This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: From a Trickle to a Flood: Active Attacks on Several Mix Types Andrei Serjantov 1 and Roger Dingledine 2 and Paul Syverson 3 1 University of Cambridge Computer Laboratory (Andrei.Serjantov@cl.cam.ac.uk) 2 The Free Haven Project (firstname.lastname@example.org) 3 Naval Research Laboratory (email@example.com) Abstract. The literature contains a variety of different mixes, some of which have been used in deployed anonymity systems. We explore their anonymity and message delay properties, and show how to mount active attacks against them by altering the traffic between the mixes. We show that if certain mixes are used, such attacks cannot destroy the anonymity of a particular message completely. We work out the cost of these attacks in terms of the number of messages the attacker must insert into the network and the time he must spend. We discuss advantages and disadvantages of these mixes and the settings in which their use is appropriate. Finally, we look at dummy traffic and SG mixes as other promising ways of protecting against the attacks, point out potential weaknesses in existing designs, and suggest improvements. 1 Introduction Many modern anonymity systems are based on mixes. Chaum first introduced the concept in 1981 [Cha81], and since then researchers and developers have described many mix variations, eg. [Jak99,GT96,KEB98]. These have different aims and approaches, yet we still fail to understand the performance and ano- nymity tradeoffs between them. In fact, some of the mixes used in well-known fielded systems such as Mix- master [Cot94,MC00] are mentioned only briefly or not at all in the literature. We aim to start closing this gap by enumerating and exploring a variety of mix architectures. In particular, we consider the extent to which the mixes are vulnerable to active attacks such as the n- 1 attack. More specifically, an attacker targeting a specific message going into a mix can manipulate the batch of messages entering that mix so the only message unknown to him in the batch is the target message [Cot94,GT96]. This manipulation may involve delaying or dropping most or all other incoming messages (a trickle attack), or flooding the batch with attacker messages (a flooding attack). We call these attacks or combinations of them blending attacks. We provide a rigorous analysis and comparison of several properties of each mix variant, including anonymity, latency, and resistance to blending attacks. We also give intuition and guidelines about which environments and circumstances are most suitable for each mix variant. 2 Blending Attack Taxonomy In the past, many anonymity systems have been concerned with protecting their users against passive adversaries, either global or local, usually citing the n- 1 or the blending attack as a vulnerability, with (quoting [BPS00]) no general applicable method to prevent this attack. In this paper we discuss ways of reducing this vulnerability....
View Full Document
- Fall '08