I agree with anonymous summary of the state of the art wrt
cryptographic anonymity of interactive communications.

Ulf Moeller, Anton Stiglic, and I give some more details on the
attacks anonymous describes in this IH 2001 [1] paper:


which explores this in the context of ZKS Freedom Network, and Pipenet
presenting attacks on the Freedom Network, Onion Network, Crowds and
Pipenet which affect privacy and availability.


"Traffic Analysis Attacks and Trade-Offs in Anonymity Providing
Systems", IH 2001, Adam Back, Ulf Moeller, and Anton Stiglic.

On Wed, Aug 27, 2003 at 09:17:05PM -0500, Anonymous wrote:
> This is not true, and in fact this result is one of the most important
> to have been obtained in the anonymity community in the past decade.  The
> impossibility of practical, strong, real-time anonymous communication has
> undoubtedly played a role in the lack of deployment of such systems.
> The attack consists of letting the attacker subvert (or become!) one of
> the communication endpoints.  This can be as simple as running a "sting"
> web site offering illegal material.
> Then the attacker arranges to insert delays into the message channels
> leading from subscribers into the crowd.  He looks for correlations
> between those delays and observed delays in the message traffic to his
> subverted endpoint.  This will allow him to determine which subscriber
> is communicating with that endpoint, regardless of how the crowd behaves.
> It will often be possible to also trace the communication channel back
> through the crowd, by inserting delays onto chosen links and observing
> which ones correlate with delays in the data observed at the endpoint.
> This way it is not necessary to monitor all subscribers to the crowd,
> but rather individual traffic flows can be traced.
> Wei Dai's PipeNet proposal aims to defeat this attack, but at the
> cost of running the entire crowd+subscriber network synchronously.
> The synchronous operation defeats traffic-delay attacks, but the problem
> is that any subscriber can shut the entire network down by simply delaying
> his packets.
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to