1994-08-07 - Improved remailer reordering

Header Data

From: hughes@ah.com (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: 13e7bb72dcd8991903049aee3b32a91ad2fd741b94d340d7dfa8c9d60568d387
Message ID: <9408072325.AA18643@ah.com>
Reply To: <4210@aiki.demon.co.uk>
UTC Datetime: 1994-08-07 23:54:00 UTC
Raw Date: Sun, 7 Aug 94 16:54:00 PDT

Raw message

From: hughes@ah.com (Eric Hughes)
Date: Sun, 7 Aug 94 16:54:00 PDT
To: cypherpunks@toad.com
Subject: Improved remailer reordering
In-Reply-To: <4210@aiki.demon.co.uk>
Message-ID: <9408072325.AA18643@ah.com>
MIME-Version: 1.0
Content-Type: text/plain


   Imagine a RemailerNet (v0.2) that maintained a fixed level of
   traffic between gateways.

This is exactly what I was talking about when I posted earlier about
link encryptors, and effective collapse of nodes for traffic analysis
purposes.  Traffic analysis of mixes and remailers assumes, as an
abstraction, that all the messages going into and coming out of a
particular node are visible.  As soon as you remove this condition,
the analytical situation changes completely.

And it changes for the better, since the reduction in observed
information can only improve security.  Message arrival and departure
times are not irrelevant, and their removal gives less useful
information.  The desired net result is a single node for traffic
analysis purposes.  But even for a single node, estimates of
reordering still need to be made.

The problem with implementation of link encryption is, like everything
else, cost.  Link encryption off the Internet requires dedicated
lines.  Link encryption on the Internet likely won't get you into
trouble now, but likely will be an issue as subsidies go away.

   In general, the messages do not exist
   as wholes along the lines connecting the gateways, so a discussion of
   their reordering is a good way to waste time.

You still have to worry about reordering in the network as a whole.
The system you've described has reassembly done at the endpoints, who
might not be the final receiver.  I pass over the flaw of lack of
message quantization in the final sending of reassembled messages.
We may assume for discussion that they're all the same length.

Now, you still need to calculate the likelihood that a particular
outgoing message is the same message as a particular incoming message.
These probabilities have to do with message reordering.  You still
need to do the calculation.

Eric





Thread