mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
resolve references
svn:r3521
This commit is contained in:
parent
7740a687ad
commit
4174bf9cbd
@ -26,7 +26,7 @@
|
||||
\begin{abstract}
|
||||
|
||||
We describe our experiences with deploying Tor, a low-latency anonymous
|
||||
communication system that has been funded both by the U.S.~government
|
||||
communication system that has been funded both by the U.S.~Navy
|
||||
and also by the Electronic Frontier Foundation.
|
||||
|
||||
Because of its simplified threat model, Tor does not aim to defend
|
||||
@ -73,7 +73,7 @@ who don't want to reveal information to their competitors, and law
|
||||
enforcement and government intelligence agencies who need
|
||||
to do operations on the Internet without being noticed.
|
||||
|
||||
Tor research and development has been funded by the U.S. Navy, for use
|
||||
Tor research and development has been funded by the U.S.~Navy, for use
|
||||
in securing government
|
||||
communications, and also by the Electronic Frontier Foundation, for use
|
||||
in maintaining civil liberties for ordinary citizens online. The Tor
|
||||
@ -215,7 +215,7 @@ to join the network.
|
||||
|
||||
Tor is not the only anonymity system that aims to be practical and useful.
|
||||
Commercial single-hop proxies~\cite{anonymizer}, as well as unsecured
|
||||
open proxies around the Internet~\cite{open-proxies}, can provide good
|
||||
open proxies around the Internet, can provide good
|
||||
performance and some security against a weaker attacker. Dresden's Java
|
||||
Anon Proxy~\cite{web-mix} provides similar functionality to Tor but only
|
||||
handles web browsing rather than arbitrary TCP\@. Also, JAP's network
|
||||
@ -250,12 +250,12 @@ seems overkill (and/or insecure) based on the threat model we've picked.
|
||||
|
||||
Tor does not attempt to defend against a global observer. Any adversary who
|
||||
can see a user's connection to the Tor network, and who can see the
|
||||
corresponding connection as it exits the Tor network, can use the timing
|
||||
correlation between the two connections to confirm the user's chosen
|
||||
corresponding connection as it exits the Tor network, can use timing
|
||||
correlation to confirm the user's chosen
|
||||
communication partners. Defeating this attack would seem to require
|
||||
introducing a prohibitive degree of traffic padding between the user and the
|
||||
network, or introducing an unacceptable degree of latency (but see
|
||||
Section \ref{subsec:mid-latency}).
|
||||
Section \ref{subsec:mid-latency}).
|
||||
And, it is not clear that padding works at all if we assume a
|
||||
minimally active adversary that merely modifies the timing of packets
|
||||
to or from the user. Thus, Tor only attempts to defend against
|
||||
@ -380,9 +380,9 @@ Mixminion, where the threat model is based on mixing messages with each
|
||||
other, there's an arms race between end-to-end statistical attacks and
|
||||
counter-strategies~\cite{statistical-disclosure,minion-design,e2e-traffic,trickle02}.
|
||||
But for low-latency systems like Tor, end-to-end \emph{traffic
|
||||
confirmation} attacks~\cite{danezis-pet2004,SS03,defensive-dropping}
|
||||
correlation} attacks~\cite{danezis-pet2004,SS03,defensive-dropping}
|
||||
allow an attacker who watches or controls both ends of a communication
|
||||
to use statistics to correlate packet timing and volume, quickly linking
|
||||
to use statistics to match packet timing and volume, quickly linking
|
||||
the initiator to her destination. This is why Tor's threat model is
|
||||
based on preventing the adversary from observing both the initiator and
|
||||
the responder.
|
||||
@ -742,7 +742,7 @@ transport a greater variety of protocols.
|
||||
Though Tor has always been designed to be practical and usable first
|
||||
with as much anonymity as can be built in subject to those goals, we
|
||||
have contemplated that users might need resistance to at least simple
|
||||
traffic confirmation attacks. Higher-latency mix-networks resist these
|
||||
traffic correlation attacks. Higher-latency mix-networks resist these
|
||||
attacks by introducing variability into message arrival times in order to
|
||||
suppress timing correlation. Thus, it seems worthwhile to consider the
|
||||
whether we can improving Tor's anonymity by introducing batching and delaying
|
||||
@ -796,7 +796,7 @@ Section~\ref{subsec:tcp-vs-ip}). Instead, batch timing would be obscured by
|
||||
synchronizing batches at the link level, and there would
|
||||
be no direct attempt to synchronize all batches
|
||||
entering the Tor network at the same time.
|
||||
%Alternatively, if end-to-end traffic confirmation is the
|
||||
%Alternatively, if end-to-end traffic correlation is the
|
||||
%concern, there is little point in mixing.
|
||||
% Why not?? -NM
|
||||
It might also be feasible to
|
||||
@ -811,11 +811,11 @@ mid-latency option; however, we should continue the caution with which
|
||||
we have always approached padding lest the overhead cost us too much
|
||||
performance or too many volunteers.
|
||||
|
||||
The distinction between traffic confirmation and traffic analysis is
|
||||
The distinction between traffic correlation and traffic analysis is
|
||||
not as cut and dried as we might wish. In \cite{hintz-pet02} it was
|
||||
shown that if data volumes of various popular
|
||||
responder destinations are catalogued, it may not be necessary to
|
||||
observe both ends of a stream to confirm a source-destination link.
|
||||
observe both ends of a stream to learn a source-destination link.
|
||||
This should be fairly effective without simultaneously observing both
|
||||
ends of the connection. However, it is still essentially confirming
|
||||
suspected communicants where the responder suspects are ``stored'' rather
|
||||
@ -1012,7 +1012,7 @@ leak the fact that Alice {\it sometimes} talks to Bob as it is to leak the times
|
||||
when Alice is {\it actually} talking to Bob.)
|
||||
|
||||
|
||||
One solution to this problem is to use ``helper nodes''~\cite{helpers}---to
|
||||
One solution to this problem is to use ``helper nodes''~\cite{wright02,wright03}---to
|
||||
have each client choose a few fixed servers for critical positions in her
|
||||
circuits. That is, Alice might choose some server H1 as her preferred
|
||||
entry, so that unless the attacker happens to control or observe her
|
||||
@ -1345,8 +1345,8 @@ their country. These users try to find any tools available to allow
|
||||
them to get-around these firewalls. Some anonymity networks, such as
|
||||
Six-Four~\cite{six-four}, are designed specifically with this goal in
|
||||
mind; others like the Anonymizer~\cite{anonymizer} are paid by sponsors
|
||||
such as Voice of America to set up a network to encourage `Internet
|
||||
freedom'~\cite{voice-of-america-anonymizer}. Even though Tor wasn't
|
||||
such as Voice of America to set up a network to encourage Internet
|
||||
freedom. Even though Tor wasn't
|
||||
designed with ubiquitous access to the network in mind, thousands of
|
||||
users across the world are trying to use it for exactly this purpose.
|
||||
% Academic and NGO organizations, peacefire, \cite{berkman}, etc
|
||||
@ -1427,7 +1427,7 @@ servers, by reducing the interconnectivity of the nodes; later we can reduce
|
||||
overhead associated withy directories, discovery, and so on.
|
||||
|
||||
By reducing the connectivity of the network we increase the total number of
|
||||
nodes that the network can contain. Danezis~\cite{danezis-pet03} considers
|
||||
nodes that the network can contain. Danezis~\cite{danezis-pets03} considers
|
||||
the anonymity implications of restricting routes on mix networks, and
|
||||
recommends an approach based on expander graphs (where any subgraph is likely
|
||||
to have many neighbors). It is not immediately clear that this approach will
|
||||
|
@ -18,44 +18,44 @@
|
||||
}
|
||||
@inproceedings{kesdogan:pet2002,
|
||||
title = {Unobservable Surfing on the World Wide Web: Is Private Information Retrieval an
|
||||
alternative to the MIX based Approach?},
|
||||
author = {Dogan Kesdogan and Mark Borning and Michael Schmeink},
|
||||
alternative to the MIX based Approach?},
|
||||
author = {Dogan Kesdogan and Mark Borning and Michael Schmeink},
|
||||
booktitle = {Privacy Enhancing Technologies (PET 2002)},
|
||||
year = {2002},
|
||||
month = {April},
|
||||
editor = {Roger Dingledine and Paul Syverson},
|
||||
publisher = {Springer-Verlag, LNCS 2482},
|
||||
year = {2002},
|
||||
month = {April},
|
||||
editor = {Roger Dingledine and Paul Syverson},
|
||||
publisher = {Springer-Verlag, LNCS 2482},
|
||||
}
|
||||
|
||||
@inproceedings{statistical-disclosure,
|
||||
title = {Statistical Disclosure Attacks},
|
||||
author = {George Danezis},
|
||||
booktitle = {Security and Privacy in the Age of Uncertainty ({SEC2003})},
|
||||
organization = {{IFIP TC11}},
|
||||
year = {2003},
|
||||
month = {May},
|
||||
address = {Athens},
|
||||
pages = {421--426},
|
||||
publisher = {Kluwer},
|
||||
title = {Statistical Disclosure Attacks},
|
||||
author = {George Danezis},
|
||||
booktitle = {Security and Privacy in the Age of Uncertainty ({SEC2003})},
|
||||
organization = {{IFIP TC11}},
|
||||
year = {2003},
|
||||
month = {May},
|
||||
address = {Athens},
|
||||
pages = {421--426},
|
||||
publisher = {Kluwer},
|
||||
}
|
||||
|
||||
@inproceedings{limits-open,
|
||||
title = {Limits of Anonymity in Open Environments},
|
||||
author = {Dogan Kesdogan and Dakshi Agrawal and Stefan Penz},
|
||||
booktitle = {Information Hiding Workshop (IH 2002)},
|
||||
year = {2002},
|
||||
month = {October},
|
||||
editor = {Fabien Petitcolas},
|
||||
publisher = {Springer-Verlag, LNCS 2578},
|
||||
title = {Limits of Anonymity in Open Environments},
|
||||
author = {Dogan Kesdogan and Dakshi Agrawal and Stefan Penz},
|
||||
booktitle = {Information Hiding Workshop (IH 2002)},
|
||||
year = {2002},
|
||||
month = {October},
|
||||
editor = {Fabien Petitcolas},
|
||||
publisher = {Springer-Verlag, LNCS 2578},
|
||||
}
|
||||
|
||||
@inproceedings{isdn-mixes,
|
||||
title = {{ISDN-mixes: Untraceable communication with very small bandwidth overhead}},
|
||||
author = {Andreas Pfitzmann and Birgit Pfitzmann and Michael Waidner},
|
||||
booktitle = {GI/ITG Conference on Communication in Distributed Systems},
|
||||
year = {1991},
|
||||
month = {February},
|
||||
pages = {451-463},
|
||||
title = {{ISDN-mixes: Untraceable communication with very small bandwidth overhead}},
|
||||
author = {Andreas Pfitzmann and Birgit Pfitzmann and Michael Waidner},
|
||||
booktitle = {GI/ITG Conference on Communication in Distributed Systems},
|
||||
year = {1991},
|
||||
month = {February},
|
||||
pages = {451-463},
|
||||
}
|
||||
|
||||
|
||||
@ -72,21 +72,21 @@
|
||||
}
|
||||
|
||||
@inproceedings{tarzan:ccs02,
|
||||
title = {Tarzan: A Peer-to-Peer Anonymizing Network Layer},
|
||||
author = {Michael J. Freedman and Robert Morris},
|
||||
title = {Tarzan: A Peer-to-Peer Anonymizing Network Layer},
|
||||
author = {Michael J. Freedman and Robert Morris},
|
||||
booktitle = {9th {ACM} {C}onference on {C}omputer and {C}ommunications
|
||||
{S}ecurity ({CCS 2002})},
|
||||
year = {2002},
|
||||
month = {November},
|
||||
address = {Washington, DC},
|
||||
{S}ecurity ({CCS 2002})},
|
||||
year = {2002},
|
||||
month = {November},
|
||||
address = {Washington, DC},
|
||||
}
|
||||
|
||||
@inproceedings{cebolla,
|
||||
title = {{Cebolla: Pragmatic IP Anonymity}},
|
||||
author = {Zach Brown},
|
||||
booktitle = {Ottawa Linux Symposium},
|
||||
year = {2002},
|
||||
month = {June},
|
||||
title = {{Cebolla: Pragmatic IP Anonymity}},
|
||||
author = {Zach Brown},
|
||||
booktitle = {Ottawa Linux Symposium},
|
||||
year = {2002},
|
||||
month = {June},
|
||||
}
|
||||
|
||||
@inproceedings{eax,
|
||||
@ -117,24 +117,24 @@
|
||||
}
|
||||
|
||||
@inproceedings{anonnet,
|
||||
title = {{Analysis of an Anonymity Network for Web Browsing}},
|
||||
title = {{Analysis of an Anonymity Network for Web Browsing}},
|
||||
author = {Marc Rennhard and Sandro Rafaeli and Laurent Mathy and Bernhard Plattner and
|
||||
David Hutchison},
|
||||
David Hutchison},
|
||||
booktitle = {{IEEE 7th Intl. Workshop on Enterprise Security (WET ICE
|
||||
2002)}},
|
||||
year = {2002},
|
||||
month = {June},
|
||||
address = {Pittsburgh, USA},
|
||||
2002)}},
|
||||
year = {2002},
|
||||
month = {June},
|
||||
address = {Pittsburgh, USA},
|
||||
}
|
||||
% pages = {49--54},
|
||||
% pages = {49--54},
|
||||
|
||||
@inproceedings{econymics,
|
||||
title = {On the Economics of Anonymity},
|
||||
author = {Alessandro Acquisti and Roger Dingledine and Paul Syverson},
|
||||
booktitle = {Financial Cryptography},
|
||||
year = {2003},
|
||||
editor = {Rebecca N. Wright},
|
||||
publisher = {Springer-Verlag, LNCS 2742},
|
||||
title = {On the Economics of Anonymity},
|
||||
author = {Alessandro Acquisti and Roger Dingledine and Paul Syverson},
|
||||
booktitle = {Financial Cryptography},
|
||||
year = {2003},
|
||||
editor = {Rebecca N. Wright},
|
||||
publisher = {Springer-Verlag, LNCS 2742},
|
||||
}
|
||||
|
||||
@inproceedings{defensive-dropping,
|
||||
@ -156,24 +156,24 @@
|
||||
}
|
||||
|
||||
@inproceedings{eternity,
|
||||
title = {The Eternity Service},
|
||||
author = {Ross Anderson},
|
||||
booktitle = {Pragocrypt '96},
|
||||
year = {1996},
|
||||
title = {The Eternity Service},
|
||||
author = {Ross Anderson},
|
||||
booktitle = {Pragocrypt '96},
|
||||
year = {1996},
|
||||
}
|
||||
%note = {\url{http://www.cl.cam.ac.uk/users/rja14/eternity/eternity.html}},
|
||||
%note = {\url{http://www.cl.cam.ac.uk/users/rja14/eternity/eternity.html}},
|
||||
|
||||
|
||||
@inproceedings{minion-design,
|
||||
title = {Mixminion: Design of a Type {III} Anonymous Remailer Protocol},
|
||||
author = {George Danezis and Roger Dingledine and Nick Mathewson},
|
||||
booktitle = {2003 IEEE Symposium on Security and Privacy},
|
||||
year = {2003},
|
||||
title = {Mixminion: Design of a Type {III} Anonymous Remailer Protocol},
|
||||
author = {George Danezis and Roger Dingledine and Nick Mathewson},
|
||||
booktitle = {2003 IEEE Symposium on Security and Privacy},
|
||||
year = {2003},
|
||||
month = {May},
|
||||
publisher = {IEEE CS},
|
||||
pages = {2--15},
|
||||
pages = {2--15},
|
||||
}
|
||||
%note = {\url{http://mixminion.net/minion-design.pdf}},
|
||||
%note = {\url{http://mixminion.net/minion-design.pdf}},
|
||||
|
||||
@inproceedings{ rao-pseudonymity,
|
||||
author = "Josyula R. Rao and Pankaj Rohatgi",
|
||||
@ -245,9 +245,9 @@
|
||||
@InProceedings{raymond00,
|
||||
author = {J. F. Raymond},
|
||||
title = {{Traffic Analysis: Protocols, Attacks, Design Issues,
|
||||
and Open Problems}},
|
||||
and Open Problems}},
|
||||
booktitle = {Designing Privacy Enhancing Technologies: Workshop
|
||||
on Design Issue in Anonymity and Unobservability},
|
||||
on Design Issue in Anonymity and Unobservability},
|
||||
year = 2000,
|
||||
month = {July},
|
||||
pages = {10-29},
|
||||
@ -310,7 +310,7 @@
|
||||
author = {Paul Syverson and Michael Reed and David Goldschlag},
|
||||
title = {{O}nion {R}outing Access Configurations},
|
||||
booktitle = {DARPA Information Survivability Conference and
|
||||
Exposition (DISCEX 2000)},
|
||||
Exposition (DISCEX 2000)},
|
||||
year = {2000},
|
||||
publisher = {IEEE CS Press},
|
||||
pages = {34--40},
|
||||
@ -321,7 +321,7 @@
|
||||
@Inproceedings{or-pet00,
|
||||
title = {{Towards an Analysis of Onion Routing Security}},
|
||||
author = {Paul Syverson and Gene Tsudik and Michael Reed and
|
||||
Carl Landwehr},
|
||||
Carl Landwehr},
|
||||
booktitle = {Designing Privacy Enhancing Technologies: Workshop
|
||||
on Design Issue in Anonymity and Unobservability},
|
||||
year = 2000,
|
||||
@ -334,9 +334,9 @@
|
||||
|
||||
@Inproceedings{freenet-pets00,
|
||||
title = {Freenet: A Distributed Anonymous Information Storage
|
||||
and Retrieval System},
|
||||
and Retrieval System},
|
||||
author = {Ian Clarke and Oskar Sandberg and Brandon Wiley and
|
||||
Theodore W. Hong},
|
||||
Theodore W. Hong},
|
||||
booktitle = {Designing Privacy Enhancing Technologies: Workshop
|
||||
on Design Issue in Anonymity and Unobservability},
|
||||
year = 2000,
|
||||
@ -349,7 +349,7 @@
|
||||
|
||||
@InProceedings{or-ih96,
|
||||
author = {David M. Goldschlag and Michael G. Reed and Paul
|
||||
F. Syverson},
|
||||
F. Syverson},
|
||||
title = {Hiding Routing Information},
|
||||
booktitle = {Information Hiding, First International Workshop},
|
||||
pages = {137--150},
|
||||
@ -362,7 +362,7 @@
|
||||
@InProceedings{federrath-ih96,
|
||||
author = {Hannes Federrath and Anja Jerichow and Andreas Pfitzmann},
|
||||
title = {{MIXes} in Mobile Communication Systems: Location
|
||||
Management with Privacy},
|
||||
Management with Privacy},
|
||||
booktitle = {Information Hiding, First International Workshop},
|
||||
pages = {121--135},
|
||||
year = 1996,
|
||||
@ -374,7 +374,7 @@
|
||||
|
||||
@InProceedings{reed-protocols97,
|
||||
author = {Michael G. Reed and Paul F. Syverson and David
|
||||
M. Goldschlag},
|
||||
M. Goldschlag},
|
||||
title = {Protocols Using Anonymous Connections: Mobile Applications},
|
||||
booktitle = {Security Protocols: 5th International Workshop},
|
||||
pages = {13--23},
|
||||
@ -389,7 +389,7 @@
|
||||
|
||||
@Article{or-jsac98,
|
||||
author = {Michael G. Reed and Paul F. Syverson and David
|
||||
M. Goldschlag},
|
||||
M. Goldschlag},
|
||||
title = {Anonymous Connections and Onion Routing},
|
||||
journal = {IEEE Journal on Selected Areas in Communications},
|
||||
year = 1998,
|
||||
@ -428,13 +428,13 @@
|
||||
}
|
||||
|
||||
@misc{pipenet,
|
||||
title = {PipeNet 1.1},
|
||||
author = {Wei Dai},
|
||||
year = 1996,
|
||||
month = {August},
|
||||
howpublished = {Usenet post},
|
||||
title = {PipeNet 1.1},
|
||||
author = {Wei Dai},
|
||||
year = 1996,
|
||||
month = {August},
|
||||
howpublished = {Usenet post},
|
||||
note = {\url{http://www.eskimo.com/~weidai/pipenet.txt} First mentioned
|
||||
in a post to the cypherpunks list, Feb.\ 1995.},
|
||||
in a post to the cypherpunks list, Feb.\ 1995.},
|
||||
}
|
||||
|
||||
|
||||
@ -485,7 +485,7 @@
|
||||
@InProceedings{web-mix,
|
||||
author = {Oliver Berthold and Hannes Federrath and Stefan K\"opsell},
|
||||
title = {Web {MIX}es: A system for anonymous and unobservable
|
||||
{I}nternet access},
|
||||
{I}nternet access},
|
||||
booktitle = {Designing Privacy Enhancing Technologies: Workshop
|
||||
on Design Issue in Anonymity and Unobservability},
|
||||
editor = {H. Federrath},
|
||||
@ -497,7 +497,7 @@
|
||||
@InProceedings{disad-free-routes,
|
||||
author = {Oliver Berthold and Andreas Pfitzmann and Ronny Standtke},
|
||||
title = {The disadvantages of free {MIX} routes and how to overcome
|
||||
them},
|
||||
them},
|
||||
booktitle = {Designing Privacy Enhancing Technologies: Workshop
|
||||
on Design Issue in Anonymity and Unobservability},
|
||||
pages = {30--45},
|
||||
@ -576,7 +576,7 @@
|
||||
|
||||
@Misc{mixmaster-spec,
|
||||
author = {Ulf M{\"o}ller and Lance Cottrell and Peter
|
||||
Palfrader and Len Sassaman},
|
||||
Palfrader and Len Sassaman},
|
||||
title = {Mixmaster {P}rotocol --- {V}ersion 2},
|
||||
year = {2003},
|
||||
month = {July},
|
||||
@ -613,7 +613,7 @@
|
||||
@InProceedings{oreilly-acc,
|
||||
author = {Roger Dingledine and Michael J. Freedman and David Molnar},
|
||||
title = {Accountability},
|
||||
booktitle = {Peer-to-peer: Harnessing the Benefits of a Disruptive
|
||||
booktitle = {Peer-to-peer: Harnessing the Benefits of a Disruptive
|
||||
Technology},
|
||||
year = {2001},
|
||||
publisher = {O'Reilly and Associates},
|
||||
@ -694,7 +694,7 @@
|
||||
|
||||
@InProceedings{kesdogan,
|
||||
author = {D. Kesdogan and M. Egner and T. B\"uschkes},
|
||||
title = {Stop-and-Go {MIX}es Providing Probabilistic Anonymity in an Open
|
||||
title = {Stop-and-Go {MIX}es Providing Probabilistic Anonymity in an Open
|
||||
System},
|
||||
booktitle = {Information Hiding (IH 1998)},
|
||||
year = {1998},
|
||||
@ -706,7 +706,7 @@
|
||||
author = {David Koblas and Michelle R. Koblas},
|
||||
title = {{SOCKS}},
|
||||
booktitle = {UNIX Security III Symposium (1992 USENIX Security
|
||||
Symposium)},
|
||||
Symposium)},
|
||||
pages = {77--83},
|
||||
year = 1992,
|
||||
publisher = {USENIX},
|
||||
@ -740,15 +740,15 @@
|
||||
note = {\newline \url{http://www-cse.ucsd.edu/users/mihir/papers/oaep.html}},
|
||||
}
|
||||
@inproceedings{babel,
|
||||
title = {Mixing {E}-mail With {B}abel},
|
||||
author = {Ceki G\"ulc\"u and Gene Tsudik},
|
||||
booktitle = {{Network and Distributed Security Symposium (NDSS 96)}},
|
||||
year = 1996,
|
||||
month = {February},
|
||||
pages = {2--16},
|
||||
publisher = {IEEE},
|
||||
title = {Mixing {E}-mail With {B}abel},
|
||||
author = {Ceki G\"ulc\"u and Gene Tsudik},
|
||||
booktitle = {{Network and Distributed Security Symposium (NDSS 96)}},
|
||||
year = 1996,
|
||||
month = {February},
|
||||
pages = {2--16},
|
||||
publisher = {IEEE},
|
||||
}
|
||||
%note = {\url{http://citeseer.nj.nec.com/2254.html}},
|
||||
%note = {\url{http://citeseer.nj.nec.com/2254.html}},
|
||||
|
||||
@Misc{rprocess,
|
||||
author = {RProcess},
|
||||
@ -779,7 +779,7 @@
|
||||
%note = {\url{http://www.eskimo.com/~weidai/mix-net.txt}},
|
||||
|
||||
@InProceedings{nym-alias-net,
|
||||
author = {David Mazi\`{e}res and M. Frans Kaashoek},
|
||||
author = {David Mazi\`{e}res and M. Frans Kaashoek},
|
||||
title = {{The Design, Implementation and Operation of an Email
|
||||
Pseudonym Server}},
|
||||
booktitle = {$5^{th}$ ACM Conference on Computer and
|
||||
@ -792,7 +792,7 @@
|
||||
@InProceedings{tangler,
|
||||
author = {Marc Waldman and David Mazi\`{e}res},
|
||||
title = {Tangler: A Censorship-Resistant Publishing System
|
||||
Based on Document Entanglements},
|
||||
Based on Document Entanglements},
|
||||
booktitle = {$8^{th}$ ACM Conference on Computer and
|
||||
Communications Security (CCS-8)},
|
||||
pages = {86--135},
|
||||
@ -803,14 +803,14 @@
|
||||
|
||||
@misc{neochaum,
|
||||
author = {Tim May},
|
||||
title = {Payment mixes for anonymity},
|
||||
title = {Payment mixes for anonymity},
|
||||
howpublished = {E-mail archived at
|
||||
\url{http://\newline www.inet-one.com/cypherpunks/dir.2000.02.28-2000.03.05/msg00334.html}},
|
||||
}
|
||||
|
||||
@misc{helsingius,
|
||||
@misc{helsingius,
|
||||
author = {J. Helsingius},
|
||||
title = {{\tt anon.penet.fi} press release},
|
||||
title = {{\tt anon.penet.fi} press release},
|
||||
note = {\newline \url{http://www.penet.fi/press-english.html}},
|
||||
}
|
||||
|
||||
@ -871,13 +871,13 @@
|
||||
}
|
||||
|
||||
@Misc{advogato,
|
||||
author = {Raph Levien},
|
||||
author = {Raph Levien},
|
||||
title = {Advogato's Trust Metric},
|
||||
note = {\newline \url{http://www.advogato.org/trust-metric.html}},
|
||||
}
|
||||
|
||||
@InProceedings{publius,
|
||||
author = {Marc Waldman and Aviel Rubin and Lorrie Cranor},
|
||||
author = {Marc Waldman and Aviel Rubin and Lorrie Cranor},
|
||||
title = {Publius: {A} robust, tamper-evident, censorship-resistant and
|
||||
source-anonymous web publishing system},
|
||||
booktitle = {Proc. 9th USENIX Security Symposium},
|
||||
@ -897,22 +897,22 @@
|
||||
}
|
||||
|
||||
@techreport{freedom2-arch,
|
||||
title = {Freedom Systems 2.0 Architecture},
|
||||
author = {Philippe Boucher and Adam Shostack and Ian Goldberg},
|
||||
institution = {Zero Knowledge Systems, {Inc.}},
|
||||
year = {2000},
|
||||
month = {December},
|
||||
type = {White Paper},
|
||||
day = {18},
|
||||
title = {Freedom Systems 2.0 Architecture},
|
||||
author = {Philippe Boucher and Adam Shostack and Ian Goldberg},
|
||||
institution = {Zero Knowledge Systems, {Inc.}},
|
||||
year = {2000},
|
||||
month = {December},
|
||||
type = {White Paper},
|
||||
day = {18},
|
||||
}
|
||||
|
||||
@techreport{freedom21-security,
|
||||
title = {Freedom Systems 2.1 Security Issues and Analysis},
|
||||
author = {Adam Back and Ian Goldberg and Adam Shostack},
|
||||
institution = {Zero Knowledge Systems, {Inc.}},
|
||||
year = {2001},
|
||||
month = {May},
|
||||
type = {White Paper},
|
||||
title = {Freedom Systems 2.1 Security Issues and Analysis},
|
||||
author = {Adam Back and Ian Goldberg and Adam Shostack},
|
||||
institution = {Zero Knowledge Systems, {Inc.}},
|
||||
year = {2001},
|
||||
month = {May},
|
||||
type = {White Paper},
|
||||
}
|
||||
|
||||
@inproceedings{cfs:sosp01,
|
||||
@ -925,12 +925,12 @@
|
||||
}
|
||||
|
||||
@inproceedings{SS03,
|
||||
title = {Passive Attack Analysis for Connection-Based Anonymity Systems},
|
||||
author = {Andrei Serjantov and Peter Sewell},
|
||||
booktitle = {Computer Security -- ESORICS 2003},
|
||||
title = {Passive Attack Analysis for Connection-Based Anonymity Systems},
|
||||
author = {Andrei Serjantov and Peter Sewell},
|
||||
booktitle = {Computer Security -- ESORICS 2003},
|
||||
publisher = {Springer-Verlag, LNCS 2808},
|
||||
year = {2003},
|
||||
month = {October},
|
||||
year = {2003},
|
||||
month = {October},
|
||||
}
|
||||
%note = {\url{http://www.cl.cam.ac.uk/users/aas23/papers_aas/conn_sys.ps}},
|
||||
|
||||
@ -945,7 +945,7 @@
|
||||
}
|
||||
|
||||
|
||||
@InProceedings{mix-acc,
|
||||
@InProceedings{mix-acc,
|
||||
author = {Roger Dingledine and Michael J. Freedman and David
|
||||
Hopwood and David Molnar},
|
||||
title = {{A Reputation System to Increase MIX-net
|
||||
@ -980,7 +980,7 @@
|
||||
|
||||
@Misc{realtime-mix,
|
||||
author = {Anja Jerichow and Jan M\"uller and Andreas Pfitzmann and
|
||||
Birgit Pfitzmann and Michael Waidner},
|
||||
Birgit Pfitzmann and Michael Waidner},
|
||||
title = {{Real-Time MIXes: A Bandwidth-Efficient Anonymity Protocol}},
|
||||
howpublished = {IEEE Journal on Selected Areas in Communications, 1998.},
|
||||
note = {\url{http://www.zurich.ibm.com/security/publications/1998.html}},
|
||||
@ -1034,11 +1034,11 @@
|
||||
}
|
||||
|
||||
@phdthesis{ian-thesis,
|
||||
title = {A Pseudonymous Communications Infrastructure for the Internet},
|
||||
author = {Ian Goldberg},
|
||||
school = {UC Berkeley},
|
||||
year = {2000},
|
||||
month = {Dec},
|
||||
title = {A Pseudonymous Communications Infrastructure for the Internet},
|
||||
author = {Ian Goldberg},
|
||||
school = {UC Berkeley},
|
||||
year = {2000},
|
||||
month = {Dec},
|
||||
}
|
||||
|
||||
@Article{taz,
|
||||
@ -1061,22 +1061,22 @@
|
||||
}
|
||||
|
||||
@inproceedings{wright02,
|
||||
title = {An Analysis of the Degradation of Anonymous Protocols},
|
||||
author = {Matthew Wright and Micah Adler and Brian Neil Levine and Clay Shields},
|
||||
booktitle = {{Network and Distributed Security Symposium (NDSS 02)}},
|
||||
year = {2002},
|
||||
month = {February},
|
||||
publisher = {IEEE},
|
||||
title = {An Analysis of the Degradation of Anonymous Protocols},
|
||||
author = {Matthew Wright and Micah Adler and Brian Neil Levine and Clay Shields},
|
||||
booktitle = {{Network and Distributed Security Symposium (NDSS 02)}},
|
||||
year = {2002},
|
||||
month = {February},
|
||||
publisher = {IEEE},
|
||||
}
|
||||
|
||||
@inproceedings{wright03,
|
||||
title = {Defending Anonymous Communication Against Passive Logging Attacks},
|
||||
author = {Matthew Wright and Micah Adler and Brian Neil Levine and Clay Shields},
|
||||
booktitle = {IEEE Symposium on Security and Privacy},
|
||||
title = {Defending Anonymous Communication Against Passive Logging Attacks},
|
||||
author = {Matthew Wright and Micah Adler and Brian Neil Levine and Clay Shields},
|
||||
booktitle = {IEEE Symposium on Security and Privacy},
|
||||
pages= {28--41},
|
||||
year = {2003},
|
||||
month = {May},
|
||||
publisher = {IEEE CS},
|
||||
year = {2003},
|
||||
month = {May},
|
||||
publisher = {IEEE CS},
|
||||
}
|
||||
|
||||
|
||||
@ -1099,15 +1099,15 @@
|
||||
}
|
||||
|
||||
@article{shsm03,
|
||||
title = {Using Caching for Browsing Anonymity},
|
||||
author = {Anna Shubina and Sean Smith},
|
||||
journal = {ACM SIGEcom Exchanges},
|
||||
volume = {4},
|
||||
number = {2},
|
||||
year = {2003},
|
||||
month = {Sept},
|
||||
www_pdf_url = {http://www.acm.org/sigs/sigecom/exchanges/volume_4_(03)/4.2-Shubina.pdf},
|
||||
www_section = {Anonymous communication},
|
||||
title = {Using Caching for Browsing Anonymity},
|
||||
author = {Anna Shubina and Sean Smith},
|
||||
journal = {ACM SIGEcom Exchanges},
|
||||
volume = {4},
|
||||
number = {2},
|
||||
year = {2003},
|
||||
month = {Sept},
|
||||
www_pdf_url = {http://www.acm.org/sigs/sigecom/exchanges/volume_4_(03)/4.2-Shubina.pdf},
|
||||
www_section = {Anonymous communication},
|
||||
}
|
||||
|
||||
@inproceedings{tor-design,
|
||||
@ -1199,7 +1199,13 @@
|
||||
publisher = {O'Reilly Media},
|
||||
}
|
||||
|
||||
%%% Local Variables:
|
||||
@Misc{six-four,
|
||||
key = {six-four},
|
||||
title = {{The Six/Four System}},
|
||||
note = {\url{http://sourceforge.net/projects/sixfour/}}
|
||||
}
|
||||
|
||||
%%% Local Variables:
|
||||
%%% mode: latex
|
||||
%%% TeX-master: "tor-design"
|
||||
%%% End:
|
||||
%%% End:
|
||||
|
Loading…
Reference in New Issue
Block a user