From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
To: cypherpunks@toad.com
Message Hash: ebf3d1df0752173ad19a7fa3605bd08f7710cffd0211361c207d2adb31cc410d
Message ID: <ab60837505021004ea5d@[132.162.201.201]>
Reply To: N/A
UTC Datetime: 1995-02-10 02:48:28 UTC
Raw Date: Thu, 9 Feb 95 18:48:28 PST
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Thu, 9 Feb 95 18:48:28 PST
To: cypherpunks@toad.com
Subject: RE: a new way to do anonymity
Message-ID: <ab60837505021004ea5d@[132.162.201.201]>
MIME-Version: 1.0
Content-Type: text/plain
At 8:51 PM 02/09/95, Wei Dai wrote:
>It seems to me that if a user maintains a 24-hour a day pipe to an
>uncompromised server, then the method I described earlier against
>remailers should not work against that user. Otherwise, some kind of
>in-out statistical analysis may work.
Ay, what a good point. I know this connection is incredibly obvious, but
just in case no one has yet made it, I will. A "pipe-net" host running
Wei's L- modification to Matt's ESM, which was also running a remailer,
would provide pretty much untraceable entrance to the remailer net. The
remailer software wouldn't even need to be integrated with the pipe
software in any way, as long as the user had a secure connection to the
host, he could just connect to the SMTP port and send the message to the
remailer that way.
I would guess that the attack Wei described, as well as almost every other,
if not every other, traffic analysis attack would fail if users were
utilizing this. You could trace the message to a given "pipe net" host
using traffic analysis, but you wouldn't be able to trace it to a user, if
he was using the pipe net appropriately. Obviously, this also requires a
sufficient number of people to be using the pipe net host, so that no real
information is gained just by tracing the connection to a given pipenet
host. And of course non-pipe-net users are using the remailer on the
machine to, which makes things a tiny bit more complicated for the traffic
analysits
Note also that the bandwith could be kept extremely low. Even something
like 10cps. So, maybe it takes you up to a couple hours to actually
transit your message to the pipe-net host remailer, but we currently dont'
expect instantaneous remailernet transmission anyway. We've learned to
live with latency on the order of hours, as opposed to seconds, so adding
several more hours onto the chain isn't a problem. And with a bandwith
maintained that low, the pipenet host could theoretically host many many
"pipe net remailer" client users, without causing a serious problem.
This seems like a really exciting thing to me. That we already have the
tools available for, right now at this very second, now that Wei has done
the link encryption mod to ESM.
Return to February 1995
Return to “jrochkin@cs.oberlin.edu (Jonathan Rochkind)”
1995-02-10 (Thu, 9 Feb 95 18:48:28 PST) - RE: a new way to do anonymity - jrochkin@cs.oberlin.edu (Jonathan Rochkind)