[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Anonymity on mobile devices



Christian Beil wrote:

Thanks for your contribution, Matt.
I agree with you, but may I ask why exactly the wireless connection (from the mobile device to the the provider) is the biggest weakness?
We wanted to apply Tor directly on the mobile device, but there were two problems:
1. the device can't handle the many heavy cryptographic operations
2. the OR list is quite big and cost the user more than 1 euro each time
To improve our gateway architecture, I was thinking of the following (partial) solutions for these problems:
1. the mobile client negotiates a key with one OR which he wishes as exit node, he encrypts a single onion skin for this OR and sends the cell/skin to the gateway, the gateway adds the additional onion skins and sends the cell, therefore the gateway doesn't know the final destination
2. therfore the client needs the OR list, which could be stored on the device permanently; each time the client connects to the gateway he loads just the status of the ORs and perhaps some updates to the OR list (new onion routers)



Cheers! Christian

I like the idea of the gateway further not knowing the final product, but more useful would be if you could find some way to reverse the process or add a link so that the gateway wouldn 't know who the origin was. I know that this is just adding more trouble to the processing plate. I would be interested in hearing what kind of hand shake you are thinking about doing if not public key. I know that there are some good other one's, but none that are quite on the same level of security. Or perhaps the device could handle just the one public key exchange with out overloading. If you don't have any good idea's, I have some ideas that could be usefull to you. kind of depends on what specifically you are guarding against though. In effect: What are you trying to hide? Your actions, Your Identity/Location, or some combination of both?
As to your question:
Wireless is always going to be a security risk because we have yet to invent perfect encryption. It makes it almost imposible to get rid of risk and there is always risk while your enemies are able to freely collect your private information at will and without your knowledge.


curiosity, what costs the user more than 1 euro each time?....
or in other words
what does this  sentence mean...

<2. the OR list is quite big and cost the user more than 1 euro each time>


-=Matt=-