[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Transport Mixes




It might be possible to transport goods in a difficult to trace fashion,
by applying the concept of a digital mix to physical transport.
We can't make them cryptographically hard to trace, but perhaps we 
can minimize the clue trail by substituting crypto for normal 
shipment records.

Here's a courier system for shipping small packages untraceably:

+ put your packages in a suitcase for a flight to a major hub airport,
which is also a courier mix site.  Each bag contains an innocuous
looking Newton with a small wireless radio.  These identify themselves
as mix shipments only if the proper one time key is transmitted over
a spread spectrum wireless channel.  You also put a message in the
Newton indicating the shipment route and enclosing digital cash
as postage; these are successively encrypted with each mix's public 
key, just as with remailers

+ couriers spend all day locating mix bags and taking them to
a nearby hotel room, and taking bags from the hotel room when 
they have been delayed, mixed, and queued for the flight they are
and only take a few bags each at a time

+ the particular hotel and room changes every day

+ a separate courier inside the hotel room takes the following steps:
	-- decrypts a message inside the Newton with his private 
	   key to reveal the next destination for the shipment
	-- decrypts the digital cash fee for this mix and clears it
	-- puts the package and Newton in a new suitcase and
	   puts it in a queue for that new destination (a flight
	   at some point in the future, say 10-30 hours later)

+ like any mix, the delay depends on the rate of traffic going through 
the system: we'd like to mix up at least ten or so shipments at each mix

+ we assume that customs checks any bag at at most n-1 out
of n hubs (highly probable unless the bag contains something
that looks suspicious in the x-ray).

+ the contents of the package should contain no clues as to
source and destination, unless they are securely encrypted

+ each mix is a separate organization, composed of only a few
mutually trusted couriers

+ we need protocols for destroying shipments or shipping them
back to the customer, due to suspicous nature of the package
(customs would catch guns, bombs, sniffable drugs, etc.)
unclearable postage, or other exceptions that might occur,
and informing customers and arbitrators of these actions

Something of this sort might even be possible with larger shipments 
using large ocean ports instead of airports, standard size pallets 
instead of suitcases, and warehouses instead of hotel rooms.  
Again, I make no claim that this would be cryptographically
strong; but in some cases we can use cryptographic protocols
to stop info flows related to transport that are otherwise vulverable
to attack, and concentrate on various techniques to minimize
other vulnerabilities.

The mix concept is limited to important shipments where one is
willing to pay a high preium.   The number of mixes will be small,
because increase in transport costs quickly overwhelms the 
increased security of using additional mixes, because there 
are these other vulnearabilities that become more important.

Can one travel personally, untraceably?  Here is a method
analogous to a mix:

+ instead of flying directly to one's destination, fly through two or 
three hubs

+ pay for each ticket with cash; if ID is necessary use unlinkable nom 
de guerres at each airport

+ remove suitcase tags at each airport

+ dress differently at each airport (just enough to foil routine memories 
of stewardesses, etc.)

+ if one is being followed use the various methods to lose them,
choose three new hub airports and start over

Jim Hart
[email protected]