[Cryptography] A possible alternative to TOR and PrivaTegrity without backdoors

[Bill Cox]

This is an old idea, but perhaps now there might be more reason to consider
it.  I currently call this idea Alias.  Here's my dumb data-dump on it.
Thoughts?

Alias is a concept for a TOR-like Internet protocol supporting free speech
and user privacy, but without encouraging the worst evil behaviors.  Exit
Nodes are replaced with Public Gateways, which sponsor users.  The
definition of evil behavior is defined by the Public Gateways and operators
of routing nodes.  Users would be encouraged to use good behavior, as their
public alias would develop a reputation over time.  Anonymity would be
protected, but a user's Public Gateway and any routing node could refuse to
route data for aliases with poor reputations.

TOR was created with a lofty goal: to support free speech.  Unfortunately,
TOR has drawn attention from governments and law enforcement, as it could
be used to protect some of the worst activities, such as contract killing,
and the slave trade.  TOR Exit Node operators generally follow a strict
policy of never looking at traffic, because simply observing this traffic
would require Exit Node operators in most countries to regularly contact
law enforcement to report crimes.  PrivaTegrity is an alternative protocol
to TOR, which aims to find a balance between protecting free speech and
protecting the world from the worst behavior.  Unfortunately, the
PrivaTegrity inserts encryption backdoors.

Alias Design:

This is very much a dumb idea in the half-baked stage.  Feedback and ideas
are welcome.

Alias would be a fork of TOR, and route Internet traffic from a user's
machine through a couple of Routing Nodes, to a Public Gateway, which
replaces the Exit Node.  The Public Gateway would have an account for the
user, under a pseudonym used on Alias network by the user, called his
alias.  The Public Gateway should keep an email contact address for the
user, similar to regular accounts on various web sites.

In Alias, user aliases would have trackable reputations, and the
reputations of user aliases would be combined into a reputation for a
Public Gateway.  At a minimum, incident reports would be used to compute
user reputations.  Exactly how this works is TBD, but the goal is to cause
gateways with very poor reputations to be effectively blacklisted by
routing nodes, and for users with poor reputations to be dropped by
reputable gateways.  Users could move their alias from one gateway to
another when needed, but they could not erase what their previous gateway
knows about there identity.  The Gateway would not know a user's location,
and in many cases will know nothing other than the user's reputation and
email address.  When requested by a government authority, at a minimum, a
gateway can drop support for a user alias, causing that alias to try to
find a new gateway that will agree to sponsor it.

Participants who act as routing nodes in Alias would be able to select what
sort of reputations they require from aliases and Gateways to allow traffic
to be routed through them to those gateways.  They could, for example,
choose to not route data for any gateway with a high reputation for routing
to pornography sites.

I compare the TOR, PrivaTegrity, and Alias concepts in several "threat
cases" below:

Threat Case: Governments Overreact to Terrorism

In this case, we assume all the governments involved have decided to share
all user network traffic in a mass surveillance program.  The user Alice
has something to say, such as wanting to tell the world that the mass
surveillance program exists.

TOR:  Alice succeeds in using TOR to log into various blogging sites and
publishes her knowledge about the surveillance program.  Unfortunately, TOR
provides limited defense against the Men in Black (MiB), and Alice may be
arrested.  The MiB is assumed to compromise TOR in various ways, such as
operating many Exit Nodes and monitoring meta-data such as packet timing
and size between nodes.

PrivaTegrity:  With the assumption that all governments involved are
colluding, Alice is revealed directly, without having to subvert the
protocol.

Alias:  Alice needs a Public Gateway to sponsor her.  She can choose a
gateway with a reputation of sponsoring free speech, such various
newspapers, in a country that is not participating in the mass surveillance
program.  When Alice posts what she knows to various blogs, the Public
Gateway (newspaper in this case) will be the the one defending her
anonymity.  In any case, even if the newspaper is forced to reveal what
they know about Alice, they never knew her location.

Conclusion: Alias seems to provide better protection of free speech in this
case.

Threat Case: A Single Government Blackmails the Rest

Suppose one of the governments involved decides to use it’s influence in
the protocol to blackmail one or more of the other governments involved
into agreeing to some political agenda.

TOR: If the government were the USA, it might have unique powers to track
users through the TOR network.  If true, the USA could refuse to reveal a
French suspected terrorist unless the French government share mass
surveillance data collected on it’s citizens.  Is this sort of thinking too
paranoid?

PrivaTegrity:  With nine separate governments who must collude to expose a
user, it is possible for any one of the nine to blackmail the rest.  For
example, if tracking down a particular user is of critical importance to
one government, another could demand certain trade policies be agreed to
before allowing that user to be revealed.

Alias:  A country containing the Public Gateway sponsoring a user might
make political demands from another country before agreeing to force the
Public Gateway to reveal a user’s email address.  However, this coercion is
weaker than weaker than the TOR case because there is no country with
majority control, and weaker than the PrivaTegrity case because a
government can coerce cooperation only from Public Gateways in its country.

Conclusion: While none are immune to this threat, Alias seems to perform
better in this case.

Threat Case: Hackers Compromise the Network

In this case, a group of hackers wants to reveal the identity of a
particular user.

TOR: There is little chance that the attacker can hack all the nodes from
the user to the Exit Node, and since the Exit Node has no information about
the user, there seems to be little chance that the hacker can reveal the
user’s identity, short of bugs in the protocol.

PrivaTegrity:  While hackers might hack one or more of the nine
governments, it would be a considerable task for the hacker to hack them
all.  However, it is possible, and this is a weakness vs TOR.

Alias:  The hacker need only hack the user’s chosen Public Gateway, which
is a considerably simpler task than with PrivaTegrity.

Conclusion:  Hackability of Public Gateways is a significant weakness for
Alias compared to the other two.

Threat Case:  Evil Users Secretly Collude

In this case, suppose there is strong evidence that several evil users
wants to collude to do something terrible, and they want to communicate
anonymously.  For example, they could be running a contract-killing
business or enslaving people and selling them on the Dark Web.

TOR:  Unfortunately, evil behaviors have been enabled in some cases over
TOR.

PrivaTegrity:  The users involved in such evil activities can have their
communication secretly wiretapped.  This is a strong capability for law
enforcement in this case.

Alias: Assuming reputable Public Gateways are used, most of the users’
emails would be revealed to law enforcement.  This is weaker than a wiretap.

Conclusion: In the case of severe evil, PrivaTegrity performs the best,
Alias next best, and TOR the worst.

Threat Case:  Somewhat Evil Users Secretly Collude

What is evil vs good is highly subjective, and getting people to agree can
be difficult.  In this case, the users are engaged in what most reasonable
people consider evil.  For example, consider illegal trade in ivory, which
could lead to the extinction of wild elephants.

TOR:  Users trading in ivory likely would benefit from using TOR.

PrivaTegrity:  Having to get cooperation from nine governments may be too
painful when tracking down a single ivory trader, and the ivory trader
likely could use PrivaTegrity to their advantage.  If, on the other hand,
the nine governments put in place a rapid rubber-stamp process to enable
going after small-time criminals, then this capability can be highly abused.

Alias:  Ivory traders would avoid using Alias through reputable Public
Gateways, since their identities could easily be revealed¸ and the sites
the traders visit to buy/sell ivory would not likely be very reputable,
lowering their alias' reputation.

Conclusion: Alias seems to perform better at determine somewhat evil
behaviors.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160110/4f08a099/attachment.html>