Sounds like we need new terms for a high latency network that is a low latency network or a low latency network that is a high latency network?
Perhaps store-and-forward versus stateful? -lee On Tuesday, September 24, 2013, David Vorick wrote: > Tor is a low latency network in the sense that packets are forwarded as > soon as they are received. Outwardly, it may not appear as a low latency > network because ping times can exceed 30 seconds, however from a security > point of view Tor is a low latency network. > > A high latency network is one that holds onto traffic until it has a huge > batch to send out. With enough traffic, you could theoretically implement a > high latency network that is faster than Tor, but a high latency network > could also theoretical take days to respond to a request. > > With Tor, if you are observing every node in the network you can guess at > people's identities by correlating traffic. If one node sends exactly X > bytes to a node that sends the same number of bytes to the next node, you > can assume that the two nodes are connected in a circuit. > > In a high latency network, you would wait to send data to the next node > until you have many different requests to send to the next node. This makes > traffic correlation a lot harder because you can't distinguish a particular > request of X bytes from the other requests that are being sent over the > network. > > > On Tue, Sep 24, 2013 at 9:05 PM, Lee Azzarello > <[email protected]>wrote: > > Woah woah woah. When did the message go out about changing Tor to a "low > latency" network? High latency is the number one criticism of Tor from > users. > > In addition UDP traffic won't even pass through Tor. This results > in low-latency real time applications like VoIP impossible over that network > . > > Perhaps the author is not aware of these properties of Internet protocols? > > -lee > > On Tuesday, September 24, 2013, Eugen Leitl wrote: > > > https://github.com/ShaneWilton/dissentr > > Note: This project was created as part of a 36-hour hackathon - and > primarily as a proof of concept. While the ideas may be sound, and the > prototype may work as designed, the protocols involved in this specific > project have not been peer-reviewed, and so I cannot recommend that the > network be used for anything requiring serious privacy. > > Dissentr > A High-Latency Overlay Mix Network > > Essentially, Dissentr is a security-minded network, inspired by Tor, with > a few important characteristics which serve to differentiate it. > > High-Latency > > Tor is a low-latency network. This makes it ideal for real time activities > like web browsing, but as a result, opens it up to attacks involving > large-scale traffic analysis methods known as end-to-end correlation. In > these attacks, an adversary with the ability to analyze massive amounts of > traffic in a short period of time is able to match up traffic entering the > network with the corresponding traffic which will inevitably soon exit it. > > Dissentr manages to protect against these sorts of attacks by being > engineered as a high-latency network. Assuming any given node has not been > compromised, that node will intentionally hold off on forwarding its > traffic to the next node in the network until it is able to forward a large > amount of data in bulk, rendering the aforementioned end-to-end correlation > far less feasible. For an excellent discussion on this attack, and possible > countermeasures, see Practical Traffic Analysis: Extending and Resisting > Statistical Disclosure. > > Cascades > > Much like any mix network, Dissentr models its network as a graph of > nodes, each responsible for handling the relay of traffic as it moves along > some path through the network. Where Dissentr differs from a network such > as Tor is in how this path is constructed. In Dissentr, the network is > constructed out of cascades (A term I first heard described by Ian > Goldberg, but I've been unable to pin down an original source for): > essentially directed, acyclic sub-graphs, in which a node defines a set of > "trusted" nodes, through which they are willing to relay traffic through. > Dissentr simplifies this model by only allowing for nodes of out-degree 1, > at this time. This construction brings about a number of useful results: > > In the event that a node is known to be compromised, individual nodes are > allowed the ability to either remove themselves from a cascade, or bypass > untrusted nodes entirely, without the necessity of a trusted third-party. > The network is protected from "supernode invasions," in which an attacker > floods the network with compromised nodes, in the hopes of either > endangering the network's health, or placing the security of users passing > through their nodes at risk of traffic interception, and subsequent > analysis. This can be guaranteed because cascades are constructed by virtue > of a measure of trust between node-operators, and so long as there exists > some non-zero subset of trusted operators, they retain the ability to form > a cascade of their own, effectively shutting out the efforts of such an > attacker. > Use-Cases > > As mentioned previously, the high-latency nature of the network causes a > shift in the sorts of activities best facilitated by its use, however, > there do exist some unique opportunities which I have neither seen > implemented in the context of a mix network, nor discussed in the > literature. > > A personal favourite idea revolves around creating a platform for > political blogging, which, assuming a noisy enough network, would offer > political dissidents the ability to freely write about issues of corruption > or government abuse, without many of the risks associated with using a > lower-latency network like Tor. If it takes a week for a blog post to > appear in circulation after the author posts it to the network, it becomes > magnitudes more difficult for any assailant to > >
