On Mon, Nov 15, 1999 at 07:20:13AM -0000, lcs Mixmaster Remailer wrote:
| > Over the years, using Wei Dai's term Pipenet (or Pipe-net, as it was spelled
| > originally) has firmly been established as denotating an anonymous IP
| > network that uses constant or otherwise data independent "pipes" between the
| > nodes of the network. Since Freedom uses link padding, I would consider
| > Freedom a Pipenet.
| >
| > It has been the recognition that data-independent traffic flows are a
| > necessary design component of a secure anonymous IP network, especially
| > between the end-user and the first network node, that sets Pipenet designs
| > apart from naive implementations such as the first generation Onion Routers
| > and Crowds.
|
| Does Freedom do this? The white paper at
| http://www.zeroknowledge.com/products/Freedom_Architecture.html describes
| padding between AIP (Anonymous Internet Proxy) nodes:
The traffic shaping code has issues, in V1 it will be turned off.
Incidentally, the whitepaper you're looking at is close to retirement,
a newer, more accurate one will be out shortly. In addition, we'll be
releasing our security analysis, which includes all of this, at about
the same time.
Adam
| : Reading the list of neighbors, the AIP sends "PADDING" packets through
| : UDP to the neighbors. These packets have the same size as payload packets
| : to provide "for free" cover traffic. The use of PADDING packets and cover
| : traffic introduces the notion of a Heartbeat amongst the AIPs. A heartbeat
| : is defined as the time delay at which a packet must leave the machine for
| : a specific neighbor, hiding any information of the AIP server's status
| : (idle or busy). The heartbeat concept prevents traffic analysis to a
| : significant degree. Since packets are sent out on a regular basis, and
| : knowing the rate at which these heartbeat packets arrive at a machine,
| : an AIP can determine if a neighbor is unreachable since it will fail to
| : send an ALIVE packet after a certain amount of time. PADDING packets
| : further prevent traffic analysis by maintaining a constant data flow
| : between the AIPs. In addition, all data is link encrypted between two
| : adjacent routers with a shared session key.
|
| However the diagram does not show the end user's "client" node as an
| AIP node. The document further identifies the AIP as a subsystem of a
| Freedom Server node. These are the "mix" nodes and are a separate set
| than the client nodes.
|
| This documentation would apparently be consistent with the use of link
| padding between the nodes of the network but not between the user's
| machine and the node where it enters the network. As Lucky points
| out, padding from the end-user to the first network node is important.
| We need a clear description of the Freedom architecture which answers
| this question.
--
Resistance is futile! http://jobs.zeroknowledge.com
