Lucky Green <[EMAIL PROTECTED]> writes:
> Over the years, using Wei Dai's term Pipenet (or Pipe-net, as it was spelled
> originally) has firmly been established as denotating an anonymous IP
> network that uses constant or otherwise data independent "pipes" between the
> nodes of the network. Since Freedom uses link padding, I would consider
> Freedom a Pipenet.
>
> It has been the recognition that data-independent traffic flows are a
> necessary design component of a secure anonymous IP network, especially
> between the end-user and the first network node, that sets Pipenet designs
> apart from naive implementations such as the first generation Onion Routers
> and Crowds.
Does Freedom do this? The white paper at
http://www.zeroknowledge.com/products/Freedom_Architecture.html describes
padding between AIP (Anonymous Internet Proxy) nodes:
: Reading the list of neighbors, the AIP sends "PADDING" packets through
: UDP to the neighbors. These packets have the same size as payload packets
: to provide "for free" cover traffic. The use of PADDING packets and cover
: traffic introduces the notion of a Heartbeat amongst the AIPs. A heartbeat
: is defined as the time delay at which a packet must leave the machine for
: a specific neighbor, hiding any information of the AIP server's status
: (idle or busy). The heartbeat concept prevents traffic analysis to a
: significant degree. Since packets are sent out on a regular basis, and
: knowing the rate at which these heartbeat packets arrive at a machine,
: an AIP can determine if a neighbor is unreachable since it will fail to
: send an ALIVE packet after a certain amount of time. PADDING packets
: further prevent traffic analysis by maintaining a constant data flow
: between the AIPs. In addition, all data is link encrypted between two
: adjacent routers with a shared session key.
However the diagram does not show the end user's "client" node as an
AIP node. The document further identifies the AIP as a subsystem of a
Freedom Server node. These are the "mix" nodes and are a separate set
than the client nodes.
This documentation would apparently be consistent with the use of link
padding between the nodes of the network but not between the user's
machine and the node where it enters the network. As Lucky points
out, padding from the end-user to the first network node is important.
We need a clear description of the Freedom architecture which answers
this question.
