On Friday, December 20, 2002, at 12:34 PM, Michael Cardenas wrote:
Remailers and Web proxies work in ways that skirt this "transparency" of MACs and routing that you are referring to. These are the types of technologies we are discussing. The fact that Disney or Lockheed may be using Carnivore- and Echelon-vulnerable technologies does not challenge the points about how better technologies will "turn everything upside down."Anonymous wrote:Like I said before, P2P, Crypto, WiFi and cheap chips will turn everything upside down.I'm curious as to what makes you, or anyone on this list, think that these technologies by themselves will cause any sort of political upheaval. Lawrence Lessig has talked about how technologies, as long as they're created and controlled by people and corporations operating within the laws and boundaries of some country, can be regulated to express the will of governments. Your MAC address is already sent out in every packet that your machine generates, so with that, a "snoop" could tell a whole hell of a lot about what you're doing. What's to say that these technologies are not going to be shaped to meet the needs and wants of the transnational corporations that run our government?
You need to take a look at how anonymous remailers work. Nothing in the incoming packet is sent on to the next node except the encrypted (multiply) payload. For a nested message sent to the chain "Alice --> Hans --> Vito --> Fred --> Chen --> Bob --> Zak" to be tracked through the remailer chain, a TLA who has access to the packet entering the Alice node must convinced/force Alice to reveal her mappings between inputs and outputs, then convince the next link to do the same, and so on.
There are three obvious reasons why this is likely to be very, very difficult to do:
0. As the zeroth item, recall (because this is important), that the canonical Cypherpunks remailer uses a nested chain of encrypted messages. The message from Alice to Zak is first encrypted to Zak's public key. Then this message is encrypted to Bob's public key. And so on. Symbolically,
Alice (Hans (Vito (Fred (Chen (Bob (Zak))))))
What is in each pair of these LISP-style parentheses is a payload. In the Zak payload, a classical ASCII message, for example. "Attack at dawn." No MACs, no remnants of the path through the nodes. Just the payload. And inside the Bob payload is the encrypted form of the Zak payload plus the routing instructions, e.g., "::Request-remailing-to: Zak"
So, talk of MACs and other routing labels is missing the whole point of remailers, that the "serial numbers" get filed off at each stage.
No one anywhere along the chain knows anything more than which node he received a particular message from and which node it is to be sent to. Granted, if all or even most nodes get together to compare mappings they can of course trace a message through the labyrinth. This is the collusion problem, discussed in many papers and often here. The Dining Cryptographer's approach also has a collusion problem, which Chaum, Pfitzmann, etc. deal with in various ways. There is no indication this has ever been a problem, as most remailer operators will not disclose even their logs, let alone routinely compare logs with other remailers. Reputations are important in this problem.
On to the difficulties:
1. At least some of the nodes may keep no logs whatsoever of mappings between inputs and outputs. For example, Hans runs a Mixmaster node in Mannheim. Logs are sent to dev/null. So when the BND, liaising with the FBI, demands logs from a communication some days earlier, he has nothing to give them. Repeat this up to M times.
2. Alice may choose to use her own node as a stage in the chain. If the investigators ever track a message back to her, a dead man switch wipes the records. (Technical issues on how to do this are a minor exercise.) The important being that having oneself in the loop has many advantages, and no obvious disadvantages.
3. If only one of the links refuses to cooperate, or has no records, or has a nonfunctional machine/disk, the chain is broken. (Insert usual discussion of thermite here.)
The message payloads (what is in each pair of parentheses above) carry no information about the routing.
Even sniffing the entire network only shows that N messages entered Hans' node during some period and that M messages left during some period. The mapping from the set of N to the set of M may not be one-to-one. Dummy messages might have been added (cover traffic). Delays may be programmed in. The sender may have requested a fixed delay, and so on.
A sniffing agency will have a hard time determining the routing of the message from Alice to Bob, or of course even that the message sent to Zak actually had Zak as the intended recipient.
(A good thing for Zak to do is to be a remailer operator himself, and then take any message he received addressed to him and "send it on" (or another dummy, doesn't matter) to others. That they cannot read the innermost packet is irrelevant...or the innermost packet could be an innocuous ASCII message. The point is that a sniffer has no way to know that Zak was the "final" recipient.)
These sorts of things have been covered in many of the past messages on this list and in tutorials and reviews. I recommend my own article in Vernor Vinge's "True Names and the Opening of the Cyberspace Frontier." Still being sold at Borders and other bookstores, so you can read my article there for free.
--Tim May
