On Friday 04 January 2008 00:50, Michael Rogers wrote: > Matthew Toseland wrote: > >> Right, but that's also the case at the moment: if requests travel n hops > >> on average then there's a 1/n chance that the previous hop is the > >> initiator. I don't see how you can get away from that without onion routing. > > > > Indeed. Which is why afaics we need onion routing. Would tunneling without > > onion routing increase our vulnerability? It looks like it might to me. > > How would it increase our vulnerability? The attacker already knows > there's a high probability that the previous hop is the initiator. But > currently, the attacker gets one sample per request. With tunneling, the > attacker would get one sample per tunnel.
Hmm, maybe you are right. There are two things that potentially increase our vulnerability: - The tunnel length is likely to be shorter than the routing length. So P(predecessor = originator) drops from 1/routing length to 1/tunnel length - say 1 in 15 down to 1 in 5. Routing length is very long at the moment for failed requests, maybe too long because of perverse topology. So you need fewer samples. - The attacker can link two tunnels with a greater confidence than two requests. Right? So again you need fewer samples. On the other hand, you would have a *lot* fewer samples to work with than with requests. So probably it is better. Hmmm... I had thought that if the attacker sees two tunnels for the same request out of the same node that he can be certain that is the originator. But this isn't really true, if the tunnels are random. > > > Sure, and from time to time they will be DoSed and they will have to reroute. > > Or they will route through a series of overloaded nodes and have to reroute. > > Even here we end up with multiple tunnels. > > Yup, we can't avoid rebuilding failed tunnels, but as long as each > tunnel carries more than one request on average it's still an > improvement over the current situation (at least in terms of anonymity - > obviously there's a cost in terms of hop count). > > > Yes but swapping already requires we reveal a lot of the topology, that's not > > a big deal IMHO. > > The information in swap requests can be more or less anonymised, can't > it? (Locations but no long-term node IDs, maybe a weighted coin instead > of a hop counter?) Yes, but a clever attacker can reconstruct the topology for a few hops without too much difficulty. It's messy, I haven't come up with a good algorithm yet, but I haven't really tried: there should be one. > > > It partly depends on what you think about local attackers - > > without premix routing, local attackers are extremely powerful. > > Tunnels should slow down local statistical attacks. > > Cheers, > Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080104/cc391d84/attachment.pgp>
