[Cryptography] traffic analysis

Natanael natanael.l at gmail.com
Tue Jan 27 17:10:47 EST 2015

Den 27 jan 2015 21:05 skrev "Jerry Leichter" <leichter at lrw.com>:
> On Jan 27, 2015, at 5:08 AM, grarpamp <grarpamp at gmail.com> wrote:
> > With the abundance of even just passive adversaries
> > these days, the importance of cover traffic, fill, flooding,
> > chaff, however you call it can't be overstated as a
> > necessity if you wish to hide the endponts ot actual
> > traffic without playing too much that risky odds game.
> >
> > It amazes me that, while there are some papers
> > about it, no one appears to have actually produced
> > software for users to download, install and run, for a
> > working network based on it.

[... ]

> There's room to do much better.  For one thing, you don't need to
saturate your link with cover traffic - you need to send enough cover
traffic so that a listener can't tell the difference between cover and real

[... ]

> But is there a way to mix traffic from multiple users in a way that
requires large numbers of them to conspire to reveal anything?  The
mixmaster stuff looks at this specifically from the point of view of a
store-and-forward node - is there some suitable useful analogue on a single
link?  Can we somehow get the same guarantees without storage inside the
> Just as researchers, for many years, ignored denial of service attacks on
the theory that "We can't do much about them, but who would bother to make
such attacks anyway?", most modern work ignores traffic analysis as
"impractical".  Well ... we had to change our attitudes about DoS, and
we're now going to have to change our attitudes toward traffic analysis.


Quoting their description:

> Dissent's technical approach differs in two fundamental ways from the
traditional relay-based approaches used by systems such as Tor:

>   Dissent builds on dining cryptographers and verifiable shuffle
algorithms to offer provable anonymity guarantees, even in the face of
traffic analysis attacks, of the kinds likely to be feasible for
authoritarian governments and their state-controlled ISPs for example.

>   Dissent seeks to offer accountable anonymity, giving users strong
guarantees of anonymity while also protecting online groups or forums from
anonymous abuse such as spam, Sybil attacks, and sockpuppetry. Unlike other
systems, Dissent can guarantee that each user of an online forum gets
exactly one bandwidth share, one vote, or one pseudonym, which other users
can block in the event of misbehavior.

> Dissent offers group-oriented anonymous communication best suited for
broadcast communication: for example, bulletin boards, wikis, auctions, or
voting. Members of a group obtain cryptographic guarantees of sender and
receiver anonymity, message integrity, disruption resistance,
proportionality, and location hiding.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150127/20d88f14/attachment.html>

More information about the cryptography mailing list