From: tcmay@netcom.com (Timothy C. May)
Date: Fri, 26 Mar 93 14:49:02 PST
To: cypherpunks@toad.com
Subject: Re: How secure is an anonomous mail-server
In-Reply-To: <9303262144.AA07992@walrus.chp.atmel.com>
Message-ID: <9303262247.AA18162@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Peter Baumbach writes:

> Suppose somone wanted to compromise an anonomous mail-server.  Couldn't it
> be possible without the owner of the mail-server knowing?  The attack might
> consist of monitoring all traffic to and from that address.  Unless the 
> server waits a long and random time to forward the incoming mail, couldn't
> a mapping be made of real-name/possible-anon-names?  If a users uses the
> same anonomous name for long enough (2 times?) couldn't the attacker be
> very confident of the mapping?  If the attacker uses the server themselves
> creatively, wouldn't the task be even easier?  
> 
> This seems like a simple cipher easily broken.
> 
> I am new to this, so I appologize if this is a dumb question.

Yes, this is basically the "traffic analysis" problem. This is
discussed (briefly) in the "Glossary" located in the Cypherpunks
archives at soda.berkeley.edu (in the /pub/cypherpunks directory).

Existing remailers are not secure against either traffic analysis or
record-keeping by the operators. Nor are they secure against textual
analysis (a lesser problem). 

Adding encryption helps against operator record-keeping. Accumulating
enough messages (e.g., 10) so that following a message through 10
remailers is problematic is another approach, though nobody is now
doing this. (And even with lots of accumulated messages and lots of
remailers, statistical evidence can be accumulated. For example, if
everytime "Deadbeat" posts to some group there was a packet leaving my
machine some hours before.....)

David Chaum's 1981 CACM paper/letter described "mixes," which some on
this list are pursuing. His even more advanced "DC-Nets" (also covered
in the Glossary and in _many_ postings on this list) are
information-theoretically secure. We may see them deployed soon, in at
least an experimental form.

Not a dumb question, just one that's come up several times. (Someday
we may even have a Cypherpunk FAQ.)


-Tim May

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: PGP and MailSafe available.