Several changes to background section, which is still a mess

Added bib file


svn:r607
This commit is contained in:
Paul Syverson 2003-10-16 21:49:04 +00:00
parent 3c526e49ae
commit f6e202307b
2 changed files with 970 additions and 29 deletions

875
doc/tor-design.bib Normal file
View File

@ -0,0 +1,875 @@
@Misc{anonymizer,
key = {anonymizer},
title = {The {Anonymizer}},
note = {\url{http://www.anonymizer.com}}
}
@Misc{anonnet,
key = {anonnet},
title = {{AnonNet}},
note = {\url{http://www.authnet.org/anonnet/}}
}
@inproceedings{econymics,
title = {On the Economics of Anonymity},
author = {Alessandro Acquisti and Roger Dingledine and Paul Syverson},
booktitle = {Financial Cryptography, FC 2003},
year = {2003},
editor = {Rebecca N. Wright},
publisher = {Springer-Verlag, LNCS 2742},
note = {\url{http://freehaven.net/doc/fc03/econymics.pdf}},
}
@inproceedings{minion-design,
title = {Mixminion: Design of a Type {III} Anonymous Remailer Protocol},
author = {George Danezis and Roger Dingledine and Nick Mathewson},
booktitle = {2003 IEEE Symposium on Security and Privacy},
year = {2003},
month = {May},
publisher = {IEEE CS},
pages = {2--15},
note = {\url{http://mixminion.net/minion-design.pdf}},
www_important = {1},
www_section = {Anonymous communication},
}
@inproceedings{ rao-pseudonymity,
author = "Josyula R. Rao and Pankaj Rohatgi",
title = "Can Pseudonymity Really Guarantee Privacy?",
booktitle = "Proceedings of the Ninth USENIX Security Symposium",
year = {2000},
month = Aug,
publisher = {USENIX},
pages = "85--96",
note = {\url{http://www.usenix.org/publications/library/proceedings/sec2000/
full_papers/rao/rao.pdf}},
}
@InProceedings{pfitzmann90how,
author = "Birgit Pfitzmann and Andreas Pfitzmann",
title = "How to Break the Direct {RSA}-Implementation of {MIXes}",
booktitle = {Eurocrypt 89},
publisher = {Springer-Verlag, LNCS 434},
year = {1990},
note = {\url{http://citeseer.nj.nec.com/pfitzmann90how.html}},
}
@Misc{mixminion-spec,
author = {Mixminion},
title = {Type {III} ({M}ixminion) Mix Protocol Specifications},
note = {\newline \url{http://mixminion.net/minion-spec.txt}},
}
@InProceedings{BM:mixencrypt,
author = {M{\"o}ller, Bodo},
title = {Provably Secure Public-Key Encryption for Length-Preserving Chaumian Mixes},
booktitle = {{CT-RSA} 2003},
publisher = {Springer-Verlag, LNCS 2612},
year = 2003,
}
% Would a more recent reference for SPRPs be more useful?
@Article{sprp,
author = {Michael Luby and Charles Rackoff},
title = {How to Construct Pseudorandom Permutations from
Pseudorandom Functions},
journal = {SIAM Journal on Computing},
year = {1988},
volume = {17},
number = {2},
pages = {373--386},
}
@InProceedings{back01,
author = {Adam Back and Ulf M\"oller and Anton Stiglic},
title = {Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems},
booktitle = {Information Hiding (IH 2001)},
pages = {245--257},
year = 2001,
editor = {Ira S. Moskowitz},
publisher = {Springer-Verlag, LNCS 2137},
note = {\newline \url{http://www.cypherspace.org/adam/pubs/traffic.pdf}},
}
@InProceedings{rackoff93cryptographic,
author = {Charles Rackoff and Daniel R. Simon},
title = {Cryptographic Defense Against Traffic Analysis},
booktitle = {{ACM} Symposium on Theory of Computing},
pages = {672--681},
year = {1993},
note = {\url{http://research.microsoft.com/crypto/dansimon/me.htm}},
}
@InProceedings{freehaven-berk,
author = {Roger Dingledine and Michael J. Freedman and David Molnar},
title = {The Free Haven Project: Distributed Anonymous Storage Service},
booktitle = {Designing Privacy Enhancing Technologies: Workshop
on Design Issue in Anonymity and Unobservability},
year = {2000},
month = {July},
editor = {H. Federrath},
publisher = {Springer-Verlag, LNCS 2009},
note = {\url{http://freehaven.net/papers.html}},
}
@InProceedings{raymond00,
author = {J. F. Raymond},
title = {{Traffic Analysis: Protocols, Attacks, Design Issues,
and Open Problems}},
booktitle = {Designing Privacy Enhancing Technologies: Workshop
on Design Issue in Anonymity and Unobservability},
year = 2000,
month = {July},
pages = {10-29},
editor = {H. Federrath},
publisher = {Springer-Verlag, LNCS 2009},
}
@InProceedings{trickle02,
author = {Andrei Serjantov and Roger Dingledine and Paul Syverson},
title = {From a Trickle to a Flood: Active Attacks on Several
Mix Types},
booktitle = {Information Hiding (IH 2002)},
year = {2002},
editor = {Fabien Petitcolas},
publisher = {Springer-Verlag, LNCS (forthcoming)},
}
@InProceedings{langos02,
author = {Oliver Berthold and Heinrich Langos},
title = {Dummy Traffic Against Long Term Intersection Attacks},
booktitle = {Privacy Enhancing Technologies (PET 2002)},
year = {2002},
editor = {Roger Dingledine and Paul Syverson},
publisher = {Springer-Verlag, LNCS 2482}
}
@InProceedings{or-discex00,
author = {Paul Syverson and Michael Reed and David Goldschlag},
title = {{O}nion {R}outing Access Configurations},
booktitle = {DARPA Information Survivability Conference and
Exposition (DISCEX 2000)},
year = {2000},
publisher = {IEEE CS Press},
pages = {34--40},
volume = {1},
note = {\newline \url{http://www.onion-router.net/Publications.html}},
}
@Inproceedings{or-pet02,
title = {{Towards an Analysis of Onion Routing Security}},
author = {Paul Syverson and Gene Tsudik and Michael Reed and
Carl Landwehr},
booktitle = {Designing Privacy Enhancing Technologies: Workshop
on Design Issue in Anonymity and Unobservability},
year = 2000,
month = {July},
pages = {96--114},
editor = {H. Federrath},
publisher = {Springer-Verlag, LNCS 2009},
note = {\url{http://www.onion-router.net/Publications/WDIAU-2000.ps.gz}},
}
@InProceedings{or-ih96,
author = {David M. Goldschlag and Michael G. Reed and Paul
F. Syverson},
title = {Hiding Routing Information},
booktitle = {Information Hiding, First International Workshop},
pages = {137--150},
year = 1996,
editor = {R. Anderson},
month = {May},
publisher = {Springer-Verlag, LNCS 1174},
note = {\url{http://www.onion-router.net/Publications/IH-1996.ps.gz}}
}
@Article{or-jsac98,
author = {Michael G. Reed and Paul F. Syverson and David
M. Goldschlag},
title = {Anonymous Connections and Onion Routing},
journal = {IEEE Journal on Selected Areas in Communications},
year = 1998,
volume = 16,
number = 4,
pages = {482--494},
month = {May},
note = {\url{http://www.onion-router.net/Publications/JSAC-1998.ps.gz}}
}
@Misc{TLS,
author = {T. Dierks and C. Allen},
title = {The {TLS} {P}rotocol --- {V}ersion 1.0},
howpublished = {IETF RFC 2246},
month = {January},
year = {1999},
note = {\url{http://www.rfc-editor.org/rfc/rfc2246.txt}},
}
@Misc{SMTP,
author = {J. Postel},
title = {Simple {M}ail {T}ransfer {P}rotocol},
howpublished = {IETF RFC 2821 (also STD0010)},
month = {April},
year = {2001},
note = {\url{http://www.rfc-editor.org/rfc/rfc2821.txt}},
}
@Misc{IMAP,
author = {M. Crispin},
title = {Internet {M}essage {A}ccess {P}rotocol --- {V}ersion 4rev1},
howpublished = {IETF RFC 2060},
month = {December},
year = {1996},
note = {\url{http://www.rfc-editor.org/rfc/rfc2060.txt}},
}
@Misc{POP3,
author = {J. Myers and M. Rose},
title = {Post {O}ffice {P}rotocol --- {V}ersion 3},
howpublished = {IETF RFC 1939 (also STD0053)},
month = {May},
year = {1996},
note = {\url{http://www.rfc-editor.org/rfc/rfc1939.txt}},
}
@InProceedings{shuffle,
author = {C. Andrew Neff},
title = {A Verifiable Secret Shuffle and its Application to E-Voting},
booktitle = {8th ACM Conference on Computer and Communications
Security (CCS-8)},
pages = {116--125},
year = 2001,
editor = {P. Samarati},
month = {November},
publisher = {ACM Press},
note = {\url{http://www.votehere.net/ada_compliant/ourtechnology/
technicaldocs/shuffle.pdf}},
}
@InProceedings{dolev91,
author = {Danny Dolev and Cynthia Dwork and Moni Naor},
title = {Non-Malleable Cryptography},
booktitle = {23rd ACM Symposium on the Theory of Computing (STOC)},
pages = {542--552},
year = 1991,
note = {Updated version at
\url{http://citeseer.nj.nec.com/dolev00nonmalleable.html}},
}
@TechReport{rsw96,
author = {Ronald L. Rivest and Adi Shamir and David A. Wagner},
title = {Time-lock puzzles and timed-release Crypto},
year = 1996,
type = {MIT LCS technical memo},
number = {MIT/LCS/TR-684},
month = {February},
note = {\newline \url{http://citeseer.nj.nec.com/rivest96timelock.html}},
}
@InProceedings{web-mix,
author = {Oliver Berthold and Hannes Federrath and Stefan K\"opsell},
title = {Web {MIX}es: A system for anonymous and unobservable
{I}nternet access},
booktitle = {Designing Privacy Enhancing Technologies: Workshop
on Design Issue in Anonymity and Unobservability},
editor = {H. Federrath},
publisher = {Springer-Verlag, LNCS 2009},
pages = {115--129},
year = 2000,
}
@InProceedings{disad-free-routes,
author = {Oliver Berthold and Andreas Pfitzmann and Ronny Standtke},
title = {The disadvantages of free {MIX} routes and how to overcome
them},
booktitle = {Designing Privacy Enhancing Technologies: Workshop
on Design Issue in Anonymity and Unobservability},
pages = {30--45},
year = 2000,
editor = {H. Federrath},
publisher = {Springer-Verlag, LNCS 2009},
note = {\url{http://www.tik.ee.ethz.ch/~weiler/lehre/netsec/Unterlagen/anon/
disadvantages_berthold.pdf}},
}
@InProceedings{boneh00,
author = {Dan Boneh and Moni Naor},
title = {Timed Commitments},
booktitle = {Advances in Cryptology -- {CRYPTO} 2000},
pages = {236--254},
year = 2000,
publisher = {Springer-Verlag, LNCS 1880},
note = {\newline \url{http://crypto.stanford.edu/~dabo/abstracts/timedcommit.html}},
}
@InProceedings{goldschlag98,
author = {David M. Goldschlag and Stuart G. Stubblebine},
title = {Publicly Verifiable Lotteries: Applications of
Delaying Functions},
booktitle = {Financial Cryptography, FC'98},
pages = {214--226},
year = 1998,
publisher = {Springer-Verlag, LNCS 1465},
note = {\newline \url{http://citeseer.nj.nec.com/goldschlag98publicly.html}},
}
@InProceedings{syverson98,
author = {Paul Syverson},
title = {Weakly Secret Bit Commitment: Applications to
Lotteries and Fair Exchange},
booktitle = {Computer Security Foundations Workshop (CSFW11)},
pages = {2--13},
year = 1998,
address = {Rockport Massachusetts},
month = {June},
publisher = {IEEE CS Press},
note = {\newline \url{http://chacs.nrl.navy.mil/publications/CHACS/1998/}},
}
@Misc{shoup-iso,
author = {Victor Shoup},
title = {A Proposal for an {ISO} {S}tandard for Public Key Encryption (version 2.1)},
note = {Revised December 20, 2001. \url{http://www.shoup.net/papers/}},
}
@Misc{shoup-oaep,
author = {Victor Shoup},
title = {{OAEP} Reconsidered},
howpublished = {{IACR} e-print 2000/060},
note = {\newline \url{http://eprint.iacr.org/2000/060/}},
}
@Misc{oaep-still-alive,
author = {E. Fujisaki and D. Pointcheval and T. Okamoto and J. Stern},
title = {{RSA}-{OAEP} is Still Alive!},
howpublished = {{IACR} e-print 2000/061},
note = {\newline \url{http://eprint.iacr.org/2000/061/}},
}
@misc{echolot,
author = {Peter Palfrader},
title = {Echolot: a pinger for anonymous remailers},
note = {\url{http://www.palfrader.org/echolot/}},
}
@Misc{mixmaster-attacks,
author = {Lance Cottrell},
title = {Mixmaster and Remailer Attacks},
note = {\url{http://www.obscura.com/~loki/remailer/remailer-essay.html}},
}
@Misc{mixmaster-spec,
author = {Ulf M{\"o}ller and Lance Cottrell and Peter
Palfrader and Len Sassaman},
title = {Mixmaster {P}rotocol --- {V}ersion 2},
year = {2003},
month = {July},
howpublished = {Draft},
note = {\url{http://www.abditum.com/mixmaster-spec.txt}},
}
@Article{mitzenm-loss,
author = {G. Louth and M. Mitzenmacher and F.P. Kelly},
title = {Computational Complexity of Loss Networks},
journal = {Theoretical Computer Science},
year = {1994},
volume = {125},
pages = {45-59},
note = {\newline \url{http://citeseer.nj.nec.com/louth94computational.html}},
}
@Misc{hashcash,
author = {Adam Back},
title = {Hash cash},
note = {\newline \url{http://www.cypherspace.org/~adam/hashcash/}},
}
@InProceedings{oreilly-acc,
author = {Roger Dingledine and Michael J. Freedman and David Molnar},
title = {Accountability},
booktitle = {Peer-to-peer: Harnessing the Benefits of a Disruptive
Technology},
year = {2001},
publisher = {O'Reilly and Associates},
}
@InProceedings{han,
author = {Yongfei Han},
title = {Investigation of non-repudiation protocols},
booktitle = {ACISP '96},
year = 1996,
publisher = {Springer-Verlag},
}
@Misc{socks5,
key = {socks5},
title = {{SOCKS} {P}rotocol {V}ersion 5},
howpublished= {IETF RFC 1928},
month = {March},
year = 1996,
note = {\url{http://www.ietf.org/rfc/rfc1928.txt}}
}
@InProceedings{abe,
author = {Masayuki Abe},
title = {Universally Verifiable {MIX} With Verification Work Independent of
The Number of {MIX} Servers},
booktitle = {{EUROCRYPT} 1998},
year = {1998},
publisher = {Springer-Verlag, LNCS 1403},
}
@InProceedings{desmedt,
author = {Yvo Desmedt and Kaoru Kurosawa},
title = {How To Break a Practical {MIX} and Design a New One},
booktitle = {{EUROCRYPT} 2000},
year = {2000},
publisher = {Springer-Verlag, LNCS 1803},
note = {\url{http://citeseer.nj.nec.com/447709.html}},
}
@InProceedings{mitkuro,
author = {M. Mitomo and K. Kurosawa},
title = {{Attack for Flash MIX}},
booktitle = {{ASIACRYPT} 2000},
year = {2000},
publisher = {Springer-Verlag, LNCS 1976},
note = {\newline \url{http://citeseer.nj.nec.com/450148.html}},
}
@InProceedings{hybrid-mix,
author = {M. Ohkubo and M. Abe},
title = {A {L}ength-{I}nvariant {H}ybrid {MIX}},
booktitle = {Advances in Cryptology - {ASIACRYPT} 2000},
year = {2000},
publisher = {Springer-Verlag, LNCS 1976},
}
@InProceedings{PShuffle,
author = {Jun Furukawa and Kazue Sako},
title = {An Efficient Scheme for Proving a Shuffle},
editor = {Joe Kilian},
booktitle = {CRYPTO 2001},
year = {2001},
publisher = {Springer-Verlag, LNCS 2139},
}
@InProceedings{jakobsson-optimally,
author = "Markus Jakobsson and Ari Juels",
title = "An Optimally Robust Hybrid Mix Network (Extended Abstract)",
booktitle = {Principles of Distributed Computing - {PODC} '01},
year = "2001",
publisher = {ACM Press},
note = {\url{http://citeseer.nj.nec.com/492015.html}},
}
@InProceedings{kesdogan,
author = {D. Kesdogan and M. Egner and T. B\"uschkes},
title = {Stop-and-Go {MIX}es Providing Probabilistic Anonymity in an Open
System},
booktitle = {Information Hiding (IH 1998)},
year = {1998},
publisher = {Springer-Verlag, LNCS 1525},
note = {\url{http://www.cl.cam.ac.uk/~fapp2/ihw98/ihw98-sgmix.pdf}},
}
@InProceedings{socks4,
author = {David Koblas and Michelle R. Koblas},
title = {{SOCKS}},
booktitle = {UNIX Security III Symposium (1992 USENIX Security
Symposium)},
pages = {77--83},
year = 1992,
publisher = {USENIX},
}
@InProceedings{flash-mix,
author = {Markus Jakobsson},
title = {Flash {M}ixing},
booktitle = {Principles of Distributed Computing - {PODC} '99},
year = {1999},
publisher = {ACM Press},
note = {\newline \url{http://citeseer.nj.nec.com/jakobsson99flash.html}},
}
@InProceedings{SK,
author = {Joe Kilian and Kazue Sako},
title = {Receipt-Free {MIX}-Type Voting Scheme - A Practical Solution to
the Implementation of a Voting Booth},
booktitle = {EUROCRYPT '95},
year = {1995},
publisher = {Springer-Verlag},
}
@InProceedings{OAEP,
author = {M. Bellare and P. Rogaway},
year = {1994},
booktitle = {EUROCRYPT '94},
title = {Optimal {A}symmetric {E}ncryption {P}adding : How To Encrypt With
{RSA}},
publisher = {Springer-Verlag},
note = {\newline \url{http://www-cse.ucsd.edu/users/mihir/papers/oaep.html}},
}
@inproceedings{babel,
title = {Mixing {E}-mail With {B}abel},
author = {Ceki G\"ulc\"u and Gene Tsudik},
booktitle = {Proceedings of the Network and Distributed Security Symposium - {NDSS} '96},
year = 1996,
month = {February},
pages = {2--16},
publisher = {IEEE},
www_important = 1,
note = {\url{http://citeseer.nj.nec.com/2254.html}},
www_section = {Anonymous communication},
}
@InProceedings{freenet,
author = {Ian Clarke and Oskar Sandberg and Brandon Wiley and Theodore W. Hong},
title = {Freenet: {A} Distributed Anonymous Information Storage and Retrieval
System},
booktitle = {Workshop on Design Issues in Anonymity and Unobservability},
pages = {46--66},
year = {2000},
note = {\newline \url{http://citeseer.nj.nec.com/clarke00freenet.html}},
}
@Misc{rprocess,
author = {RProcess},
title = {Selective Denial of Service Attacks},
note = {\newline \url{http://www.eff.org/pub/Privacy/Anonymity/1999\_09\_DoS\_remail\_vuln.html}},
}
@Article{remailer-history,
author = {Sameer Parekh},
title = {Prospects for Remailers},
journal = {First Monday},
volume = {1},
number = {2},
month = {August},
year = {1996},
note = {\url{http://www.firstmonday.dk/issues/issue2/remailers/}},
}
@Misc{remailer-history-old,
author = {Tim May},
title = {Description of early remailer history},
howpublished = {E-mail archived at
\url{http://www.inet-one.com/cypherpunks/dir.1996.08.29-1996.09.04/
msg00431.html}},
}
@Article{chaum-mix,
author = {David Chaum},
title = {Untraceable electronic mail, return addresses, and digital pseudo-nyms},
journal = {Communications of the ACM},
year = {1981},
volume = {4},
number = {2},
month = {February},
note = {\url{http://www.eskimo.com/~weidai/mix-net.txt}},
}
@InProceedings{nym-alias-net,
author = {David Mazi\`{e}res and M. Frans Kaashoek},
title = {{The Design, Implementation and Operation of an Email
Pseudonym Server}},
booktitle = {$5^{th}$ ACM Conference on Computer and
Communications Security (CCS'98)},
year = 1998,
publisher = {ACM Press},
note = {\newline \url{http://www.scs.cs.nyu.edu/~dm/}},
}
@Misc{timmay,
author = {Tim May},
title = {Cyphernomicon},
note = {\newline \url{http://www2.pro-ns.net/~crypto/cyphernomicon.html}},
}
@misc{neochaum,
author = {Tim May},
title = {Payment mixes for anonymity},
howpublished = {E-mail archived at
\url{http://\newline www.inet-one.com/cypherpunks/dir.2000.02.28-2000.03.05/msg00334.html}},
}
@misc{pidaho,
author = {Joel McNamara},
title = {{P}rivate {I}daho},
note = {\newline \url{http://www.eskimo.com/~joelm/pi.html}},
}
@misc{potato,
author = {RProcess},
title = {{P}otato {S}oftware},
note = {\newline \url{http://www.skuz.net/potatoware/}},
}
@misc{helsingius,
author = {J. Helsingius},
title = {{\tt anon.penet.fi} press release},
note = {\newline \url{http://www.penet.fi/press-english.html}},
}
@misc{mix-stats,
author = {Christian Mock},
title = {Mixmaster Stats ({A}ustria)},
note = {\newline \url{http://www.tahina.priv.at/~cm/stats/mlist2.html}},
}
@InProceedings{garay97secure,
author = {J. Garay and R. Gennaro and C. Jutla and T. Rabin},
title = {Secure distributed storage and retrieval},
booktitle = {11th International Workshop, WDAG '97},
pages = {275--289},
year = {1997},
publisher = {Springer-Verlag, LNCS 1320},
note = {\newline \url{http://citeseer.nj.nec.com/garay97secure.html}},
}
@InProceedings{PIK,
author = {C. Park and K. Itoh and K. Kurosawa},
title = {Efficient anonymous channel and all/nothing election scheme},
booktitle = {Advances in Cryptology -- {EUROCRYPT} '93},
pages = {248--259},
publisher = {Springer-Verlag, LNCS 765},
}
@Misc{pgpfaq,
key = {PGP},
title = {{PGP} {FAQ}},
note = {\newline \url{http://www.faqs.org/faqs/pgp-faq/}},
}
@Article{riordan-schneier,
author = {James Riordan and Bruce Schneier},
title = {A Certified E-mail Protocol with No Trusted Third Party},
journal = {13th Annual Computer Security Applications Conference},
month = {December},
year = {1998},
note = {\newline \url{http://www.counterpane.com/certified-email.html}},
}
@Article{crowds-tissec,
author = {Michael K. Reiter and Aviel D. Rubin},
title = {Crowds: Anonymity for Web Transactions},
journal = {ACM TISSEC},
year = 1998,
volume = 1,
number = 1,
pages = {66--92},
month = {November},
note = {\url{http://citeseer.nj.nec.com/284739.html}}
}
@Article{crowds-dimacs,
author = {Michael K. Reiter and Aviel D. Rubin},
title = {Crowds: Anonymity for Web Transactions},
journal = {{DIMACS} Technical Report (Revised)},
volume = {97},
number = {15},
month = {August},
year = {1997},
}
@Misc{freedom,
author = {Zero Knowledge Systems},
title = {Freedom Version 2 White Papers},
note = {\newline \url{http://www.freedom.net/info/whitepapers/}},
}
@Misc{recovery,
author = {Miguel Castro and Barbara Liskov},
title = {Proactive Recovery in a Byzantine-Fault-Tolerant System},
note = {\newline \url{http://www.pmg.lcs.mit.edu/~castro/application/recovery.pdf}},
}
@Misc{advogato,
author = {Raph Levien},
title = {Advogato's Trust Metric},
note = {\newline \url{http://www.advogato.org/trust-metric.html}},
}
@Misc{rabin-ida,
author = {Michael O. Rabin},
title = {Efficient Dispersal of Information for security, load balancing,
and fault tolerance},
booktitle = {Journal of the ACM},
year = {1989},
volume = {36},
number = {2},
series = {335--348},
month = {April},
}
@PhdThesis{malkin-thesis,
author = {Tal Malkin},
school = {{MIT}},
title = {Private {I}nformation {R}etrieval},
year = {2000},
note = {\newline \url{http://toc.lcs.mit.edu/~tal/pubs.html}}
}
@Misc{zks,
title = {Zero {K}nowledge {S}ystems},
note = {\newline \url{http://www.freedom.net/}},
}
@InProceedings{publius,
author = {Marc Waldman and Aviel Rubin and Lorrie Cranor},
title = {Publius: {A} robust, tamper-evident, censorship-resistant and
source-anonymous web publishing system},
booktitle = {Proc. 9th USENIX Security Symposium},
pages = {59--72},
year = {2000},
month = {August},
note = {\newline \url{http://citeseer.nj.nec.com/waldman00publius.html}},
}
@Misc{freedom-nyms,
author = {Russell Samuels},
title = {Untraceable Nym Creation on the {F}reedom {N}etwork},
year = {1999},
month = {November},
day = {21},
note = {\newline \url{http://www.freedom.net/products/whitepapers/white11.html}},
}
@Article{raghavan87randomized,
author = {P. Raghavan and C. Thompson},
title = {Randomized rounding: A technique for provably good algorithms and algorithmic proofs},
journal = {Combinatorica},
volume = {7},
pages = {365--374},
year = {1987},
}
@InProceedings{leighton91fast,
author = {Frank Thomson Leighton and Fillia Makedon and Serge A. Plotkin and
Clifford Stein and Eva Tardos and Spyros Tragoudas},
title = {Fast Approximation Algorithms for Multicommodity Flow Problems},
booktitle = {{ACM} Symposium on Theory of Computing},
pages = {101-111},
year = {1991},
note = {\newline \url{http://citeseer.nj.nec.com/91073.html}},
}
@Misc{pk-relations,
author = {M. Bellare and A. Desai and D. Pointcheval and P. Rogaway},
title = {Relations Among Notions of Security for Public-Key Encryption
Schemes},
howpublished = {
Extended abstract in {\em Advances in Cryptology - CRYPTO '98}, LNCS Vol. 1462.
Springer-Verlag, 1998.
Full version available from \newline \url{http://www-cse.ucsd.edu/users/mihir/}},
}
@InProceedings{mix-acc,
author = {Roger Dingledine and Michael J. Freedman and David
Hopwood and David Molnar},
title = {{A Reputation System to Increase MIX-net
Reliability}},
booktitle = {Information Hiding (IH 2001)},
pages = {126--141},
year = 2001,
editor = {Ira S. Moskowitz},
publisher = {Springer-Verlag, LNCS 2137},
note = {\url{http://www.freehaven.net/papers.html}},
}
@InProceedings{casc-rep,
author = {Roger Dingledine and Paul Syverson},
title = {{Reliable MIX Cascade Networks through Reputation}},
booktitle = {Financial Cryptography (FC '02)},
year = 2002,
editor = {Matt Blaze},
publisher = {Springer-Verlag, LNCS (forthcoming)},
note = {\newline \url{http://www.freehaven.net/papers.html}},
}
@InProceedings{zhou96certified,
author = {Zhou and Gollmann},
title = {Certified Electronic Mail},
booktitle = {{ESORICS: European Symposium on Research in Computer
Security}},
publisher = {Springer-Verlag, LNCS 1146},
year = {1996},
note = {\newline \url{http://citeseer.nj.nec.com/zhou96certified.html}},
}
@Misc{realtime-mix,
author = {Anja Jerichow and Jan M\"uller and Andreas Pfitzmann and
Birgit Pfitzmann and Michael Waidner},
title = {{Real-Time MIXes: A Bandwidth-Efficient Anonymity Protocol}},
howpublished = {IEEE Journal on Selected Areas in Communications, 1998.},
note = {\url{http://www.zurich.ibm.com/security/publications/1998.html}},
}
@InProceedings{BEAR-LIONESS,
author = {Ross Anderson and Eli Biham},
title = {Two Practical and Provably Secure Block Ciphers: {BEAR} and {LION}},
booktitle = {International Workshop on Fast Software Encryption},
year = {1996},
publisher = {Springer-Verlag},
note = {\url{http://citeseer.nj.nec.com/anderson96two.html}},
}
@Misc{SPC,
author = {Daniel Bleichenbacher and Anand Desai},
title = {A Construction of a Super-Pseudorandom Cipher},
howpublished = {Manuscript},
}
@InProceedings{gap-pets03,
author = {Krista Bennett and Christian Grothoff},
title = {{GAP} -- practical anonymous networking},
booktitle = {Privacy Enhancing Technologies (PET 2003)},
year = 2003,
editor = {Roger Dingledine},
publisher = {Springer-Verlag LNCS (forthcoming)}
}
@Article{hordes-jcs,
author = {Brian Neal Levine and Clay Shields},
title = {Hordes: A Multicast-Based Protocol for Anonymity},
journal = {Journal of Computer Security},
year = 2002,
volume = 10,
number = 3,
pages = {213--240}
}
@TechReport{herbivore,
author = {Sharad Goel and Mark Robson and Milo Polte and Emin G\"{u}n Sirer},
title = {Herbivore: A Scalable and Efficient Protocol for Anonymous Communication},
institution = {Cornell University Computing and Information Science},
year = 2003,
type = {Technical Report},
number = {TR2003-1890},
month = {February}
}
@InProceedings{p5,
author = {Rob Sherwood and Bobby Bhattacharjee and Aravind Srinivasan},
title = {$P^5$: A Protocol for Scalable Anonymous Communication},
booktitle = {2002 IEEE Symposium on Security and Privacy},
pages = {58--70},
year = 2002,
publisher = {IEEE CS}
}
%%% Local Variables:
%%% mode: latex
%%% TeX-master: "tor-design"
%%% End:

View File

@ -1,8 +1,6 @@
\documentclass[times,10pt,twocolumn]{article} \documentclass[times,10pt,twocolumn]{article}
%\usepackage{/home/syverson/papers/latex8}
%\usepackage{/home/syverson/papers/times}
\usepackage{latex8} \usepackage{latex8}
\usepackage{times} %\usepackage{times}
\usepackage{url} \usepackage{url}
\usepackage{graphics} \usepackage{graphics}
\usepackage{amsmath} \usepackage{amsmath}
@ -69,7 +67,7 @@ predecessor and successor, but no others. Traffic flowing down the circuit
is sent in fixed-size \emph{cells}, which are unwrapped by a symmetric key is sent in fixed-size \emph{cells}, which are unwrapped by a symmetric key
at each node, revealing the downstream node. The original onion routing at each node, revealing the downstream node. The original onion routing
project published several design and analysis papers project published several design and analysis papers
\cite{or-journal,or-discex,or-ih,or-pet}. While there was briefly \cite{or-jsac98,or-discex00,or-ih96,or-pet02}. While there was briefly
a network of about a dozen nodes at three widely distributed sites, a network of about a dozen nodes at three widely distributed sites,
the only long-running and publicly accessible the only long-running and publicly accessible
implementation was a fragile proof-of-concept that ran on a single implementation was a fragile proof-of-concept that ran on a single
@ -102,19 +100,25 @@ program without modification.
onion routing design built one circuit for each request. Aside from the onion routing design built one circuit for each request. Aside from the
performance issues of doing public key operations for every request, it performance issues of doing public key operations for every request, it
also turns out that regular communications patterns mean building lots also turns out that regular communications patterns mean building lots
of circuits can endanger anonymity \cite{wright03}. Tor multiplexes many of circuits, which can endanger anonymity \cite{wright03}. [XXX Was this
supposed to be Wright02 or Wright03. In any case I am hesitant to cite
that work in this context. While the point is valid in general, that
work is predicated on assumptions that I don't think typically apply
to onion routing (whether old or new design).]
Tor multiplexes many
connections down each circuit, but still rotates the circuit periodically connections down each circuit, but still rotates the circuit periodically
to avoid too much linkability. to avoid too much linkability.
\item \textbf{No mixing or traffic shaping:} The original onion routing \item \textbf{No mixing or traffic shaping:} The original onion routing
design called for full link padding both between onion routers and between design called for full link padding both between onion routers and between
onion proxies (that is, users) and onion routers \cite{or-journal}. The onion proxies (that is, users) and onion routers \cite{or-jsac98}. The
later analysis paper \cite{or-pet} suggested \emph{traffic shaping} later analysis paper \cite{or-pet02} suggested \emph{traffic shaping}
to provide similar protection but use less bandwidth, but did not go to provide similar protection but use less bandwidth, but did not go
into detail. However, recent research \cite{econymics} and deployment into detail. However, recent research \cite{econymics} and deployment
experience \cite{freedom2-arch} indicate that this level of resource experience \cite{freedom} indicate that this level of resource
use is not practical or economical; and even full link padding is still use is not practical or economical; and even full link padding is still
vulnerable to active attacks \cite{defensive-dropping}. vulnerable to active attacks \cite{defensive-dropping}. [XXX what is being
referenced here, Dogan?]
\item \textbf{Leaky pipes:} Through in-band signalling within the circuit, \item \textbf{Leaky pipes:} Through in-band signalling within the circuit,
Tor initiators can direct traffic to nodes partway down the circuit. This Tor initiators can direct traffic to nodes partway down the circuit. This
@ -179,27 +183,40 @@ through a path composed of Mix servers. Mix servers in turn decrypt, delay,
and re-order messages, before relay them along the path towards their and re-order messages, before relay them along the path towards their
destinations. destinations.
Subsequent relay-based anonymity designs have diverged in two principal Subsequent relay-based anonymity designs have diverged in two
directions. Some have, such as Babel\cite{babel}, Mixmaster\cite{mixmaster}, principal directions. Some have attempted to maximize anonymity at
and Mixminion\cite{minion-design}, attempt to maximize anonymity at the cost the cost of introducing comparatively large and variable latencies,
of introducing comparatively large and variable latencies. Because of this for example, Babel\cite{babel}, Mixmaster\cite{mixmaster-spec}, and
Mixminion\cite{minion-design}. Because of this
decision, such \emph{high-latency} networks are well-suited for anonymous decision, such \emph{high-latency} networks are well-suited for anonymous
email, but introduce too much lag for interactive tasks such as web browsing, email, but introduce too much lag for interactive tasks such as web browsing,
internet chat, or SSH connections. internet chat, or SSH connections.
Tor belongs to the second category: \emph{low-latency} designs that attempt Tor belongs to the second category: \emph{low-latency} designs that
to anonymize interactive network traffic. Because such traffic tends to attempt to anonymize interactive network traffic. Because such
involve a relatively large numbers of packets, it is difficult to prevent an traffic tends to involve a relatively large numbers of packets, it is
attacker who can eavesdrop entry and exit points from correlating packets difficult to prevent an attacker who can eavesdrop entry and exit
entering the anonymity network with packets leaving it. Although some points from correlating packets entering the anonymity network with
work has been done to frustrate these attacks, they still... packets leaving it. Although some work has been done to frustrate
these attacks, most designs protect primarily against traffic analysis
rather than traffic confirmation \cite{or-jsac98}. One can pad and
limit communication to a constant rate or at least to control the
variation in traffic shape. This can have prohibitive bandwidth costs
and/or performance limitations. One can also use a cascade (fixed
shared route) with a relatively fixed set of users. This assumes a
degree of agreement and provides an easier target for an active
attacker since the endpoints are generally known. However, a practical
network with both of these features has been run for many years
\cite{web-mix}.
they still...
[XXX go on to explain how the design choices implied in low-latency result in [XXX go on to explain how the design choices implied in low-latency result in
significantly different designs.] significantly different designs.]
The simplest low-latency designs are single-hop proxies such as the The simplest low-latency designs are single-hop proxies such as the
Anonymizer, wherein a single trusted server removes identifying users' data Anonymizer \cite{anonymizer}, wherein a single trusted server removes
before relaying it. These designs are easy to analyze, but require end-users identifying users' data before relaying it. These designs are easy to
to trust the anonymizing proxy. analyze, but require end-users to trust the anonymizing proxy.
More complex are distributed-trust, channel-based anonymizing systems. In More complex are distributed-trust, channel-based anonymizing systems. In
these designs, a user establishes one or more medium-term bidirectional these designs, a user establishes one or more medium-term bidirectional
@ -209,13 +226,32 @@ tunnel. Establishing tunnels is comparatively expensive and typically
requires public-key cryptography, whereas relaying packets along a tunnel is requires public-key cryptography, whereas relaying packets along a tunnel is
comparatively inexpensive. Because a tunnel crosses several servers, no comparatively inexpensive. Because a tunnel crosses several servers, no
single server can learn the user's communication partners. single server can learn the user's communication partners.
[XXX give examples.]
[XXX Everybody I know except Crowds and gnunet is in this category. Am I
right?]
[XXX Should we add a paragraph dividing servers by all-at-once approach to Systems such as earlier versions of Freedom and onion routing
tunnel-building (OR1,Freedom1) versus piecemeal approach build the anonymous channel all at once (using an onion). Later
(OR2,Anonnet?,Freedom2) ?] designs of each of these build the channel in stages as does AnonNet
\cite{anonnet}. Amongst other things, this makes perfect forward
secrecy feasible.
Some systems, such as Crowds \cite{crowds-tissec}, do not rely on the
changing appearance of packets to hide the path; rather they employ
mechanisms so that an intermediary cannot be sure when it is
receiving/sending to the ultimate initiator. There is no public-key
encryption needed for Crowds, but the responder and all data are
visible to all nodes on the path so that anonymity of connection
initiator depends on filtering all identifying information from the
data stream. Crowds is also designed only for HTTP traffic.
Hordes \cite{hordes-jcs} is based on Crowds but also uses multicast
responses to hide the initiator. Some systems go even further
requiring broadcast \cite{herbivore,p5} although tradeoffs are made to
make this more practical. Both Herbivore and P5 are designed primarily
for communication between communicating peers, although Herbivore
permits external connections by requesting a peer to serve as a proxy.
Allowing easy connections to nonparticipating responders or recipients
is a practical requirement for many users, e.g., to visit
nonparticipating Web sites or to send mail to nonparticipating
recipients.
Distributed-trust anonymizing systems differ in how they prevent attackers Distributed-trust anonymizing systems differ in how they prevent attackers
from controlling too many servers and thus compromising too many user paths. from controlling too many servers and thus compromising too many user paths.
@ -225,6 +261,26 @@ servers, while using a limited resource (DHT space for Tarzan; IP space for
MorphMix) to prevent an attacker from owning too much of the network. MorphMix) to prevent an attacker from owning too much of the network.
[XXX what else? What does (say) crowds do?] [XXX what else? What does (say) crowds do?]
All of the above systems Several systems with varying design goals
and capabilities but all of which require that communicants be
intentionally participating are mentioned here.
Some involve multicast or more to work
herbivore
There are also many systems which are intended for anonymous
and/or censorship resistant file sharing. [XXX Should we list all these
or just say it's out of scope for the paper?
eternity, gnunet, freenet, freehaven, publius, tangler, taz/rewebber]
[XXX Should we add a paragraph dividing servers by all-at-once approach to
tunnel-building (OR1,Freedom1) versus piecemeal approach
(OR2,Anonnet?,Freedom2) ?]
Channel-based anonymizing systems also differ in their use of dummy traffic. Channel-based anonymizing systems also differ in their use of dummy traffic.
[XXX] [XXX]
@ -233,6 +289,16 @@ communication. Crowds and [XXX] provide anonymity for HTTP requests; [...]
[XXX Mention error recovery?] [XXX Mention error recovery?]
Web-MIXes \cite{web-mix} (also known as the Java Anon Proxy or JAP)
use a cascade architecture with relatively constant groups of users
sending and receiving at a constant rate.
Some, such as Crowds \cite{crowds-tissec}, do nothing against such
confirmation but still make it difficult for nodes along a connection to
perform timing confirmations that would more easily identify when
the immediate predecessor is the initiator of a connection, which in
Crowds would reveal both initiator and responder to the attacker.
anonymizer anonymizer
pipenet pipenet
@ -338,7 +404,7 @@ issues remaining to be ironed out. In particular:
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\bibliographystyle{latex8} \bibliographystyle{latex8}
\bibliography{minion-design} \bibliography{tor-design}
\end{document} \end{document}