[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] interim checkin
Update of /home/freehaven/cvsroot/doc/routing-zones
In directory moria.mit.edu:/tmp/cvs-serv1915
Modified Files:
network-tables.tex routing-zones.tex
Log Message:
interim checkin
added AS numbers to tables listing mix nodes, sorted by AS number
(this table is now driven from a DB)
I am going to add the name of the AS (e.g., "MIT", "Speakeasy DSL", etc.)
shortly
I also started to flesh out the rest of the intro, and made a section
called "data" where we describe the data used for analysis
also, started to organize the results section so we can start tossing stuff in
Index: network-tables.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/network-tables.tex,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- network-tables.tex 26 Jan 2004 07:32:18 -0000 1.3
+++ network-tables.tex 26 Jan 2004 17:58:32 -0000 1.4
@@ -1,92 +1,93 @@
-
-\begin{table} \caption{Tor nodes as of January 2004}
-\label{table:tor-network}
-\renewcommand{\arraystretch}{1.3}
+%%\begin{table}
+\begin{small}
+%%\caption{Tor nodes as of January 2004}
+%%\label{table:tor-network}
\begin{center}
-\begin{tabular}[b]{| l | l | l | l | c |}
-
+\begin{tabular}{|l|l|l|l|c|}
+\multicolumn{5}{c}{{\bf Tor nodes as of January 2004}} \\
\hline
-Name & IP address & Country & Zone & Exit node? \\
+Name & IP address & Country & AS \# & Exit node? \\
\hline
-anon.inf.tu-dresden.de & 141.76.46.90 & Germany & & \\
-anon.itys.net & 209.221.142.117 & US & & Y \\
-c3po.cs.byu.edu & 128.187.170.212 & US & & Y \\
-cassandra.eecs.harvard.edu & 140.247.60.133 & US & & Y \\
-code13.unixpunx.org & 205.158.23.142 & US & & \\
-gw.provos.org & 66.92.17.34 & US & & Y \\
-incognito.shmoo.com & 69.5.78.151 & US & & Y \\
-moria.mit.edu & 18.244.0.188 & US & & Y \\
-nymip.org & 66.92.0.206 & US & & Y \\
-ovmj.org & 128.10.19.51 & US & & Y \\
-peertech.org & 207.36.86.132 & US & & Y \\
-petra.felter.org & 69.20.9.201 & US & & Y \\
-tor.noreply.org & 62.116.124.106 & Austria & & \\
-www.peerfear.org & 66.93.132.237 & US & & Y \\
+moria.mit.edu & 18.244.0.188 & US & 3 & Y \\
+cassandra.eecs.harvard.edu & 140.247.60.133 & US & 11 & Y \\
+ovmj.org & 128.10.19.51 & US & 17 & Y \\
+anon.inf.tu-dresden.de & 141.76.46.90 & Germany & 680 & N \\
+code13.unixpunx.org & 205.158.23.142 & US & 2828 & N \\
+peertech.org & 207.36.86.132 & US & 3064 & Y \\
+anon.itys.net & 209.221.142.117 & US & 3742 & Y \\
+tor.noreply.org & 62.116.124.106 & Austria & 5424 & N \\
+c3po.cs.byu.edu & 128.187.170.212 & US & 6510 & Y \\
+gw.provos.org & 66.92.17.34 & US & 23504 & Y \\
+nymip.org & 66.92.0.206 & US & 23504 & Y \\
+www.peerfear.org & 66.93.132.237 & US & 23504 & Y \\
+petra.felter.org & 69.20.9.201 & US & 27357 & Y \\
+incognito.shmoo.com & 69.5.78.151 & US & 29699 & Y \\
\hline
\end{tabular}
\end{center}
-\end{table}
-
-\begin{table} \caption{Mixmaster nodes as of January 2004}
-\label{table:mixmaster-network}
-\renewcommand{\arraystretch}{1.3}
+\end{small}
+%%\end{table}
+%%\begin{table}
+\begin{small}
+%%\caption{Mixmaster nodes as of January 2004}
+%%\label{table:tor-network}
\begin{center}
-\begin{tabular}[b]{| l | l | l | l | c |}
-
+\begin{tabular}{|l|l|l|l|c|}
+\multicolumn{5}{c}{{\bf Mixmaster nodes as of January 2004}} \\
\hline
-Name & IP address & Country & Zone & Exit node? \\
+Name & IP address & Country & AS \# & Exit node? \\
\hline
-aarg & 69.9.134.82 & US & & \\
-amigo & 212.67.202.215 & England & & \\
-anon & 24.147.172.248 & US & & \\
-antani & 195.110.124.18 & Italy & & Y \\
-ashcroft & 66.79.46.86 & US & & \\
-austria & 212.124.142.99 & Austria & & Y \\
-banana & 82.133.6.115 & England & & \\
-bigapple & 167.206.5.3 & US & & Y \\
-bikikii & 216.80.122.14 & US & & \\
-bunker & 213.129.65.104 & US & & \\
-cf & 208.210.149.14 & US & & Y \\
-chicago & 65.31.179.120 & US & & \\
-citrus & 168.150.177.152 & US & & \\
-cmeclax & 208.150.110.21 & US & & \\
-congo & 216.154.65.55 & Canada & & Y \\
-cracker & 207.15.209.4 & US & & \\
-cripto & 195.250.236.58 & Italy & & Y \\
-cthulu & 67.121.201.38 & US & & \\
-dingo & 208.180.124.28 & US & & \\
-discord & 141.12.220.23 & Germany & & Y \\
-dizum & 194.109.206.210 & Netherlands & & Y \\
-dot & 81.0.225.26 & Poland & & \\
-edo & 213.254.4.10 & Italy & & Y \\
-freedom & 205.241.45.100 & US & & Y \\
-frell & 62.109.75.33 & Germany & & Y \\
-futurew & 212.66.104.81 & Italy & & Y \\
-gbnq & 213.133.98.183 & Germany & & \\
-george & 212.171.49.198 & Italy & & Y \\
-harmless & 66.92.53.74 & US & & \\
-hastio & 80.34.205.8 & Spain & & Y \\
-hermes & 208.42.19.154 & US & & \\
-italy & 62.211.72.26 & Italy & & Y \\
-itys & 209.221.142.117 & US & & Y \\
-krotus & 69.17.45.166 & US & & \\
-lcs & 18.26.0.254 & US & & \\
-lemuria & 213.191.86.35 & Germany & & Y \\
-liberty & 216.218.240.134 & US & & \\
-mercler & 213.133.111.165 & Germany & & \\
-metacolo & 193.111.87.9 & US & & Y \\
-nikto & 62.155.144.81 & Germany & & Y \\
-panta & 217.155.84.182 & England & & Y \\
-paranoia & 213.140.29.37 & Italy & & Y \\
-randseed & 216.218.240.190 & US & & Y \\
-riot & 213.254.16.33 & Italy & & \\
-rot26 & 62.245.184.24 & Germany & & \\
-starwars & 62.211.216.127 & Italy & & Y \\
-tonga & 213.130.163.34 & Netherlands & & Y \\
-vger & 66.166.203.164 & US & & \\
-willers & 128.107.241.167 & US & & \\
+lcs & 18.26.0.254 & US & 3 & N \\
+willers & 128.107.241.167 & US & 109 & N \\
+cf & 208.210.149.14 & US & 701 & Y \\
+freedom & 205.241.45.100 & US & 1239 & Y \\
+austria & 212.124.142.99 & Austria & 1901 & Y \\
+dizum & 194.109.206.210 & Netherland & 3265 & Y \\
+george & 212.171.49.198 & Italy & 3269 & Y \\
+starwars & 62.211.216.127 & Italy & 3269 & Y \\
+nikto & 62.155.144.81 & Germany & 3320 & Y \\
+hastio & 80.34.205.8 & Spain & 3352 & Y \\
+cmeclax & 208.150.110.21 & US & 3561 & N \\
+itys & 209.221.142.117 & US & 3742 & Y \\
+cracker & 207.15.209.4 & US & 4513 & N \\
+cripto & 195.250.236.58 & Italy & 5481 & Y \\
+bikikii & 216.80.122.14 & US & 6079 & N \\
+bigapple & 167.206.5.3 & US & 6128 & Y \\
+aarg & 69.9.134.82 & US & 6296 & N \\
+banana & 82.133.6.115 & England & 6728 & N \\
+liberty & 216.218.240.134 & US & 6939 & N \\
+randseed & 216.218.240.190 & US & 6939 & Y \\
+anon & 24.147.172.248 & US & 7015 & N \\
+citrus & 168.150.177.152 & US & 7132 & N \\
+cthulu & 67.121.201.38 & US & 7132 & N \\
+congo & 216.154.65.55 & Canada & 7271 & Y \\
+ashcroft & 66.79.46.86 & US & 7776 & N \\
+hermes & 208.42.19.154 & US & 8015 & N \\
+rot26 & 62.245.184.24 & Germany & 8767 & N \\
+antani & 195.110.124.18 & Italy & 12363 & Y \\
+amigo & 212.67.202.215 & England & 12616 & N \\
+edo & 213.254.4.10 & Italy & 12779 & Y \\
+riot & 213.254.16.33 & Italy & 12779 & N \\
+paranoia & 213.140.29.37 & Italy & 12874 & Y \\
+panta & 217.155.84.182 & England & 13037 & Y \\
+bunker & 213.129.65.104 & US & 13108 & N \\
+frell & 62.109.75.33 & Germany & 13184 & Y \\
+lemuria & 213.191.86.35 & Germany & 13184 & Y \\
+dot & 81.0.225.26 & Poland & 15685 & N \\
+vger & 66.166.203.164 & US & 18566 & N \\
+dingo & 208.180.124.28 & US & 19108 & N \\
+chicago & 65.31.179.120 & US & 20231 & N \\
+tonga & 213.130.163.34 & Netherland & 20481 & Y \\
+italy & 62.211.72.26 & Italy & 20580 & Y \\
+futurew & 212.66.104.81 & Italy & 20912 & Y \\
+harmless & 66.92.53.74 & US & 23504 & N \\
+krotus & 69.17.45.166 & US & 23504 & N \\
+metacolo & 193.111.87.9 & US & 24812 & Y \\
+gbnq & 213.133.98.183 & Germany & 24940 & N \\
+mercler & 213.133.111.165 & Germany & 24940 & N \\
+discord & 141.12.220.23 & Germany & 28714 & Y \\
\hline
\end{tabular}
\end{center}
-\end{table}
-
+\end{small}
+%%\end{table}
Index: routing-zones.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.tex,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- routing-zones.tex 26 Jan 2004 17:43:44 -0000 1.10
+++ routing-zones.tex 26 Jan 2004 17:58:32 -0000 1.11
@@ -63,7 +63,7 @@
from learning which message in the batch originated from a given sender
\cite{chaum81,trickle02}.
% (Of course, this only works if the system can tolerate some latency.)
-\item {\bf{Padding:}} Senders provide decoy traffic as well as normal
+\item {\bf{Padding:}} Senders provide decoy traffic, as well as normal
traffic, to
complicate the adversary's attempts to correlate sender and receiver
\cite{langos02,pipenet,defensive-dropping}.
@@ -94,11 +94,29 @@
% seem to be the only person who's said that phrase in a paper, and
% i think it would look bad.
-In this paper we investigate a variant of jurisdictional arbitrage
-based on Internet routing zones. By taking into account the topology
-of the underlying Internet routing, we can learn how vulnerable we
-are to certain classes of adversary, and take steps to decrease that
-vulnerability. Specifically, we show <the things that we learn later>.
+In this paper, we investigate a variant of jurisdictional arbitrage by
+taking advantage of the fact that the Internet is divided into thousands
+of independently operated networks called {\em autonomous systems}
+(ASes). By considering the topology of the underlying Internet routing,
+we can learn how vulnerable existing mix networks are to certain classes
+of adversary. Specifically, we define a {\em jurisdictional
+independence metric} that reflects the probability that the path to the
+entry point of a mix network and the path from the exit point will
+traverse the same AS. We then consider the node selection algorithms of
+existing mix networks, such as Tor~\cite{tor-design} and
+Mixmaster~\cite{mixmaster} and evaluate the independence metric for
+each of these networks.
+
+We find that both Tor and Mixmaster have multiple mix nodes in the same
+autonomous system. Users of these networks should take care to avoid
+selecting two nodes from the same AS, if at all possible. Furthermore,
+we note that {\bf XXX some property about mix paths and AS paths}.
+Users of these networks should take extreme care to select mix nodes to
+minimize the likelihood that the entry path and exit path for the mix
+network do not traverse the same AS. We also argue that, because
+paths between mix nodes often cross the same AS, that a user's
+vulnerability to eavesdropping does not decrease proportionally with the
+number of mix nodes in the path.
\section{Threat Model}
@@ -195,7 +213,7 @@
\subsubsection{Border Gateway Protocol}
-The Internet is composed of over 15,000 independently operated networks,
+The Internet is composed of about 17,000 independently operated networks,
or autonomous systems (ASes), that exchange reachability information via
the Border Gateway Protocol (BGP)~\cite{rfc1771}. An AS could be an
Internet Service Provider (ISP), a corporate network, or a university.
@@ -321,7 +339,7 @@
-\subsection{AS-level path estimation}
+\subsection{AS-level Mix Network Path Estimation}
If Alice had access to an up-to-date routing
table from every network containing mix nodes, she could construct a
@@ -351,11 +369,15 @@
reasonable estimation of the Internet's AS-level topology (i.e., what
ASes connect to what other ASes, etc.) and can provide reasonable
information about what path an arbitrary Internet host might take to
-reach any given destination. Mao {\em et al.} have recently developed
-similar techniques for passively determining AS-level paths between two
-Internet hosts~\cite{Mao2004}, given a view of the AS-level topology.
-We now summarize our technique, which is very similar to this proposed
-technique.
+reach any given destination.
+%Mao {\em et al.} have recently developed
+%similar techniques for passively determining AS-level paths between two
+%Internet hosts~\cite{Mao2004}, given a view of the AS-level topology.
+We now summarize our technique, which is similar in spirit to the
+technique recently proposed by Mao {\em et al.} Their work suggests
+that this type of technique works is accurate for more than 80\% of
+paths~\cite{Mao2004}.
+
\begin{enumerate}
\itemsep=3pt
@@ -388,11 +410,10 @@
therefore, it is generally safe to assume that any prefix contained
within {\tt 18.0.0.0/8} is located in AS~$3$.
-\vspace{0.1in}
- This approach has a few subtleties. First, ASes often allocate
- address space to their customers from their own address space, this
- technique should be applied to the longest matching prefix in the
- routing table. {\bf XXX multiple origin AS conflicts}
+\vspace{0.1in} Because ASes often allocate address space to their
+ customers from their own address space, this technique should be
+ applied to the longest matching prefix in the routing table.
+%%{\bf XXX multiple origin AS conflicts}
\item {\em Determine the relationships between each pair of ASes.} This
@@ -417,8 +438,7 @@
\item {\em Estimate the AS-level path between the two ASes by finding
the shortest AS path that complies with common policy practices.}
- Previous work suggests that this type of technique works XX\% of the
- time~\cite{Mao2004}. As AS-level path estimation techniques improve,
+ As AS-level path estimation techniques improve,
the accuracy of our analysis will also improve. More importantly,
more accurate techniques for estimating the AS-level path between two
arbitrary Internet hosts will allow the initiator of a mix-net to make
@@ -436,30 +456,56 @@
make timing attacks more feasible). We explore these questions in
further detail in Section~\ref{sec:results}.
+\section{Data}
+
+In this section, we summarize the data that we use in or analysis of
+AS-level paths in mix networks. In our analysis of mix networks, we
+perform our analysis based on the location of mix nodes today. We then
+describe the data we used to generate the AS-level network topology.
+
+\subsection{Mix Networks}
+How we estimate where Alice and Bob are located. Summary of mix nodes.
+Reference appendix~\ref{sec:mixnode_summary}.
+
+
+\subsection{Network Topology}
+Description of routing tables and mix tables.
+
\section{Results}\label{sec:results}
-[We should of course take a look at these questions abstractly,
-to get a feel for how to answer them, but I'd like to get results on
-the actual real-world networks too. I can easily make a list of current
-Tor nodes, current Mixminion nodes, current Mixmaster nodes, and we
-can compare robustness of the network to zone-based attacks. [We need
-a cool new name for "zone-based attack".] Then we can see how stable
-the properties are: can we change things a lot by adding a few nodes,
-or do we need significant membership changes? -RD]
+[We should of course take a look at these questions abstractly, to get a
+feel for how to answer them, but I'd like to get results on the actual
+real-world networks too. We need a cool new name for "zone-based
+attack".] Then we can see how stable the properties are: can we change
+things a lot by adding a few nodes, or do we need significant membership
+changes? -RD]
- A. Given:
- o Our model of node selection (for things like Tor)
- o Our AS-level path approximation:
+%% I can easily make a list of current
+%% Tor nodes, current Mixminion nodes, current Mixmaster nodes, and we
+%% can compare robustness of the network to zone-based attacks.
- => How often do the entry and exit paths (i.e., Alice->Entry
+\subsection{Fundamental AS-level Properties of Mix Nodes and Paths}
+
+
+
+\subsection{Jurisdictional Attacks on Entry and Exit Paths}
+
+ A. Given our model of node selection and our AS-level path
+ approximation:
+
+\begin{itemize}
+ \item How often do the entry and exit paths (i.e., Alice->Entry
and Exit->Bob) cross the same AS path?
- => Can you do something intelligent to prevent this from
+ \item Can you do something intelligent to prevent this from
happening? i.e., constrain node selection?
+\end{itemize}
- => Even if you do something intelligent about selecting exit
+
+\subsection{Secondary Attacks}
+ Even if you do something intelligent about selecting exit
nodes, will this choice provide the adversary information
about where Alice is coming from (i.e., what her direct
upstream ISP is?)
@@ -468,6 +514,8 @@
simply just tells the adversary where Alice is *not*, but
there are plenty of places Alice could still be...)
+
+
B. How do these results change as we change our assumptions
about the set of nodes from which you can select:
@@ -508,6 +556,13 @@
%\section*{Acknowledgements}
+
+\begin{appendix}
+\section{Summary of Mix Networks}\label{sec:mixnode_summary}
+\input{network-tables}
+\end{appendix}
+
+
\bibliographystyle{plain}
\bibliography{routing-zones}
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/