[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] compress abstract, cut some fluff
Update of /home/freehaven/cvsroot/doc/routing-zones
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/routing-zones
Modified Files:
routing-zones.tex
Log Message:
compress abstract, cut some fluff
Index: routing-zones.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/routing-zones/routing-zones.tex,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -d -r1.52 -r1.53
--- routing-zones.tex 29 Jan 2004 04:45:56 -0000 1.52
+++ routing-zones.tex 29 Jan 2004 04:51:52 -0000 1.53
@@ -28,28 +28,19 @@
\begin{abstract}
Anonymity networks have long relied on the diversity of nodes in the
-infrastructure for protection against attacks---typically an adversary
-who can control or observe a larger fraction of the network can launch a
-more effective attack. We investigate the diversity of deployed anonymity
-networks with respect to an adversary who controls a single Internet
-administrative domain.
+infrastructure for protection against attacks---typically an adversary who
+can observe a larger fraction of the network can launch a more effective
+attack. We investigate the diversity of two deployed anonymity networks,
+Mixmaster and Tor, with respect to an adversary who controls a single
+Internet administrative domain.
Specifically, we implement a variant of a recently proposed technique
-that passively estimates the AS-level path between two arbitrary
-end-hosts without having access to either end of the path. Using this
-technique, we analyze the AS-level paths that are likely to be used
-in two deployed anonymity networks: Mixmaster and Tor. We find several
-cases in each network where multiple nodes are in the same administrative
-domain. Further, many paths between nodes, and between nodes and popular
-endpoints, traverse the same domains.
-
-We define a \emph{jurisdictional independence} metric to characterize
-the vulnerability of an anonymity network to this adversary,
-% assess
-%the stability of the two networks (how much vulnerability
-%changes by adding or removing a few nodes),
-and suggest ways to improve
-the diversity of anonymity networks in general.
+that passively estimates the AS-level path between two arbitrary end-hosts
+without having access to either end of the path. Using this technique, we
+analyze the AS-level paths that are likely to be used in these anonymity
+networks. We find several cases in each network where multiple nodes are
+in the same administrative domain. Further, many paths between nodes,
+and between nodes and popular endpoints, traverse the same domains.
\end{abstract}
@@ -141,12 +132,12 @@
\section{Background}
-We first describe the different types of mix networks and present a brief
-explanation of the types of attacks that each type of mix network must
-protect against. Because we argue that designers of mix networks
-should, in certain cases, pay attention to the IP-level path traversed
-by a path through a mix network, we also provide some background on
-Internet routing.
+%We first describe the different types of mix networks and present a brief
+%explanation of the types of attacks that each type of mix network must
+%protect against. Because we argue that designers of mix networks
+%should, in certain cases, pay attention to the IP-level path traversed
+%by a path through a mix network, we also provide some background on
+%Internet routing.
\subsection{Anonymity networks}
\label{subsec:background-anonymity}
@@ -184,7 +175,7 @@
systems \cite{disad-free-routes,statistical-disclosure,e2e-traffic}.
Mixmaster and Tor are deployed networks with dozens of nodes around the
-world (Appendix~\ref{sec:mixnode_summary} has tables with the lists of
+world (Appendix~\ref{sec:mixnode_summary} lists the
nodes in each network). We will describe their threat models in
Section~\ref{sec:threat-model} and their path selection algorithms in
Section~\ref{sec:path-selection}.
@@ -392,12 +383,12 @@
\section{Modeling Techniques}
-We now describe how we model mix networks and Internet routing to draw
-conclusions about an anonymity network's vulnerability to eavesdropping
-by the adversary detailed in Section~\ref{sec:threat-model}. First we
-describe our model of node selection, and then we present our techniques
-for estimating the AS-level path between two arbitrary hosts on the
-Internet.
+%We now describe how we model mix networks and Internet routing to draw
+%conclusions about an anonymity network's vulnerability to eavesdropping
+%by the adversary detailed in Section~\ref{sec:threat-model}. First we
+%describe our model of node selection, and then we present our techniques
+%for estimating the AS-level path between two arbitrary hosts on the
+%Internet.
\subsection{Node Selection in Mix Networks}
\label{sec:path-selection}
@@ -542,13 +533,13 @@
\section{Data}
-Here we summarize the data that we use in our analysis of
-AS-level paths in mix networks. % In our analysis of mix networks, we
-Our analysis of mix networks is based
-%We base our analysis
-on the location of mix
-nodes in deployed systems today. We then
-describe the data we used to generate the AS-level network topology.
+%Here we summarize the data that we use in our analysis of
+%AS-level paths in mix networks. % In our analysis of mix networks, we
+%Our analysis of mix networks is based
+%%We base our analysis
+%on the location of mix
+%nodes in deployed systems today. We then
+%describe the data we used to generate the AS-level network topology.
\subsection{Mix Networks, Senders, and Receivers}
@@ -910,8 +901,8 @@
do not traverse the same AS on entry and exit (e.g., between Speakeasy
and Google, only 8\% of Tor entry/exit node pairs result in entry and
exit paths that cross the same AS on both entry and exit). However,
-because many Internet paths cross tier-1 ISPs, a careless sender is
-likely to be eavesdropped by a single AS at both entry and exit.
+because many Internet paths cross tier-1 ISPs, a careless sender may
+well be eavesdropped by a single AS at both entry and exit.
Interestingly, these tables also show that jurisdictional independence
is high when either the sender, the receiver, or both are located in a
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/