[Cryptography] Email and IM are ideal candidates for mix networks
Moritz
moritz at headstrong.de
Mon Aug 26 01:14:52 EDT 2013
Hi,
On 26.08.2013 00:28, Perry E. Metzger wrote:
> We probably don't want any sort of central service running this
> network that could be easily disrupted, so identifier to IP address
> information should probably be stored in some big honking DHT, signed
> in the ID's key. Access to the DHT probably should happen in some
> privacy preserving way, possibly through the mix network itself or a
> PIR protocol.
Hashing it out in public: Common failure modes of DHT-based anonymity
schemes
by Andrew Tran, Nicholas Hopper, and Yongdae Kim.
In the Proceedings of the Workshop on Privacy in the Electronic Society
(WPES 2009), Chicago, IL, USA, November 2009.
http://freehaven.net/anonbib/#wpes09-dht-attack
"We examine peer-to-peer anonymous communication systems that
use Distributed Hash Table algorithms for relay selection. We show
that common design flaws in these schemes lead to highly effective
attacks against the anonymity provided by the schemes. These at-
tacks stem from attacks on DHT routing, and are not mitigated by
the well-known DHT security mechanisms due to a fundamental
mismatch between the security requirements of DHT routing’s put-
get functionality and anonymous routing’s relay selection function-
ality.
[...]
CONCLUSION
The anonymity literature, including all of the schemes investi-
gated here, is replete with claims that a peer-to-peer architecture is
necessary in order to construct a scheme that will work at Internet
scale. Distributed Hash Tables offer a scalable architecture for or-
ganizing and finding peers, and thus appear to be an obvious choice
of peer-to-peer architecture. However, as we have shown there is
not a clear bijection between the security and robustness require-
ments of a DHT’s put-get interface and an anonymity scheme’s re-
lay selection mechanism. This leads to severe vulnerabilities in
the existing schemes based on DHTs, limiting the deployability of
such schemes. The critical question for future work in this line
of research is whether a “DHT-like” algorithm can be designed to
meet the specific requirements – in terms of privacy, availability,
and correctness – of an anonymity scheme.
"
More information about the cryptography
mailing list