[liberationtech] Jacob Appelbaum's Ultrasurf Report
Roger Dingledine
arma at mit.edu
Fri Apr 27 00:10:34 PDT 2012
On Thu, Apr 26, 2012 at 04:15:04AM +0100, StealthMonger wrote:
> If the channel has low latency, no hacking can conceal the packet
> timing and volume correlation at the endpoints. It is high random
> latency and thorough mixing that gain mixmaster its anonymity.
> Dingledine and company would agree.
Your "thorough mixing" phrase is critical here.
Once upon a time, when we were working on both Mixminion and Tor, we were
thinking of it as a tradeoff: Mixminion offers some protection against
end-to-end correlation attacks [1], but the price is high and variable
latency; whereas Tor offers basically no protection against somebody who
can measure [2] flows at both sides of the circuit, but it's a lot more
fun to use.
(Another price of the mix design is that you only get to send a fixed-size
relatively small message rather than have a bidirectional flow.)
So oversimplifying a bit, we thought we had a choice between "high
security, high latency" and "low security, low latency". But the trouble
is that while Mixminion's design can provide more safety in theory, it
needs the users before it can provide this safety in practice. Without
enough users sending messages to mix with, high and variable latency by
itself doesn't cut it.
So oversimplifying a bit more, the choice may be better viewed as "low
security, high latency" vs "low security, low latency". And that's a
much easier choice to make. See [3] for more discussion.
I haven't given up hope on end-to-end correlation resistance for
low-latency flow-based designs like Tor (but papers like [4] don't make me
optimistic for a quick fix). It's hard to see how we could end up with a
large enough and diverse enough population of Mixminion users to let it
fulfill its potential. Stay tuned to PETS [5] and related conferences,
but be patient.
--Roger
[1] http://freehaven.net/anonbib/#e2e-traffic
[2] I say "measure" rather than "observe" to cover cool latency/congestion
attacks like http://freehaven.net/anonbib/#tissec-latency-leak and
http://freehaven.net/anonbib/#congestion-longpaths
[3] http://freehaven.net/anonbib/#usability:weis2006
[4] http://freehaven.net/anonbib/#active-pet2010
[5] http://petsymposium.org/
More information about the liberationtech
mailing list