Padding, multiplexing and more

Lucky Green shamrock at cypherpunks.to
Tue Dec 24 08:19:08 UTC 2002


Andrei wrote:
[...] my personal feeling is that 
> any kind of scheme needs an analysis of anonymity in some 
> kind of formal way and statements like "probably resistant 
> against blah" just don't cut it any more.

Research that unfortunately so far appears to remain missing in the area
of IP anonymizers are quantitative analyses of the impact the various
approaches have on the aspects that together make up our notions of
"anonymity" and "privacy". 

The community does not presently know how to build IP/TCP/http/ssh, etc.
anonymizing systems that will afford the user anonymity in the face of a
global attacker that has compromised n of m nodes with n potentially
being as small as 1.

This is what I believe killed ZKS's Freedom. The early adopters knew
that the system was insufficiently secure against a resourceful
attacker. ZKS, erroneously, believed that in producing a product that
defends against some percentage of attacks, say 98%, they could capture
most of the of the market. Instead, Freedom captured about the same
percentage of the market as human blood transfusions guaranteed to be
98% free of HIV virus would. Some product groups offering 98% security
do not just capture a slightly reduced market share, but experience
difficulties to find any market at all. Anonymizing systems fall into
this category.

I have not read or heard of a paper describing a system that I would
consider running to secure online activities that, if known publicly,
were to cause me more than a minor level of inconvenience. For the
latter, a public http proxy or a service similar to Anonymizer.com will
do the job just fine. No need to incur the performance overhead part of
other designs. Which means that there is no market for any of the
presently known anonymizing IP designs. From that follows that we need
to find better designs.

Given the close to 10 years that I have been seeking such a system, few
will deplore this fact more than I. To change it, we need both
qualitative and quantitative analyses of what impact the various
techniques employed have on security.

Any proposed design needs to be able to answer questions such as the
following:

Assuming the attackers have access to [just about anything an entity
with near-global subpoena power plus the ability to compromise upstream
ISP router can obtain], are using the best known mathematical models to
correlate users with sites visited [Laplace transforms, Bayesians, NSA
forests(?), etc.], and furthermore the attackers operate n of the m
nodes through which the users has chosen to route, including the
[entrance hop, exit hop, none of the above], then what is the
probability p for the user to be identified when transferring r MB of
payload data/being online for q hours, etc.

The above sample question is of course just a simplification of the
questions that actually need to be answered. I would hope for future
papers proposing designs to answer considerably more questions, both in
terms of complexity and absolute numbers, than the relatively simple
sample question that I outlined. Yes, this will require deeper
mathematical analysis of both attack models and security designs than
has so far been performed in the unclassified sector of the field.

Until such questions are answered, it would be irresponsible to field a
design for anything other than research purposes. Not that this is
currently being proposed.

Thanks,
--Lucky Green



More information about the tor-dev mailing list