From: Jim Choate <ravage@ssz.com>
To: cypherpunks@ssz.com (Cypherpunks Distributed Remailer)
Message Hash: 9a71d0758010cc269c4a23845dee59e25cbd1ef733610c15d0dd3674330e049f
Message ID: <199710020532.AAA24556@einstein.ssz.com>
Reply To: N/A
UTC Datetime: 1997-10-02 05:27:56 UTC
Raw Date: Thu, 2 Oct 1997 13:27:56 +0800
From: Jim Choate <ravage@ssz.com>
Date: Thu, 2 Oct 1997 13:27:56 +0800
To: cypherpunks@ssz.com (Cypherpunks Distributed Remailer)
Subject: Re: Remailers and ecash (fwd)
Message-ID: <199710020532.AAA24556@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text
Forwarded message:
> Subject: Re: Remailers and ecash (fwd)
> Date: Wed, 1 Oct 97 23:56:19 -0400
> From: "Brian B. Riley" <brianbr@together.net>
> >And why does this by any security when it's the header info and
> >contents that Mallet looks at, not the frequency. The only thing
> >such approaches do is impliment security by obscurity, and that
> >ain't security.
>
> What header info?, its all messages to the remailer with nondescript
> info .. from that point the latency and mix takes over. The meaningful
> message looks no different from the 'cover' traffic.
Mallet will be following the cover traffic, since it is cover there will be
no correllation uncovered between input and output traffic because the
output traffic header info will either be a small class of destinations used
over and over or else it will be chosen randomly using something like a
spider on webpages or a usenet newsgroup crawler. Just send the bogus
packets to random addresses, talk about spam with a bite...
<hint: the LEA's would then instigate an investigation of the randomly
selected target, depleting their resources, this might buy you
2-3 days if you got two halves of a clue to rub together>
<speculation: anything short of several thousand entries in the bogus
destinations will be trivial to track>
<obvious: once a bogus address is used and known by the LEA's it will be
worthless to send any further packets there>
<obvious: all this traffic analysis will be done by computers with very
nice databases so it might take one or two agents to review
the full traffic set for just about any time frame under review>
<speculation: given a determined and well equiped Mallet it should take
no more than a week to 10 days to resolve the analysis if
the destination party is a small set, say <= dozen, using
todays remailers and traffic levels. Previously it was
mentioned that one remailer handled about 4300 pieces a
day, something Oracle or Sybase wouldn't have a problem
with>
<speculation: currently remailers are not seriously bothered by the BIG
Big Brother's because it is not worth validating the paranoids
out there that they are being watched>
For the sender to chain from remailer to remailer to destination the
destination has to be in the header info somewhere. Now in the most secure
system each packet header will only contain the address of the next hop. When
the next site gets it the packet contents are de-crypted (otherwise reading
the chaining info is trivial) and the contents are uncovered to reveal another
packet with the next hop header and another encrypted block. And on and on
we go.
<Question: Are there any remailer sets that impliment the encrypted nested
packet system?>
<speculation: an encrypted chain could be made stronger if the next
hop header depended on which key was used to decode it.
In other words, remailer A's key will produce one next hop
address while remailer B's key will send it elsewhere. This
is a subset of the different plaintext - same cyphertext
problem - a hard problem as I understand it. Find two
distinct texts that encrypt with different keys to the
same cyphertext>
Now if I were tasked with traffic analysis of this sort I would look at each
incoming header and each outgoing header. I would look for some sort of
correlation (ie some percentage of the time when I see this source address I
see this destination address within some period) over time between the steps
in the chain. Realisticaly it would take at least a dozen or so
transmissions using the same remailer chain before a clear pattern would
emerge. In general there are two types of classes in traffic analysis. The
first is monitoring of a specific entity involved in the transfer, usualy
source or destination. The second is passive traffic monitoring where I
simply go from remailer to remailer and find statistical correlation between
the various packets in the hope that somewhere somewhen I would come across
something of use.
<observation: without latency being added simply shuffling the messages will
not significantly hamper the analysis. To be most effective
the latencies should be randomly chosen. This implies that for
best security the content of the traffic should not be greatly
time sensitive. It furher implies that such traffic should be
over a significant range, at least an order of magnitude say>
<suggestion: I learned of the basics of traffic analysis from following
the study of dinosaur teeth and trying to determine which
type they were. Different dinosaurs leave distinctive but
different types of scratches on their teeth. By applying
statistics to the measurements it becomes possible to assign
them to specific types>
The first type is the most commen currently but with the various requests by
the FBI and other LEA's it is becoming clear they want to get into the
second class of traffic analysis in a big way. Guess they are finding it
harder and harder to get the big-wigs like the drug cartels because they use
a higher degree of technology than the LEA's do, they're simply out-classed.
With the second class they could catch a email (for example) from some end
user buying a couple of quarters of pot and then chase that chain in
reverse. Without the passive second class monitoring they would have never
gotten that lead in the first place.
Now consider the LEA's think nothing of monitoring a suspect for years if
required. I know of one case where the DEA spent 2 years tracking a
'kingpin' for 45 tons of herb. They even brought in specialist from the NSA
and military to do covert monitoring for the over-seas participants,
including traffic analysis of their communications.
<observation: Blackhawks have a pretty nifty electronics system, watching
downtown Bagdad via a sat link while flying along playing
with Internet email and using your FLIR to not hit the cables
between the poles>
If they ain't LEA's then a whole new set of options become available. Also
consider, if they aren't LEA's then they are probably doing a class one
traffic analysis which is only a matter of time to resolve.
Considering the current number of anonymous remailers it would not surprise
me if the CIA/NSA/Massad/MI5/etc. are not currently monitoring them all. It
is a given that countries like Iraq, Singapore, China, etc. are currently
doing about all they can to monitor the remailers because they are known to
be used by 'terrorist' organizations.
It seems to me that many people have an inherent (and unrecognized)
assumption that Mallet will have access only to a single remailer and won't
bother actualy tracing the traffic. A bad assumption.
It is also worth remembering, the government as a whole is quite slow but
there are some quite capable individuals.
____________________________________________________________________
| |
| The financial policy of the welfare state requires that there |
| be no way for the owners of wealth to protect themselves. |
| |
| -Alan Greenspan- |
| |
| _____ The Armadillo Group |
| ,::////;::-. Austin, Tx. USA |
| /:'///// ``::>/|/ http:// www.ssz.com/ |
| .', |||| `/( e\ |
| -====~~mm-'`-```-mm --'- Jim Choate |
| ravage@ssz.com |
| 512-451-7087 |
|____________________________________________________________________|
Return to October 1997
Return to “Jim Choate <ravage@ssz.com>”
1997-10-02 (Thu, 2 Oct 1997 13:27:56 +0800) - Re: Remailers and ecash (fwd) - Jim Choate <ravage@ssz.com>