[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: SURB-format


I believe the replay attack protection is described in the Mixminion
design paper (Oakland, 2003.) It also might be in the Underhill spec.

However, reply-block based pseudonym systems are broken, completely. If
that might influence your direction with this, you may want to consider
those problems.

Nick's work in The Pynchon Gate (WPES, 2005) demonstrates that nym
servers, even SURB-based ones, that are based on mixes and reply blocks
fall victim to intersection attacks within a month's worth of traffic
*sent to the nym*. (Probably even more quickly now, based on the rise of
spam in the last few years.)

(See Section 4.2 of that paper, available here:
http://www.cosic.esat.kuleuven.be/publications/article-620.pdf )

On Mon, 18 Jun 2007, Jens Kubieziel wrote:

> Hi,
> I'm actually some design documents from mixminion.net and try to
> understand how a SURB is built. However I can't figure out how a server
> recognizes different SURBS. As far as I understand it I can generate
> several SURBS and send them to Alice. She uses one for her reply and
> this SURBS is then marked as expired at the server. But how does the
> server recognize that this SURB is expired?
> Besten Gruß
> --
> Jens Kubieziel                                   http://www.kubieziel.de
> My advice (which I'm quite sure someone else has given here previously):
> Use the OS you're most comfortable with. All of them can be adequately
> secured, and the administrator is in just about all cases the point of
> vulnerability.                              Charles Duffy