1996-01-03 - Re: Foiling Traffic Analysis

Header Data

From: Jon Lasser <jlasser@rwd.goucher.edu>
To: “Timothy C. May” <tcmay@got.net>
Message Hash: 6250254a464720ac7a706a5e07e12c2299e69ae2e8dc8534006161780f2518c6
Message ID: <Pine.SUN.3.91.960102195154.11723B-100000@rwd.goucher.edu>
Reply To: <ad0ebb9d0c0210048ac9@[205.199.118.202]>
UTC Datetime: 1996-01-03 14:59:57 UTC
Raw Date: Wed, 3 Jan 1996 22:59:57 +0800

Raw message

From: Jon Lasser <jlasser@rwd.goucher.edu>
Date: Wed, 3 Jan 1996 22:59:57 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Foiling Traffic Analysis
In-Reply-To: <ad0ebb9d0c0210048ac9@[205.199.118.202]>
Message-ID: <Pine.SUN.3.91.960102195154.11723B-100000@rwd.goucher.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jan 1996, Timothy C. May wrote:

> At 4:35 AM 1/2/96, Jon Lasser wrote:
> 
> >The potential for traffic analysis is the danger here. If an "FBI
> >International Data Laundering Expert" testifies in court that said data
> >came from a site known to be frequented solely by so-and-sos, all the
> >strong crypto in the world won't stop the average jury from convicting you.
> >
> >Carl Ellison (among others, I'm sure) has suggested various means of
> >foiling traffic analysis among a group of trusted conspirators, using a
> >token-ring-like routing scheme. I'm not completely convinced that it's
> >robust enough, but a variation on it is probably adaptable.
> 
> How does this differ from Dining Cryptographers approaches?

Totally different from a DC-Net, as far as I understand DC-Nets (I think 
I do, but Applied Crypto's in my dorm, and I'm at home, so I can't check)

In this approach, computers are organized in "rings"; each computer in a 
given ring always has an encrypted packet in circulation.

When the group of packets arrives at a given station, it replaces its 
current encrypted packet with a new packet; if it doesn't have any new 
packets to send, it puts up a garbage packet that is indistinguishable 
from a normal packet. It then scans all the other packets and attempts to 
decrypt them with its private key. Any it can read, it does; all the 
packets are forwarded to the next station in the ring.

By the time the next set of packets arrives, all have been replaced; the 
station is unable to determine either the source or the destination of 
any given packet. Routing between loops is done by routers, which are 
computers on multiple loops. Perhaps all machines are on multiple loops 
and serve as routers.

I'm not sure about traffic analysis in cases where Mallet controls a 
significant portion of the network; while this is unlikely, it must be 
considered.

Any significant inconsistancies are probably mine...
Jon Lasser
------------------------------------------------------------------------------
Jon Lasser                <jlasser@rwd.goucher.edu>            (410)494-3072 
          Visit my home page at http://www.goucher.edu/~jlasser/
  You have a friend at the NSA: Big Brother is watching. Finger for PGP key.






Thread