[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Dr. Roberts" and his advice to the list




Timothy C. May wrote:
> At 10:25 AM -0800 3/23/97, "Dr. Roberts" wrote:

> >The remailer network itself may be treated as a black box.  This means
> >that if you suspect certain people are posting messages to a certain
> >list you need only watch the timing of the suspect's posts to verify
> >guesses.  This makes an attack on the remailer network quite
> >inexpensive because you need to monitor a relatively small number of
> >people in your jurisdiction.

> If a mix accumulates, say, 100 messages, and posts one of them to some
> destination, no amount of "timing" analysis points to which of the 100
> incoming messages was the  source...this is the essence of mixes/remailers.
> (Modulo the usual assumptions about message size, encryption, etc.)

  I wouldn't be so certain about this.
  Consider the fact that the remailers can be initially studied through
relatively _pure_ analysis, for starters. i.e. - a series of slow
periods of remailer use where and entity can ensure that almost all
of those 100 messages belong to them.
  Thus the remailer can be studied for non-random patterns that may be
unknown even to the operator himself.

  Then consider the fact that many of the people using remailers have
habits and patterns that can easily be studied and followed. 
  i.e. - Time periods online, standard delay time used in posting
commands, frequency and volume of their posts. 
  You must also consider context and syntax analysis that point to the 
true author of anonymous posts, and the fact that, once known, their
personal systems can be monitored to reveal the exact time and nature
of their input into the remailers.
  Even knowledge of killfiles can eliminate some of the overhead for
traffic analysis, eliminating some sources as being responsible for
volume of anonymous email directed at certain subjects or authors.

  Many of the factors involved in traffic analysis can be obtained
outside of the realm of actual input and output of the remailers
themselves, thus narrowing the range of _unknown_ factors in that
analysis.
  Certainly there has been much thought and consideration given to
the remailer system, by people who allow for various methods of attack
on and/or analysis of their system. However, the assumption of 100
_random_ messages can drop pretty fast when one takes into account
the number of factors that may turn some of these messages into 
quantifiable and easily analyzed entities. Add to this the possibility
of factors that are known to the attackers, but not to the defenders,
and the margin of security drops even further.

  Care must be taken to realize that even if one is making efforts to
conceal their email traffic, that the results of their efforts are
also affected by the person who always posts between 4 and 6 pm, who
always posts via the same remailer and who always uses a 2 hour delay 
command in his posts.
  One needs to remember, as well, that with the capabilities of autobots
and switching mechanisms, that to flood a system or systems at certain
critical times is an insignificant obstacle to inputing a large quantity
of _know_ data into the frame of analysis.
 
> >  Would anybody like to post some references?  What
> >is required to have a rock solid remailer network?
> >
> >Dr. Roberts
> 
> Why not do the research into these references yourself and then post them?

  This is an asinine statement.
  If you are interested in furthering the interests of privacy through 
encryption and remailers, why don't you aide someone asking for pointers
to better information?
  Is this list reserved for those who already know it all?
  Can you say "statist?" Sure, you can.

> As for what it would take to make a rock solid remailer network, go back
> and read some of the many hundreds of articles many of us have written on
> this subject, read Chaum's original 1981 CACM short article, and carefully
> study DC-Nets.

  If all information was in those articles, then I suspect that the
remailers would already be "rock solid."
  Rather than living in the past, as if all possibilities had already
been discussed and decided, it might better serve some list members to
take their hard-earned knowledge and apply it to today's situation,
with new technologies, methodologies, routings, etc.
  Not only have these things changed, but the types and number of
people who use them have also changed, thus changing the scope of
possible approaches to traffic analysis.

TruthMonger


 S a n d y

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~