A year late and a dollar short? (was FC: U.S. government patents anonymous browsing "Onion Routing" technique)
R. A. Hettinga
rah at shipwright.com
Sat Aug 18 13:43:17 EDT 2001
...In addition to a pointer to his excellent article in Wired News, Declan
also includes a patent citation, below, which, oddly enough, shows a patent
filing date of May 29, 1998, more than a *year* after the first paper on
onion routing was presented at -- much less reviewed by the program
committee of -- the First International Conference on Financial
Cryptography (FC97 to its friends), in late *February*, 1997.
Isn't there like a one-year limitation on times between disclosure and
patent filing, a given patent's not valid?
Ian Goldberg and Adam Shostack, now of Zero Knowledge, were both there at
FC97, of course. We *flew* them there to run the pre-conference
bootcamp/workshop. :-).
Cheers,
RAH
--- begin forwarded text
Date: Sat, 18 Aug 2001 11:14:53 -0400
From: Declan McCullagh <declan at well.com>
To: politech at politechbot.com
Subject: FC: U.S. government patents anonymous browsing "Onion Routing"
technique
User-Agent: Mutt/1.2.2i
Sender: owner-politech at politechbot.com
Reply-To: declan at well.com
http://www.wired.com/news/politics/0,1283,46126,00.html
Pentagon Hides Behind Onion Wraps
By Declan McCullagh (declan at wired.com)
2:00 a.m. Aug. 17, 2001 PDT
Onions may be the secret ingredient in protecting the Pentagon's
classified information.
During an afternoon presentation at the Usenix Security conference on
Thursday, a researcher at the U.S. Naval Research Laboratory described
a technology known as "Onion Routing," which preserves anonymity by
wrapping the identity of users in onion-like layers.
"Public networks are vulnerable to traffic analysis. Packet headers
identify recipients, and packet routes can be tracked," said Paul
Syverson, who works at the NRL's Center for High Assurance Computer
Systems. "Even encrypted data exposes the identity of the
communicating parties."
[...]
Syverson said that the U.S. government was awarded patent number
6,266,704 for Onion Routing on July 24.
That announcement prompted an angry reaction from Usenix attendees,
many of whom are programmers, security consultants and system
administrators, who aren't big fans of software patents -- especially
in the area of anonymous communications, where there's been so much
prior work before the Navy ever got involved.
Mathematician David Chaum, for instance, wrote an article titled
"Untraceable Electronic Mail, Return Addresses and Digital Pseudonyms"
for Communications of the ACM as far back as 1981. Lance Cottrell, who
now runs anonymizer.com, wrote part of the mixmaster system in the
early 1990s, and similar techniques were discussed on the cypherpunks
mailing list even earlier.
Syverson, who is listed on the patent with co-inventors Michael Reed
and David Goldschlag, defended the government's move. "It is a
necessary step for those of us working for the government to bring
technology to the public," Syverson said.
The patent describes Onion Routing, which has been the subject of
analysis at previous security conferences, as providing "an electronic
communication path between an initiator and a responder on a
packet-switching network comprising an onion routing network that
safeguards against traffic analysis and eavesdropping by other users
of the packet switching network" such as the Internet.
[...]
*********
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50&s1='6,266,704'.WKU.&OS=PN/6,266,704&RS=PN/6,266,704
United States Patent 6,266,704
Reed , et al. July 24, 2001
_________________________________________________________________
Onion routing network for securely moving data through communication
networks
Abstract
The onion routing network is used to protect Internet initiators and
responders against both eavesdropping and traffic analysis from other
users of the Internet. In the onion routing of the invention, instead
of making connections directly to a responding machine, users make
connections through onion routers. The onion routing network allows
the connection between the initiator and responder to remain
anonymous. Anonymous connections hide who is connected to whom and for
what purpose from outside eavesdroppers.
_________________________________________________________________
Inventors: Reed; Michael G. (Bethesda, MD); Syverson; Paul F. (Silver
Spring, MD); Goldschlag; David M. (Silver Spring, MD)
Assignee: The United States of America as represented by the Secretary
of the Navy (Washington, DC)
Appl. No.: 086541
Filed: May 29, 1998
[...]
_________________________________________________________________
Description
_________________________________________________________________
BACKGROUND OF THE INVENTION
1.0 Field of the Invention
The present invention relates to the field of moving user real-time
data within a communication network and, more particularly, to a
system which moves data within a communication network, such as the
Internet, without revealing the identity of the initiator of the data,
nor the identity of the receiver of the data, nor the content of the
data.
2.0 Description of the Prior Art
The present invention is concerned with the right to privacy involved
in electronic communication which may be better described by first
discussing other forms of more commonly known communications.
For example, letters sent through the Post Office are usually in an
envelope marked with the sender's and recipient's addresses. The
general public trusts that the Post Office does not peek inside the
envelope, because the contents are private. The general public also
trusts that the Post Office does not monitor who sends mail to whom,
because that information is also considered private.
These two types of sensitive information, the contents of an envelope
and its addresses, apply equally well to electronic communication over
the Internet. As the Internet becomes an increasing important part of
modern day communication and electronic commerce, protecting the
privacy of electronic messages also becomes increasingly important.
Just like mail, electronic messages travel in envelopes, that is,
electronic envelopes. Protecting the privacy of electronic messages
requires both safeguarding the contents of their envelopes and hiding
the addresses on their envelopes. Although communicating parties
usually identify themselves to one another, there is no reason that
the use of a public network, such as the Internet, ought to reveal to
others who is talking to whom and what they are talking about. The
first concern is traffic analysis, the latter is eavesdropping.
By making both eavesdropping and traffic analysis hard, the privacy of
communication is protected. However, anonymity need not be completely
maintained because two parties communicating with each other may need
to identify each other. For example, if a Web surfer wants to buy
something using the electronic equivalent of cash, the purchaser may
need to be identified to properly establish the debt being incurred;
however, the network need not know any of this information.
If an electronic envelope keeps its contents private, and the address
on the envelope is also hidden, then any identifying information can
only be inside the envelope. So for anonymous communication, we also
should remove identifying information from the contents of an
envelope. This may be called anonymizing a private envelope.
An anonymous connection is a communications channel for which it is
infeasible to determine both endpoints, that is, which principal
initiated the communication and whom receives the communication. The
principal initiating the connection is the initiator, and the
principal to whom the initiator connects is the responder. The present
invention implements a mechanism for anonymous connections that
operates below the application layer and supports a variety of
Internet applications, wherein the application layer is the highest
layer within the hierarchy of the protocols being used to perform the
data transfer.
The usage of anonymous communication is known and generally referred
to by the use of various terms in the art. For example, anonymous
"Mixes" were introduced in 1985 as a store and forward mechanism for
anonymously moving data through a network. These Mixes are not
suitable for bidirectional real-time communication which is of
importance to the present invention.
Anonymous remailers, also known in the art, have been used to store
and forward mail from a sender to a recipient without revealing the
identity of the sender to observers of the network. Different versions
of these remailers use Mixes in a highly application specific way
which limits their applicability for other uses.
Anonymous bidirectional real-time communication for Integrated Service
Digital Network (ISDN) has also been explored, especially as in
related phone switching means. Mixes are incorporated into an ISDN
phone switch to permit anonymous connections between callers within
the same ISDN switch. The usage of these anonymous connection means is
dependent upon the characteristics of the ISDN phone switches which,
in turn, has inherent limitations which, in turn, limit their usage.
The first mention of near real-time Mixes for the Internet appears in
the Pipe-Net techniques also known in the art. Pipe-Net's design
provides fixed bandwidth, low-capacity communications channels
strongly protected against both active and passive traffic analysis
attacks. However, the fixed bandwidth and low-capacity communication
limit their usage. Further, to our knowledge this Pipe-Net's design
has never been built, fully described, nor formally published.
The anonymizer, known in the art, provides weak protection against
traffic analysis of World Wide Web (WEB) communications, by providing
a centralized service that removes identifying information from the
data stream. So called "Crowds" extends this approach to decentralize
the proxy. However, the Anonymizer does not protect against passive
attacks at the centralized proxy; whereas Crowds does not protect
against global passive attacks. It is desired to provide a general
purpose system that allows anonymous connections to move data through
a communication network and that does not suffer the drawbacks of the
prior art.
OBJECTS OF THE INVENTION
It is a primary object of the present invention to provide a system
for electronic communications that protect the identity of the
initiator and the intended receiver of the data, as well as the
content of the data, from traffic analysis and eavesdropping. The
system has variable bandwidth, high capacity, near real-time,
bidirectional, and application independent communication
characteristics.
It is another object of the present invention to provide a
subcomponent for the system that separates anonymity of the connection
from anonymity of the data passing over the connection.
It is still another object of the present invention to provide a
distributed routing network, comprised of systems of the present
invention, that can be configured in many ways to shift trust between
network elements, thereby shifting the responsibility for the
protection of private information to the cognizant parties. For
example, a large company may install a system of the present invention
on the firewall separating its protected site from the open Internet
and, therefore, take the responsibility to protect its own
information. This system, once instituted, would be integrated into
the distribution routing network.
Further still, it is an object of the present invention to provide a
system that operates below the application layer. The system of the
present invention supports many unmodified applications by means of
proxies. The system of the present invention includes proxies that may
be used for Web browsing, remote login, electronic mail and raw data
connections.
SUMMARY OF THE INVENTION
The present invention is directed to a method for establishing and
utilizing a virtual circuit for moving data for electronic
communication within a communication network that provides application
independent, real-time, and bi-directional anonymous connections
throughout the communication network that are resistant to both
eavesdropping and traffic analysis.
The present invention provides a virtual circuit that is a pathway
between two devices, one defined as an initiator and the other defined
as a responder, communicating with each other in a packet switching
system, such as the Internet. The virtual circuit comprising a
plurality of onion routers arranged adjacent to each other and where
adjacent onion routers maintain longstanding connections to each other
and where each onion router has a protocol to provide communications
therebetween.
Each of the onion routers is responsive to an onion, having a layered
data structure, with one layer per each of the onion routers in the
pathway. Each layer of the onion comprises an encryption of the
identity of the next onion router in the pathway and encryption
material. In operation, the initiator makes a request to a proxy to
establish the virtual circuit through the onion routers. In one
embodiment, the proxy connects to a second proxy which then defines
the pathway, and in another embodiment, the first proxy defines the
pathway itself with the pathway consisting of individual paths between
adjacent onion routers.
[...]
-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list