On Thu, Apr 26, 2012 at 04:15:04AM +0100, StealthMonger wrote: > If the channel has low latency, no hacking can conceal the packet > timing and volume correlation at the endpoints. It is high random > latency and thorough mixing that gain mixmaster its anonymity. > Dingledine and company would agree.
Your "thorough mixing" phrase is critical here. Once upon a time, when we were working on both Mixminion and Tor, we were thinking of it as a tradeoff: Mixminion offers some protection against end-to-end correlation attacks [1], but the price is high and variable latency; whereas Tor offers basically no protection against somebody who can measure [2] flows at both sides of the circuit, but it's a lot more fun to use. (Another price of the mix design is that you only get to send a fixed-size relatively small message rather than have a bidirectional flow.) So oversimplifying a bit, we thought we had a choice between "high security, high latency" and "low security, low latency". But the trouble is that while Mixminion's design can provide more safety in theory, it needs the users before it can provide this safety in practice. Without enough users sending messages to mix with, high and variable latency by itself doesn't cut it. So oversimplifying a bit more, the choice may be better viewed as "low security, high latency" vs "low security, low latency". And that's a much easier choice to make. See [3] for more discussion. I haven't given up hope on end-to-end correlation resistance for low-latency flow-based designs like Tor (but papers like [4] don't make me optimistic for a quick fix). It's hard to see how we could end up with a large enough and diverse enough population of Mixminion users to let it fulfill its potential. Stay tuned to PETS [5] and related conferences, but be patient. --Roger [1] http://freehaven.net/anonbib/#e2e-traffic [2] I say "measure" rather than "observe" to cover cool latency/congestion attacks like http://freehaven.net/anonbib/#tissec-latency-leak and http://freehaven.net/anonbib/#congestion-longpaths [3] http://freehaven.net/anonbib/#usability:weis2006 [4] http://freehaven.net/anonbib/#active-pet2010 [5] http://petsymposium.org/ _______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
