[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Improved remailer reordering



In message <[email protected]> Eric Hughes writes:
>    Imagine a RemailerNet (v0.2) that maintained a fixed level of
>    traffic between gateways.
> 
> This is exactly what I was talking about when I posted earlier about
> link encryptors, and effective collapse of nodes for traffic analysis
> purposes.  Traffic analysis of mixes and remailers assumes, as an
> abstraction, that all the messages going into and coming out of a
> particular node are visible.  As soon as you remove this condition,
> the analytical situation changes completely.

There is little difference between RemailNet v0.1 and v0.2 in this
regard.  Fragmenting messages into packets of fixed length, randomizing
routing, and noise injection were all present in v0.1.

> The problem with implementation of link encryption is, like everything
> else, cost.  Link encryption off the Internet requires dedicated
> lines.

I think that there is some confusion here.  Time is defined in terms
of steps, each one of which represents the dispatch of one packet.  The
packets can be received and dispatched in batches.

>    In general, the messages do not exist
>    as wholes along the lines connecting the gateways, so a discussion of
>    their reordering is a good way to waste time.
> 
> You still have to worry about reordering in the network as a whole.
> The system you've described has reassembly done at the endpoints, who
> might not be the final receiver.  I pass over the flaw of lack of
> message quantization in the final sending of reassembled messages.
> We may assume for discussion that they're all the same length.

You need not pass over the 'flaw of lack of message quantization in
the final sending'.  Someone running a private high security gateway,
an "empowered user", participates in the same way as the other RemailerNet
gateways, and there is in fact no way to determine even whether he is
sending or receiving, or in fact whether he is doing anything at all.
He may be just sending and receiving noise packets.

Users accessing the net using low security versions of the software do
have less security, but that is a consequence of their use of low
security software.

> Now, you still need to calculate the likelihood that a particular
> outgoing message is the same message as a particular incoming message.
> These probabilities have to do with message reordering.  You still
> need to do the calculation.

Some of the discussion here is at cross purposes.  My focus has been
on specifying a system which is itself very difficult to attack using
cryptoanalytic techniques.  An "empowered" user of RemailerNet v0.2
who sends messages via a system which acts as a gateway need not worry
very much about traffic analysis.

A user whose access to RemailerNet is via a low security system will
be exposed to a higher level of risk.  Which factors are the most
important element in causing risk depend upon the nature of the
traffic through the system and the size and geographic distribution
of the network itself.	A functioning RemailerNet with widely
distributed gateways and at least a moderate level of traffic from
at least a moderate number of widely distributed users is not easily
subjected to what I might call external traffic analysis.

Essentially, you make a model of the system which removes many of the
features that defeat traffic analysis and then say, hey, this thing
is easily subject to traffic analysis.	Well, if you go far enough,
sure.
--
Jim Dixon