off the top of my head. Comments appreciated as always.
It's sketchy towards the end.
"Freee Haven : Towards the Specification, Design, and Modelling of a
Robust Anonymous Storage System"
1.1 Short summary of project ("We present the Free Haven project...")
1.2 Motivation for Anonymity
1.3 Short Description Of Why This Is Really Hard
1.4 Organization of the Paper
2.1 "Storage System"
2.1.1 Intuitive idea -- examples of storage systems
188.8.131.52 Hard Drive
184.108.40.206 Broadcast Disks
2.1.2 Definition of Storage System
2.1.3 Requirements for Storage Systems
220.127.116.11 Access Control
2.1.4 Distinction between "Storage" and "Publication"
18.104.22.168 Publication implies high availability
22.214.171.124 Publication implies high update capability (fresh data)
2.2 "Anonymous or Pseudonymous communication channel"
2.2.1 Intuitive idea and motivation
126.96.36.199 Voting protocols
188.8.131.52 Distinction between Anonymity and Pseudonymity
(hereafter conflated as "Nymity" for discussion until
we reach the point where one is easier than the other)
2.2.2 Examples of *nymous Channels
184.108.40.206 Chaum MIXes
220.127.116.11 Dining-Cryptographer Nets
18.104.22.168 Onion Routing / ZKS
22.214.171.124 Public Bulletin Boards
2.2.3 Requirements For *nymous Communication Channel
126.96.36.199 Low Latency
188.8.131.52 Anonymity (but what's that?)
2.2.4 Pinning Down / Defining Nymity
184.108.40.206 Intuitive notion - "Can't link message to sender."
220.127.116.11 Parties Involved
??? as we found out, this part may be a little tricky.
18.104.22.168.1 Computationally Bounded vs. Computationally Unbounded
22.214.171.124.2 "Active" vs. "Passive" adversaries
126.96.36.199 Pseudonymity vs. Anonymity
188.8.131.52.1 Pseudonymity at least as hard as Anonymity, maybe harder
2.2.5 General Attacks and Possible Countermeasures
184.108.40.206 Traffic Analysis
220.127.116.11.1 Message Pools, Reordering
18.104.22.168.3 "Latency vs. Nymity"
22.214.171.124 Usage Patterns ("intersection attack")
126.96.36.199 Stupid User Tricks (e.g. "ask browser for user's name. gee.")
188.8.131.52 Which Attacks Can and Probably Can't Be Prevented
2.2.6 Extant Formal Definitions of Anonymity For Communication Channels
184.108.40.206 Chaum's Definition and Proofs
220.127.116.11 "Probabilistic Anonymity" from SG-MIXes
18.104.22.168 Quantified Anonymity - Crowds (and Roger)
-i.e. "You are 50-anonymous"
22.214.171.124 Reasoning About Quantified Anonymity - Syverson
2.2.6 Where Definitions Need More Work (if anywhere)
2.2.7 Cool Ideas Which No One Has Really Analyzed Yet
126.96.36.199 Garlic Routing -- address "robustness"
188.8.131.52 Constantly Changing Addresses (suggested by us, also seems by this
Dogan Kesdogan guy)
184.108.40.206 "Alien Conspiracy" routing
220.127.116.11 "Variable Implicit Addresses" (Dogan Kesdogan again)
2.3 "Anonymous Protocol"
2.3.1 Distinction between an anonymous channel and anonymous protocol
(similar to the distinction between a "secure channel" and
a "secure protocol" for multiparty computation)
2.3.2 The "Ideal Model" (suggested by Anna. Thanks, Anna!)
18.104.22.168 Motivation : Secure Multi-Party Computation
22.214.171.124.1 Problem and Definitions of Secure Multiparty Computation
(just a sketch. no need to add 300 pages for this section)
126.96.36.199 Towards A Definition of Ideal Anonymous Protocol
188.8.131.52.1 "Let's Play A Game : Who Wants To Be An Adversary?"
we don't have nice formal defintions here. but we can
sketch more or less what they might look like and cite it
as an open problem. with the major caveat that bad definitions
will allow you to prove true things which are useless.
(maybe make a straw man bad definition and show how it fails
3 Specification of the Free Haven System
<see Roger's Thesis>
3.1 Goals of Free Haven (in terms of previous definitions)
3.2 Outline of Free Haven
3.2.2 Nodes and Their Properties
3.3 The Communications Module
<all class responsibility diagrams and whatever go here>
<yes, I know, we don't have classes>
4. Modelling the Free Haven System
5. Attacks on Free Haven
6. Evaluation of Free Haven
6.1 Free Haven as Storage System
6.2 Free Haven as Anonymous Protocol
<Roger's chart goes in here>
7. Comparison to Related and Alternate Work
... and everything else .
8. Future Directions and Open Problems