[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: daystamp attacks
On Tue, 2002-04-02 at 14:11, Roger Dingledine wrote:
> I imagine there are also
> intentional-delaying attacks that will make certain messages expire,
> not expire, etc, all leaking information.
To elaborate: Suppose Alice sends a message on Tuesday, at 1pm, along a
4-hop cascade. Mallory controls nodes 1 and 4. Alice dates her message
"Tuesday", but it will still be valid on Wednesday. Mallory holds
Alice's message at node 1 until 9pm on Wednesday, when any remaining
Tuesday traffic will have dwindled to a trickle (since it have been in
the network for over 21 hours!). Mallory then relays Alice's message,
and waits for a 'Tuesday' message to show up at node 4. Goodbye
anonymity!
The problem above is that a message can be 'very rare' and 'valid' at
the same time. One solution might be to divide time into a series of
overlapping blocks; for example, noon-noon and midnight-midnight. If
you're not near the end of either of the current blocks, you pick one at
random. Otherwise, you pick the one you're in the middle of. I _think_
this beats Roger's attack, but I'm not sure; it would depend on the
mixing delays.
>And reply blocks need to have these daystamps too. If we assume that
>messages are fully delivered within 24 hours, and we allow the one day
>buffer on the daystamp, is it sufficient to just bundle which day it's
>valid for along with the reply block?
Hnn. I think this is required; A SURB can only be valid within one time
window.
--
Nick