Quoting John S. Denker <[EMAIL PROTECTED]>:

> More specifically, anybody who thinks the scheme
> I described is vulnerable to a timing attack isn't
> paying attention.  I addressed this point several
> times in my original note.  All transmissions
> adhere to a schedule -- independent of the amount,
> timing, meaning, and other characteristics of the
> payload.

> And this does not require wide-area synchronization.
> If incoming packets are delayed or lost, outgoing
> packets may have to include nulls (i.e. cover traffic).

Scheduled communications are secure against passive observers, but not
an attacker who can implement the "clogging attack" mentioned in
Adam's paper.

Selectively DoSing various end-users to see if the network traffic
continues, either at the endpoints or by doing a binary search of
routing nodes, would definitely be possible for a national government
or slightly competent script kiddie.

Persistent interactive communications with low-latency require some
form of cascade (either synchronization or DC-style) such that
attacking nodes attacks the system.

I think the ultimate solution is to rearchitect systems to not require
interactive anonymous communications, and implement less interactive
long term distribution, which can be effectively synchronized.
Software agents acting largely autonomously on infrequent orders,
ideally executing in some kind of tamper-resistant environment, is the
best chance for high security in a deployable system.

There really is no fundamental need for high bandwidth interactive
communications with low latency in most interesting applications, it's 
just how traditional client-server and p2p software has been designed
so far.

Ryan Lackey [RL960-RIPE AS24812]   [EMAIL PROTECTED]   +1 202 258 9251
OpenPGP DH 4096: B8B8 3D95 F940 9760 C64B   DE90 07AD BE07 D2E0 301F

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to