1994-08-06 - Re: RemailerNet

Header Data

From: jdd@aiki.demon.co.uk (Jim Dixon)
To: jrochkin@cs.oberlin.edu
Message Hash: 97cfdd2600810e2a7f42e53091f67e03cf1565da654bbf569ab4a57bba5bbe27
Message ID: <4068@aiki.demon.co.uk>
Reply To: N/A
UTC Datetime: 1994-08-06 17:18:46 UTC
Raw Date: Sat, 6 Aug 94 10:18:46 PDT

Raw message

From: jdd@aiki.demon.co.uk (Jim Dixon)
Date: Sat, 6 Aug 94 10:18:46 PDT
To: jrochkin@cs.oberlin.edu
Subject: Re:  RemailerNet
Message-ID: <4068@aiki.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain


In message <199408051528.LAA18523@cs.oberlin.edu> Jonathan Rochkind writes:

> You seem to be talking about a Julf-style anon system, where the system
> knows who you really are. If the system is corrupt, if Julf were an 
> NSA agent, then the entire system is compromised and useless.

If you are using unmodified Internet hardware and TCP/IP as the underlying
transport system, then your point of entry into a remailer network
definitely knows which machine is originating a message and the point
of exit definitely knows where it is going.

If your transport system is the email system, the same holds true because
email runs on top of TCP/IP.  While fiddling with email headers may make
you feel secure, it gives you no protection.

It is a large project (say 30,000 lines of code, some of it at the kernel
level) to build a remailer network which does not use SMTP and TCP/IP.
From the scale of efforts that you are talking about, I assume that you do
not intend to do this.

So the remailer gateways know the source and destination addresses, they
know your electronic identity.	This may or may not lead them to your
physical identity.  That can be concealed fairly easily, especially in
large institutions with poor control over their network resources.  But
this has nothing to do with our discussion now.

> I like the cypherpunks remailer concept better, where each link in the chain
> only knows the next link in the chain, and security is achieved by
> multiple links. If several of the links are actually NSA agents, your security
> is reduced, but not compromised completely. If you've got a chain of, say
> 10 links, even if 7 of them are evil NSA agents, you still can probably retain
> your anonymity.  Return addresses are accomplished by encrypted
> "resend-to:" blocks. It seems much preferable to have a system where it
> isn't neccesary to trust any one net entity completely, as it is in a 
> Julf-style anon-ID system. [Of course one could use a combination of both
> in communications too, but I wouldn't feel safe unless my anonimity was
> safe even if the Finish FBI raided Julf's site.]

Promiscuity leads to infection.  Each contact with a new RemailerNet
gateway increases the probability of your being compromised.

If you modify the proposed RemailerNet to allow reposting at gateways,
you have all of the benefits of the system described above, without
the risks.  Reposted messages would be encrypted with the far gateway's
public key.  The near gateway would then have no idea of the ultimate
destination of the message.  In a well designed system, the far
gateway would also not know the identity of the sender.

> When looked at with this goal in mind, I think maybe the newsgroup as a method
> of passing remailer net information makes a bit more sense. 
>  
> I don't think the possibility of the newsgroup being spoofed is actually
> fatal to the system. Let's examine ways in which it could be attacked:
> 
> 1)  The Enemy could introduce completely made-up "i'm here" messages, pointing
> to non-existent remailers. ...
> 2) The Enemy could announce his own Evil-remailers to the net. These remailers
> would in fact exist, but would do evil things designed to compromise the net...
> 3) The Enemy could intercept announcement messages from good remailers, and
> replace their public key with his own. ...He could then intercept all mail to this
> good remailer, and read it, and forward it on, or drop it in the bitbucket.
> 4) Denial of service: The enemy could intercept the announcement messages, and
> keep them from getting to the newsgroup. ...
> 5) The enemy could intercept announcement messages from good remailers, and
> replace both the public key and address with his own. This is really just a
> combination of several of the previous attacks, nothing new.

In the early to mid 1950s the FBI set out to penetrate Communist Party
USA cells.  At some point, when the fear of the Red Menace began to recede,
people began to talk.  The communists said, "you could always tell who
were the FBI agents.  They were the ones who paid their dues."  The FBI
was actually providing most of the funds for CPUSA.

If anyone cared enough, what they would do is (a) put up enough remailers
so that they were, say, a steady 80% of those announcing in the alt.x
group; (b) provide a good, reliable service nearly all of the time; and
(c) drive the other 20% out of business with a steady disinformation
campaign (rumors, complaints, etc) and other more aggressive tactics.
The FBI types running (a) and (b) would be well funded and they would
be the sort of steady, unimaginative people who run small businesses
well.  The CIA field agents masterminding (c) would be very well
funded network freaks, some of them ex-hackers.  They could operate
outside the USA and pay little or no attention to US laws.  Pity the
poor 20% in the face of such attacks.

Any traffic sent through this remailer network would have only a tiny
chance of getting through without being compromised.  If you picked
5 remailers, the chances of all being non-FBI would be about .2^5,
3 in 10,000.  The other 9,997 messages would be copied immediately
to Langley.

The proposed RemailerNet could be attacked in much the same way.  But
if the network were widely distributed so that gateways were in
different legal jurisdictions and different countries, and if most of
the people involved knew one another, it would be more difficult to
compromise it.
--
Jim Dixon





Thread