Ryan Lackey
Fri, 29 Aug 2003 18:54:04 +0000
Quoting John S. Denker <[EMAIL PROTECTED]>: > More specifically, anybody who thinks the scheme > I described is vulnerable to a timing attack isn't > paying attention. I addressed this point several > times in my original note. All transmissions > adhere to a schedule -- independent of the amount, > timing, meaning, and other characteristics of the > payload. > And this does not require wide-area synchronization. > If incoming packets are delayed or lost, outgoing > packets may have to include nulls (i.e. cover traffic). Scheduled communications are secure against passive observers, but not an attacker who can implement the "clogging attack" mentioned in Adam's paper. Selectively DoSing various end-users to see if the network traffic continues, either at the endpoints or by doing a binary search of routing nodes, would definitely be possible for a national government or slightly competent script kiddie. Persistent interactive communications with low-latency require some form of cascade (either synchronization or DC-style) such that attacking nodes attacks the system. I think the ultimate solution is to rearchitect systems to not require interactive anonymous communications, and implement less interactive long term distribution, which can be effectively synchronized. Software agents acting largely autonomously on infrequent orders, ideally executing in some kind of tamper-resistant environment, is the best chance for high security in a deployable system. There really is no fundamental need for high bandwidth interactive communications with low latency in most interesting applications, it's just how traditional client-server and p2p software has been designed so far. -- Ryan Lackey [RL960-RIPE AS24812] [EMAIL PROTECTED] +1 202 258 9251 OpenPGP DH 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]