Re: traffix analysis

2003-08-28 Thread Anonymous
John S. Denker writes:

 A scenario of relevance to the present discussion
 goes like this:
   -- There exists a data haven.  (Reiter and Rubin
  called this a crowd.)
   -- Many subscribers have connections to the haven.
   -- Each subscriber maintains a strictly scheduled
  flow of traffic to and from the haven, padding
  the channel with nulls if necessary.
   -- All the traffic is encrypted, obviously.

 Then the opponent can put unlimited effort into
 traffic analysis but won't get anything in return,
 beyond the _a priori_ obvious fact that some pair
 of subscribers *may* have communicated.

This is not true, and in fact this result is one of the most important
to have been obtained in the anonymity community in the past decade.  The
impossibility of practical, strong, real-time anonymous communication has
undoubtedly played a role in the lack of deployment of such systems.

The attack consists of letting the attacker subvert (or become!) one of
the communication endpoints.  This can be as simple as running a sting
web site offering illegal material.

Then the attacker arranges to insert delays into the message channels
leading from subscribers into the crowd.  He looks for correlations
between those delays and observed delays in the message traffic to his
subverted endpoint.  This will allow him to determine which subscriber
is communicating with that endpoint, regardless of how the crowd behaves.

It will often be possible to also trace the communication channel back
through the crowd, by inserting delays onto chosen links and observing
which ones correlate with delays in the data observed at the endpoint.
This way it is not necessary to monitor all subscribers to the crowd,
but rather individual traffic flows can be traced.

Wei Dai's PipeNet proposal aims to defeat this attack, but at the
cost of running the entire crowd+subscriber network synchronously.
The synchronous operation defeats traffic-delay attacks, but the problem
is that any subscriber can shut the entire network down by simply delaying
his packets.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: traffix analysis

2003-08-28 Thread Steve Schear
At 09:17 PM 8/27/2003 -0500, Anonymous wrote:
It will often be possible to also trace the communication channel back
through the crowd, by inserting delays onto chosen links and observing
which ones correlate with delays in the data observed at the endpoint.
This way it is not necessary to monitor all subscribers to the crowd,
but rather individual traffic flows can be traced.
Using random throwaway WiFi neighborhood hotspots can blunt this type of 
attack.  Even if they trace the link back to the consumer who lent his 
bandwidth it may provide scant  information.

steve

Experience teaches us to be most on our guard to protect liberty when the
government's purpose is beneficent. Men born to freedom are naturally alert
to repel invasion of their liberty by evil-minded rulers. The greatest
dangers to liberty lurk in insidious encroachment by men of zeal,
well-meaning but without understanding. -Louis Dembitz Brandeis, lawyer,
judge, and writer (1856-1941)
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: traffix analysis

2003-08-28 Thread Adam Back
I agree with anonymous summary of the state of the art wrt
cryptographic anonymity of interactive communications.

Ulf Moeller, Anton Stiglic, and I give some more details on the
attacks anonymous describes in this IH 2001 [1] paper:

http://www.cypherspace.org/adam/pubs/traffic.pdf

which explores this in the context of ZKS Freedom Network, and Pipenet
presenting attacks on the Freedom Network, Onion Network, Crowds and
Pipenet which affect privacy and availability.

Adam

Traffic Analysis Attacks and Trade-Offs in Anonymity Providing
Systems, IH 2001, Adam Back, Ulf Moeller, and Anton Stiglic.

On Wed, Aug 27, 2003 at 09:17:05PM -0500, Anonymous wrote:
 This is not true, and in fact this result is one of the most important
 to have been obtained in the anonymity community in the past decade.  The
 impossibility of practical, strong, real-time anonymous communication has
 undoubtedly played a role in the lack of deployment of such systems.
 
 The attack consists of letting the attacker subvert (or become!) one of
 the communication endpoints.  This can be as simple as running a sting
 web site offering illegal material.
 
 Then the attacker arranges to insert delays into the message channels
 leading from subscribers into the crowd.  He looks for correlations
 between those delays and observed delays in the message traffic to his
 subverted endpoint.  This will allow him to determine which subscriber
 is communicating with that endpoint, regardless of how the crowd behaves.
 
 It will often be possible to also trace the communication channel back
 through the crowd, by inserting delays onto chosen links and observing
 which ones correlate with delays in the data observed at the endpoint.
 This way it is not necessary to monitor all subscribers to the crowd,
 but rather individual traffic flows can be traced.
 
 Wei Dai's PipeNet proposal aims to defeat this attack, but at the
 cost of running the entire crowd+subscriber network synchronously.
 The synchronous operation defeats traffic-delay attacks, but the problem
 is that any subscriber can shut the entire network down by simply delaying
 his packets.
 
 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]