[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freehaven-cvs] more patches from conversation with adam
Update of /home/freehaven/cvsroot/doc/batching-taxonomy
In directory moria.seul.org:/home/arma/work/freehaven/doc/batching-taxonomy
Modified Files:
taxonomy.bib taxonomy.tex
Log Message:
more patches from conversation with adam
Index: taxonomy.bib
===================================================================
RCS file: /home/freehaven/cvsroot/doc/batching-taxonomy/taxonomy.bib,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- taxonomy.bib 31 Aug 2002 10:23:24 -0000 1.6
+++ taxonomy.bib 6 Sep 2002 22:20:43 -0000 1.7
@@ -1,5 +1,22 @@
% Note that this file requires a \usepackage{url} which seems to be
% one of the standard latex packages
+@Misc{mixmaster-spec,
+ author = {Ulf M\"oller and Lance Cottrell},
+ title = {{Mixmaster Protocol --- Version 2}},
+ howpublished = {Unfinished draft},
+ month = {January},
+ year = 2000,
+ note = {\url{http://www.eskimo.com/~rowdenw/crypt/Mix/
+ draft-moeller-mixmaster2-protocol-00.txt}},
+}
+
+@Misc{mixminion,
+ author = {George Danezis and Roger Dingledine and David Hopwood and Nick Mathewson},
+ title = {{Mixminion: Design of a Type III Anonymous Remailer Protocol}},
+ howpublished = {Manuscript},
+ year = 2002,
+}
+
@InProceedings{flash-mix,
author = {Markus Jakobsson},
title = {{Flash Mixing}},
Index: taxonomy.tex
===================================================================
RCS file: /home/freehaven/cvsroot/doc/batching-taxonomy/taxonomy.tex,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -d -r1.25 -r1.26
--- taxonomy.tex 6 Sep 2002 20:56:50 -0000 1.25
+++ taxonomy.tex 6 Sep 2002 22:20:43 -0000 1.26
@@ -71,7 +71,7 @@
anonymity tradeoffs between them.
In fact, some of the mixes used in well-known fielded systems such as
-Mixmaster \cite{Cott94} are mentioned only briefly or not at all in
+Mixmaster \cite{Cott94,mixmaster-spec} are mentioned only briefly or not at all in
the literature. We aim to start closing this gap by enumerating and
exploring a variety of mix architectures. In particular, we consider
the extent to which the mixes are vulnerable to active attacks such as
@@ -81,10 +81,9 @@
a mix can manipulate the batch of messages entering that mix so the
only message unknown to him in the batch is the target message
\cite{Cott94,babel}. This manipulation may involve delaying or
-dropping most or all other incoming messages (a \emph{trickle} attack),
-flooding the batch with attacker messages (a \emph{flooding}
-attack), or some combination of the two which we call the
-\emph{blending} attack.
+dropping most or all other incoming messages (a \emph{trickle} attack), or
+flooding the batch with attacker messages (a \emph{flooding} attack). We
+call these attacks or combinations of them \emph{blending} attacks.
%Chaff and winnow to be inserted here or elsewhere in the text?
@@ -103,8 +102,6 @@
applicable method to prevent this attack''. In this paper we discuss
ways of reducing this vulnerability.
-%New intro. Opinions?
-
Here we consider a global \emph{active} adversary who is not only able
to see the traffic on all the links, but also to delay (remove) and
insert arbitrarily many messages into the system in a short (constant)
@@ -123,9 +120,6 @@
inserting attacker) and one who can only delay messages (global
delaying attacker).
-%\framebox{\parbox{11cm}{Paul says:\\
-% Note the footnote.}}
-
It is well known that the ability to insert or delay messages may
allow the attacker to determine, for instance, the recipient of a
particular message originating from a sender. We illustrate this in
@@ -187,8 +181,6 @@
to the inverse of the cube of the number of messages expended in the
attack. This mix can be seen as ``more vulnerable'' than Mix 2 which is
always compromised by $10^6$ attacker messages.
-%(but otherwise has the anonymity proportional to the inverse of the
-% number of attacker messages).
Note that Mix 1 is vulnerable only to non-exact blending attacks,
while the Mix 2 is vulnerable to exact certain attacks.
@@ -230,7 +222,15 @@
finite number of messages. Further, they have finite bandwidth, so can
only receive a certain number of messages in a given amount of time.
-\item Mixes prevent message replays.
+\item Mixes prevent message replays.\footnote{Actually, flooding to
+overflow replay caches is a closely related problem --- for example,
+Mixmaster \cite{mixmaster-spec} expires entries in the replay cache
+when there are too many, providing a window of attack for a flooding
+adversary. But since \cite{mixminion} shows the feasibility of a
+free-route network that protects against replays until a periodic key
+rotation event (after which the history can be forgotten), we think our
+assumption is reasonable; we will ignore replays and related issues for
+the rest of this paper.}
% \framebox{\parbox{11cm}{Paul says:\\
% This seemed implicit in the paper, and I think was explicit in
@@ -307,7 +307,7 @@
$t$, period.
\paragraph*{Flushing Algorithm:}
-The mix fires every $t$ seconds.
+The mix fires (flushes all messages) every $t$ seconds.
\paragraph*{Message Delay:}
The minimum delay is $\epsilon$, which occurs if the message arrives
@@ -368,8 +368,8 @@
$n$, threshold; $t$, period.
\paragraph*{Flushing Algorithm:}
-The mix fires every $t$ seconds or when $n$ messages accumulate in
-the mix.
+The mix fires (flushes all messages) every $t$ seconds or when $n$
+messages accumulate in the mix.
\paragraph*{Message Delay:}
The maximum message delay is $t - \epsilon$, the minimum is $\epsilon$.
@@ -396,8 +396,8 @@
$n$, threshold; $t$, period.
\paragraph*{Flushing Algorithm:}
-A mix fires every $t$ seconds but only when at least $n$ messages have
-accumulated in the mix.
+A mix fires (flushes all messages) every $t$ seconds but only when at
+least $n$ messages have accumulated in the mix.
\paragraph*{Message Delay:}
The minimum delay is $\epsilon$, and there is no maximum delay.
@@ -458,7 +458,7 @@
\paragraph*{Flushing Algorithm:}
The mix fires when $n+f$ messages accumulate in the mix. A pool of $f$
-messages (chosen uniformly at random from all the messages) is
+messages, chosen uniformly at random from all the messages, is
retained in the mix. (Consider these messages as feedback into the
mix.) The other $n$ are forwarded on. Note
that the threshold is the threshold of messages that must be received
***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs in the body. http://freehaven.net/