[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] edits to 6
Update of /home/freehaven/cvsroot/doc/routing-zones
In directory moria.mit.edu:/tmp/cvs-serv26862
Modified Files:
routing-zones.tex
Log Message:
edits to 6
had some conflicts, but I tried to merge manually
(I removed some stuff in places where we said that we did stuff, but
actually didn't)
Index: routing-zones.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.tex,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -d -r1.47 -r1.48
--- routing-zones.tex 29 Jan 2004 02:34:33 -0000 1.47
+++ routing-zones.tex 29 Jan 2004 02:58:45 -0000 1.48
@@ -393,12 +393,12 @@
\section{Modeling Techniques}
-Here we describe how we model mix networks and Internet routing
-to draw conclusions about an anonymity network's vulnerability to
-eavesdropping by the adversary detailed in Section~\ref{sec:threat-model}.
-First we describe our model of node selection, and then we
-present our techniques for estimating the
-AS-level path between two arbitrary hosts on the Internet.
+We now describe how we model mix networks and Internet routing to draw
+conclusions about an anonymity network's vulnerability to eavesdropping
+by the adversary detailed in Section~\ref{sec:threat-model}. First we
+describe our model of node selection, and then we present our techniques
+for estimating the AS-level path between two arbitrary hosts on the
+Internet.
\subsection{Node Selection in Mix Networks}
\label{sec:path-selection}
@@ -604,7 +604,6 @@
\section{Results}\label{sec:results}
%In this section, we present the results of our analysis.
-[Will leave this paragraph to you]
First, we
discuss the fundamental robustness properties of existing mix networks
and how these properties would change in response to an increased number
@@ -612,11 +611,19 @@
for mix network users (i.e., senders and receivers), since we are only
examining properties of the mix nodes themselves. (To the extent
possible, a user should try to minimize the ASes that can observe
-multiple links along a mix network path.) Second, we use our estimates
-for typical locations of senders and receivers to determine the
-robustness properties of current node selection algorithms in mix
-networks; again, we note how these properties change as the number and
-diversity of mix nodes increases.
+multiple edges along a mix network path.) Next, we compute the
+probability that the AS-level path from the sender to the entry node and
+the path from the exit node to the receiver traverse the same AS (i.e.,
+the probability that a single AS can observe both endpoints of a mix
+network path), given the Tor and Mixmaster topologies and reasonable
+assumptions about the locations of senders and receivers.
+
+
+%% Second, we use our estimates
+%% for typical locations of senders and receivers to determine the
+%% robustness properties of current node selection algorithms in mix
+%% networks; again, we note how these properties change as the number and
+%% diversity of mix nodes increases.
%% [We should of course take a look at these questions abstractly, to get a
%% feel for how to answer them, but I'd like to get results on the actual
@@ -630,16 +637,12 @@
\subsection{Jurisdictional Independence of Mix Nodes and Paths}
-In this section, we explore the independence of the nodes and the links
-between them. First, we analyze the ASes in which the mix nodes are
-located, for the existing Tor and Mixmaster networks. Next, we examine
-the path properties between pairs of existing mix nodes and characterize
-the extent to which the AS-level paths traverse
-common ASes. Finally, we analyze the extent to which these properties
-are dependent on the current set of nodes in each mix network;
-specifically, we examine how these robustness properties change in
-response to increased mix node diversity (i.e., more mix nodes, and more
-mix nodes in more diverse geographic locations).
+In this section, we explore and quantify the jurisdictional independence
+of the Mixmaster and Tor topologies. We examine cases where Tor
+and Mixmaster nodes are located in the same AS. We also examine the
+AS-level path properties between pairs of existing mix nodes and
+quantify the extent to which the AS-level paths between two mix nodes
+traverse common ASes.
\subsubsection{Node properties}
@@ -714,14 +717,14 @@
\begin{figure}
\begin{minipage}[ht]{5.75cm}
\mbox{\epsfig{figure=as_observe_50.eps,width=6cm}}
-\caption{Fraction of paths where a single AS can observe more than half
+\caption{Fraction of paths where a single AS can observe at least half
of the edges in the mix network path.}
\label{fig:as_observe}
\end{minipage}
\hfill
\begin{minipage}[ht]{5.75cm}
\mbox{\epsfig{figure=as_observe_75,width=6cm}}
-\caption{Fraction of paths where a single AS can observe more than 3/4
+\caption{Fraction of paths where a single AS can observe at least 3/4
of the edges in the mix network path.}
\label{fig:as_observe_75}
\end{minipage}
@@ -780,14 +783,18 @@
type of path, we ran 100,000 trials and counted the number of times the
mix network path traversed the same AS more than once.
-Figure~\ref{fig:as_observe} shows the probability that an AS will be
-able to observe more than half of the links on the mix network path,
-for mix network paths of different lengths. The figure shows results
-for both the Tor and Mixmaster networks, with two different node
+Figure~\ref{fig:as_observe} shows the probability that a single AS will
+be able to observe at least half of the edges along the mix network
+path, for mix network paths of different lengths (paths of length one
+and two have less than two edges and, thus, are never observed by the
+same AS twice). Figure~\ref{fig:as_observe_75} shows the probability
+that a single AS will be able to observe at least three-fourths of the
+edges along a path of a certain length. The figures show results for
+both the Tor and Mixmaster network topologies, with two different node
selection schemes: (1)~allowing the same mix node to be used twice along
the mix path, as long as the same mix node is not used for two
-consecutive hops (Mixmaster's node selection scheme) and (2)~allowing
-each mix node to be used only once (Tor's scheme).
+consecutive hops (as in {\em remailer networks}) and (2)~allowing each
+mix node to be used only once (as in {\em onion routing}).
Figure~\ref{fig:as_observe} shows two interesting results. First, for
all mix paths longer than four hops, a single AS can observe at least half
of the links on the mix network path. Second, Tor's node selection
@@ -819,11 +826,11 @@
\end{center}
\end{scriptsize}
\caption{Jurisdictional independence for typical sending and receiving
- ASes through the {\bf Tor} network topology. Each table entry
- shows, for a sending and receiving AS pair, the probability that a single
- AS will observe both the path from the sender to the entry node and
- the path from the exit node to the receiver. Names for each AS are
- listed in Appendix~\ref{sec:send_recv}.}
+ ASes for the {\bf Tor} network topology. Each entry shows, for a
+ sender/receiver pair, the probability that a single AS will
+ observe both the path from the sender to the entry node and the path
+ from the exit node to the receiver. Names for each AS are listed in
+ Appendix~\ref{sec:send_recv}.}
\label{tab:as_obs_ee_tor}
\end{table}
@@ -994,8 +1001,8 @@
networks and found the likelihood of crossing the same AS more
than once along a mix network path to be a near certainty. Similarly,
it is almost always the case
- that a single AS will be able to observe more than
- 75\% of the links along a mix path with more than 3 hops.
+ that a single AS will be able to observe at least
+ 75\% of the links along a mix path with more than four hops.
\item We have analyzed common entry and exit paths to existing mix
network topologies and shown that, in general, given random entry and
@@ -1029,6 +1036,7 @@
\bibliographystyle{plain}
\bibliography{routing-zones}
+\pagebreak
\begin{appendix}
\section{Summary of Endpoints}\label{sec:send_recv}
\input{endpoint-tables}
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/