[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] a few initial fixes
Update of /home/freehaven/cvsroot/doc/e2e-traffic
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/e2e-traffic
Modified Files:
e2e-traffic.tex
Log Message:
a few initial fixes
Index: e2e-traffic.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/e2e-traffic/e2e-traffic.tex,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- e2e-traffic.tex 30 Jul 2003 18:46:58 -0000 1.1
+++ e2e-traffic.tex 31 Jul 2003 00:53:21 -0000 1.2
@@ -50,23 +50,26 @@
One such class of attacks are the {\it long-term intersection attacks}
wherein an eavesdropper observes a large volume of network traffic,
-and notices that, over time, that certain recipients are likelier to
+and notices over time that certain recipients are more likely to
receive messages when given senders are transmitting messages.
Categorical defenses against this attack tend to require either an
impractically large amount of cover traffic, or a set of senders with
near-perfect uptimes.
+% i would argue they require both? if you do great cover traffic but
+% aren't online much, you lose; and if you're online but not sending
+% much, you also lose.
An example of a long-term intersection attack is proposed by Agrawal,
-Kesdogan, and Penz\cite{limits-open}. Their {\it disclosure attack}
+Kesdogan, and Penz \cite{limits-open}. Their {\it disclosure attack}
assumes a fairly strict model of sender behavior, and works against
-only a single batch mix (one that waits until it receives $b$
+only a single batch mix (a batch mix waits until it receives $b$
messages, then reorders and retransmits them all). Additionally, the
disclosure attack requires an attacker to mount a computationally
difficult and algorithmically complex attack in order to reveal the
connections between senders and recipients.
Danezis presents an algorithmically simpler {\it statistical
- disclosure attack}\cite{statistical-disclosure} that requires far
+disclosure attack} \cite{statistical-disclosure} that requires far
less computational effort on the behalf of the attacker. This attack
is far easier to describe and implement, but it assumes the same
restrictive sender and network models as the original disclosure
@@ -80,12 +83,12 @@
\begin{itemize}
\item The target sender chooses non-uniformly among their
communication partners, send multiple messages at once, and has
- some some non-repeated recipients.
+ some non-repeated recipients.
\item The attacker lacks {\it a priori} knowledge of the network's
average behavior in the sender's absence.
\item Mixes in the system use a better batching algorithm, such as
- the timed dynamic-pool algorithm\cite{trickle02} used by
- Mixmaster\cite{mixmaster-spec}, or the generalized mix algorithm
+ the timed dynamic-pool algorithm \cite{trickle02} used by
+ Mixmaster \cite{mixmaster-spec}, or the generalized mix algorithm
proposed by \cite{pet2003-diaz}.
\item The sender uses a path through a mix network, instead of just a
single mix.
@@ -93,7 +96,7 @@
recipient.
\item The attacker can only view a subset of the messages entering and
leaving the network, but this subset includes some messages from
- the sender, and some messages to the sender's recipients.
+ the sender and some messages to the sender's recipients.
\item The behavior of the cover traffic generated by other senders
changes continuously over time. (We do not address this case
completely).
@@ -108,7 +111,7 @@
\begin{itemize}
\item Statistical linkability between messages. For example, a pair
of messages written in the same language is likelier to have been
- written by a single sender than is a pair of messages written in two
+ written by a single sender than is a pair of messages written in
different languages.
\item Full linkability between messages. For example, if messages
are pseudonymous, all messages from the same pseudonym are almost
@@ -124,7 +127,7 @@
\item The sender's behavior is not consistent over time. If the
sender does not maintain a group of regular recipients for the
required duration, the attacker cannot learn the sender's behavior.
-\item The attacker cannot observer the network's cover behavior. If
+\item The attacker cannot observe the network's cover behavior. If
the sender always sends the same number of messages, the attacker
may not be able to get a view of the network's exit behavior in the
sender's absence. % Awkwardly phrased!
@@ -496,7 +499,7 @@
\XXXX{Can we do anything with non-parametric linkages? IOW, can we
proceed given an
- arbitrary collection of $P($sender-of-msg$_i$=sender-of-msg$_j$)?}
+ arbitrary collection of $P($sender-of-msg$_i$=sender-of-msg$_j)$?}
\XXXX{This section is really about distinguishability, perhaps.}
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/