1995-12-15 - Obfuscating traffic flow (Re: : Pornographic stories)

Header Data

From: Eric Ziegast <ziegast@va.pubnix.com>
To: dlv@bwalk.dm.com
Message Hash: 0007b81cc8b75498128fcc381661bfbe110edb7fc5690dd6c434a5bfe2610c8b
Message ID: <LAA13661.199512151654@pub01.va.pubnix.com>
Reply To: <Dgo5FD5w165w@bwalk.dm.com>
UTC Datetime: 1995-12-15 16:55:21 UTC
Raw Date: Fri, 15 Dec 95 08:55:21 PST

Raw message

From: Eric Ziegast <ziegast@va.pubnix.com>
Date: Fri, 15 Dec 95 08:55:21 PST
To: dlv@bwalk.dm.com
Subject: Obfuscating traffic flow (Re: : Pornographic stories)
In-Reply-To: <Dgo5FD5w165w@bwalk.dm.com>
Message-ID: <LAA13661.199512151654@pub01.va.pubnix.com>
MIME-Version: 1.0
Content-Type: text/plain


>>   So:
>>           What is the "real" reason for opposition to     
>>           strong crypto?  Who "really" benefits?  (and please
>>           don't mention the LE types 'cause I don't believe it).

A company may not want their employees to use crypto because they
want to be able to monitor their traffic.  When a company becomes
paranoid about trade secret protecion or corperate espionage,
worker's privacy is one of the first things to go.  It's the
company' choice though.  They may or may not know the legal can of
worms they'd be opening.

I can understand why LE types might be against strong crypto traffic,
but I'm not allowed to mention them here. ;^)

I would think that ISPs (and even commercial online services) would
prefer that their customers use strong crypto because it's less for
them to worry about ("Are they really sending pornography or death
threats though our network?").

The current protection for some service providers (at least the ones
with Internet-savvy lawyers) is primarlily contractual.  They have
their users agree to service agreements before their users allowed
to use their service.  Search your ISP service agreement for phrases
like ("customer holds harmless and indemnifies Company" or "does not
monitor traffic in any way" or "not responsible for data transmitted").

>>   and:
>>           Anyone else want to participate in the great '90's
>>           uucp revival?  I'm in Santa Clara and could use
>>           some feeds and some help with the setup.
>
> I'm all for it. My site is connected to the rest of the world via dial-up
> UUCP, I haven't touched the setup in 5 years, and am not planning to.
> 
> It might be interesting to have a variation of dial-up UUCP where site 1
> passes encrypted stuff to site 2 and doesn't quite know what site 3 they're
> supposed to go on to. Sort of like the remailers with encryption.

Mail flow obfuscation...

UUCP is only a store-and-forward transport mechanism.  The functionality
you're looking for just depends on the command you execute on the far
end.  People currently use something similar to:

	uux -p -r -z site1!rmail site2!sites3!user
     or
	uux -p -r -z site1!rmail site3!user	(if it's known that site1
						 can figure out how forward
						 mail to site3)

You'd basically be looking for another type of remailer that decrypts
a message to find out how to send it along tothe next hop.

On the sender's system, one could:

	cat message \
		| pgp -feast user \
		| encapsulate site3 \
		| encapsulate site2 \
		| encapsulate site1 \
		| uux -p -r -z site1!decap_remail

At site1, decap_remail would look into the message, decrypt it,
and know to forward it to site2...

	cat message \
		| uux -p -r -z site2!decap_remail

When it forwards the message, and information about where it got the
message from would be stripped (i.e. strip "Received:" or "From "
information it forwarded).  Bounces go to /dev/null.  The removal
of return path informaiton is the most important part of this
process.

At site2, we decrypt and forward to site3:

	cat message \
		| uux -p -r -z site3!decap_remail

At site3, we decrypt and find no message to forward, so it gets
sent to the local mailer for the user (message still encrypted).

Pros: At any point during the transmission, a site only knows the
      previous hop, and the next hop, and the rest is garbage.

      The message is encrypted throughout delivery in such a way
      that to trace a message, you need cooperation from all
      system administrators along the way (use long hop paths
      for more security!).

Cons: Debugging message routing problems is nearly impossible.
      One could possibly get around this by having the recipient
      confirm that the message was received.

      CPU utilization on the mailers would be more than the
      normal bit-shuffling.

      The sender needs to know the explicit path to get from point
      A to point X, to point Y, to point Z.  Either the user has
      to have key exchanges with each mailer down the path, or a
      public key system (can you say "UUCP maps"?) needs to exist
      so that any user withtl the maps can encrypt for any other
      mailer out there.

To optimize the process, one would only encrypt the envelope
information and leave the message intact (leaving it to the
user to encrypt).

Note: You don't need UUCP for this.  Any smart mailer like Sendmail
      or Smail can be configured for something like this.  You
      just need 10-20 sites in the Internet willing to provide this
      remailing service (for example, anon.penet.fi might be one.
      The goal is to make it administratively hard for people to
      compute traffic flow.  One would still use end-end encryption
      to protect message content.

--
Eric Ziegast

PS:  I don't read cypherpunks.  Someone forwarded this to me because
     they thought I'd be interested in the "UUCP" aspect.  If you
     respond and want me in on the discussion, feel free to CC: me.

PPS: Disclaimer: I'm not a crypto newbie.  Don't assume I know what
     I'm talking about.





Thread