1994-05-12 - Re: Message Havens

Header Data

From: Black Unicorn <unicorn@access.digex.net>
To: sinclai@ecf.toronto.edu (SINCLAIR DOUGLAS N)
Message Hash: c64b46d53ed84cac2c7c6560b3c571c41dd495d75c0285818725bdde3c87bb0a
Message ID: <199405121515.AA10780@access3.digex.net>
Reply To: <94May12.102413edt.13411@cannon.ecf.toronto.edu>
UTC Datetime: 1994-05-12 15:16:09 UTC
Raw Date: Thu, 12 May 94 08:16:09 PDT

Raw message

From: Black Unicorn <unicorn@access.digex.net>
Date: Thu, 12 May 94 08:16:09 PDT
To: sinclai@ecf.toronto.edu (SINCLAIR  DOUGLAS N)
Subject: Re: Message Havens
In-Reply-To: <94May12.102413edt.13411@cannon.ecf.toronto.edu>
Message-ID: <199405121515.AA10780@access3.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Downloading the whole message base to scan for one's messages
> will place a massive load on net.resources, and probably
> a prohibitive load on most people's terminals.  This scheme
> should avoid this nescessity:
> 
> Alice wishes to write a message anonymously to Bob.  They have
> agreed in previous communications that their tag is the string "foo".
> Alice writes her messages, and encrypts it with Bob's public key.
> She then prepends the tag.  It looks like this:
> 
> Tag: foo
> --- Begin Pgp Message ---
> zxcvm,/asdfjk;qup
> ....
> iuerpw,d,fy
> --- End Pgp Message ---
> 
> 
> Next, she encrypts this with the gopherhole's public key.  The
> resulting message is posted to the gopherhole, where it is decrypted
> and made available for all to download.
> 
> Now, Bob enters the gopherhole and instructs it to download all
> messages with the tag of "foo".  To thwart trafic volume analysis,
> he also downloads messages with tags "bar", "baz" and "quux", which
> he then discards.

Why can't gopherhole send a random number of messages with a user selected
cap?

Bob just sends one tag request encrypted with gopherhole's public key, and 
gets between 5 and [User cap] messages.  Even better, (Light bulb) Bob 
can send the number of messages he is currently equipped to filter along 
with the tag and gopherhole can modify this just a touch +/- 10% say just 
to keep Bob from getting lazy and asking for the same number all the time.
Bob can then filter the tags himself with procmail or something.  Just seems
simpler and easier on the user while harder on traffic analysis.

> 
> Problems:
> The gopherhole must be trusted not to divulge which posts
> came from who, and it's key must not be compromized.

Same as remailers really.  Perhaps there is a way to chain message havens?

> A tap on Bob's line shows that he /may/ have a connection with
> the "foo" tag.  However, the only person that knows anything
> about that tag is Alice.  Thus, the other party in the conversation
> must colaborate in an attack, probably ruining her anonymity.

With the right randomization and frequent tag changes, it is hard to 
associate bob with any tag.  This problem becomes increasingly difficult 
if one introduces randomly generated tags and pgp messages and if the 
user keeps the message cap high (25-30).  Bandwidth simply cannot be 
saved if the attacker is getting the downlink from gopherhole if you are 
using a tag system like this.  The user just has to deal with 30 messages 
to best avoid the traffic analysis on this side.  A tap on bob's line 
reveals that he may have a connection with any of 25-30 real or imaginary 
tags.  One less thing to go on if you are an attacker, fake tags are a 
real headache.  Some clever filtering method for tags would be a nice 
touch.  All lowercase, all between four and seven letters and nouns or 
something...?


> Comments?
> 

Nice structure.

-uni- (Dark)




Thread