[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] cleanups on section 4
Update of /home/freehaven/cvsroot/doc/alpha-mixing
In directory moria:/home/arma/work/freehaven/doc/alpha-mixing
Modified Files:
alpha-mixing.bib alpha-mixing.tex
Log Message:
cleanups on section 4
Index: alpha-mixing.bib
===================================================================
RCS file: /home/freehaven/cvsroot/doc/alpha-mixing/alpha-mixing.bib,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- alpha-mixing.bib 10 Mar 2006 23:59:23 -0000 1.6
+++ alpha-mixing.bib 11 Mar 2006 02:34:19 -0000 1.7
@@ -1,3 +1,13 @@
+@inproceedings{e2e-traffic,
+ title = {Practical Traffic Analysis: Extending and Resisting Statistical Disclosure},
+ author = {Nick Mathewson and Roger Dingledine},
+ booktitle = {Proceedings of Privacy Enhancing Technologies workshop (PET 2004)},
+ volume = {3424},
+ year = {2004},
+ month = {May},
+ series = {LNCS},
+}
+
%Non-Uniform Random Variate Generation
%(originally published with Springer-Verlag, New York, 1986)
%Luc Devroye
Index: alpha-mixing.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/alpha-mixing/alpha-mixing.tex,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- alpha-mixing.tex 11 Mar 2006 02:09:33 -0000 1.25
+++ alpha-mixing.tex 11 Mar 2006 02:34:19 -0000 1.26
@@ -361,7 +361,8 @@
Also, if a given user is the only sender with extremely
high alpha values, then intersection attacks over time (watching the
high-value messages and what senders were active before each) will
-reveal her. But we will ignore these black-box network attacks since
+reveal her~\cite{statistical-disclosure,e2e-traffic}.
+But we will ignore these black-box network attacks since
they are not the focus of this paper.
Below we will see that some strategies for choosing the alpha values are
@@ -468,25 +469,27 @@
\section{Dummies}
\label{sec:dummies}
-Our focus so far has been on steady-state networks with passive
-adversaries. However, we want to provide uncertainty even in edge
-cases~\cite{trickle02,pet2003-diaz}. An active attacker
+Our focus so far has been on steady-state networks with
+passive adversaries. However, we want to provide uncertainty
+even in edge cases where there is a momentarily lull in
+traffic~\cite{pet2003-diaz,trickle02}. An active attacker
can arrange an edge case via blending attacks, but a passive attacker
can also simply wait for an edge case to occur. For timed mixes there
-will be occasions when only single messages enter and leave the mix in
-a single round. Alpha mixes have a clear advantage here since there is
+will be occasions when only a single message enters and leaves the mix in
+a given round. Alpha mixes have a clear advantage here since there is
no guarantee that the message that exited the mix is the same message
that entered. The attack is never exact (guaranteed to recognize a
target message as it exits the mix) unless the adversary can bound the
range of $\alpha_0$ with certainty for all messages he observes.
-A very lightweight dummy policy can guarantee that no exact attack is
-possible against an alpha mix, even for active attackers. Simply
+We provide a very lightweight dummy policy that guarantees that no exact
+attack is
+possible against an alpha mix, even for active attackers: simply
initialize the mix with a single dummy message set at an arbitrary
alpha. Before firing, always check the mix for the presence of a dummy
somewhere in the alpha-stack. If none is present, add one.
-What do we mean by ``arbitrary alpha''? Obviously it must occur within
+But what do we mean by ``arbitrary alpha''? Obviously it must occur within
some finite range. It could be uniformly chosen between $0$ and the
maximum expected $\alpha_0$. If a message is ever received with a
higher $\alpha_0$, then the maximum should be raised to this level.
@@ -508,6 +511,9 @@
level $\alpha$ with probability $1/2^{\alpha+1}$. Dummy policy can
then be periodically shifted to reflect the distribution of alphas for
actual traffic through the mix.
+More research remains here to make this dummy approach resistant to an
+adversary who sends lots of messages with non-standard alphas into a
+particular mix to influence its view of a typical value for alpha.
If active attacks are suspected, the amount of dummy traffic added to
the alpha stack can be increased according to the expected duration of
@@ -516,7 +522,8 @@
maintain for messages so attacked.
The easiest way to disguise dummies from others in the network is to
-route them in a circuit leading back to the mix that generates them.
+route them in a circuit leading back to the mix that generates
+them~\cite{danezis:wpes2003}.
The length of the path should be randomly chosen as suggested
in~\cite{trickle02}. Obviously the alphas chosen for the dummy
message at other mixes in the path should be distributed to minimize
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxx with
unsubscribe freehaven-cvs in the body. http://freehaven.net/