Bestand wählen
Merken

Practical Mix Network Design

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
act and the and
the and
the and the next so going up is gonna be practicum it's never designs all strongly a protection for other synchronous messaging alone held by I along by David Stern done result makes the birds and as a coda because it for work and by Jefferson contribution to the home you never project organized a couple of reasons for this on last year's Congress and is basically of a mathematician trying to get practical the beggar told the belts down components all makes that roads and so on yeah defensive that basically taught can't do all yeah but another big round of applause the heart of it
OK so I'm just this is David from were right to be telling you something we're going to be telling you some aspects about designing CSI works on the and I'm in love with their own academic involved in a project is of the panoramic project I the use of OK so 1st of all we just to be clear of course encryption works and you know if it's a properly implemented and then you know we have a huge amount of trust and that we even have the you know sort of slides showing that the most powerful adversaries in the world cat get can break these things so this is if you find however we have to
worry about sort of about the metadata leakages but then in the stop especially in every word about the traffic analysis of the kind of connections so from yeah it's
time series timed actually start addressing these things OK so existing solutions to
traffic analysis so there's this wonderful toward toward program and project and they we we know as a 5
years ago they consider the the the even the NSA considered considered taught to be quite effective at preventing mass location tracking so this is so toward works for what is designed to do a toward does not protect against an adversary who can see both ends of the Tor circuit so this um this is this is a handicap in a number of such in a number of situations of the 1st situation is if I if you have a
website that is if you if you have a website of course then somebody can have for fingerprint this website in advance have some you know description of its k of its traffic profile and they can and they can tell if the if you were just looking at your connection if you're if you're accessing that without website over 2 or so OK so let's admit defeat for the web on the web for now because we're not going to you know we're not going to be able to provide that kind of when I can be able to see that kind of adversary very quickly but the bottom OK can we just message our
friends over toss the few programs to do this there's shaders prior on the problem with using Tauzin messaging as a messaging transport layer is that frequently the people you want to protect are in the same country or even on the same ISP so the original property of the you know the emissary being able see both sides of the connection comes comes through again and they can very quickly be that that connection between them very quickly be and seen so OK how
can we actually keep our messaging metadata private and the answer we're going to say is sort of that were going to the right 1 is a mixed network I app so makes networks or message-oriented I suppose to stream-oriented on their essentially an unreliable packet switching network and the also Italy and c is added at the top of the so called mixed strategy there's a bunch of different make strategies on it's kind of an
architectural diagram notice there's no exit notes there's no talking to the Web like with Tor so the security models different so we do have a PKI similar to we can call it like the direct authority system and so how does a bunch of differences between the poor and mixed nuts and 1 of the important ones is that we can actually do decree traffic everywhere in this diagram like we can do decree traffic all the way to clients of or to the destination some the yet so 1 of the 1 of the issues with Torres of course you can do you if even if you that the court traffic you couldn't hide the uh you couldn't protect against this
what website fingerprinting attack necessarily because you're going to be water you're still seeing the connection going out the other side see there's a style of analysis a new object so 1 thing that just some history here are at the water actually the the always anonymity system as far as far as I know from I've been chums 1981 paper on there and and there's a few other tools that have been proposed 1 of them is private information retrieval using written PIR of this works and sort of narrow situations when you try to retrieve something from some kind of database on the scaling is perfect on it but this whole things you can do on but there's another at the other 1 the other 1 the sort of is generally proposes the alternative to mix networks is dining cryptographers networks and the problem with them is the bandwidth is really literally um you know screw it EEG you're paying literally uh for the the quadratic about cost-per-user shown in something like make so the you're anonymity set is is is really going to 1 being very small and the fears talking about building something that has inherently has a small anonymity set then you have to ask who are we protected and the EU if you're you're you're you're protecting whistleblowers anymore because of forcible force of law talks to you know journalists it's unclear which journalist and you know dish he's talking to you while he still some he stole the guy with who who knew this thing to talk to somebody in the field so and words it does protect you it doesn't really know what it is that the person that it does protect is somebody who already has a lot of power and which can be hard to convicted anyway because so what we want to do so we really wanna blow up the anonymity set as large as possible and that's why we like which works the but it's so we're gonna talk about a few attacks on makes works and some defenses of epistemic tax or not 1 of the attacks were really going to focus on because it's it's really specialized area of research there is actually a a bunch of but few papers and written on at breaking different but our public key infrastructure systems for like other things like point-to-point networks and other other things like that so what are more OK so OK but we can say at a guess we should mention that our PKI of generally makes literature assumes you have a peak at assumes that the all the clients using it out somehow know about the whole network so you get the so so usually won't be anonymity researchers talk about a became the generally assume something like the toward directory authority system where you have some people who can be the trusted who run the thing on this actually sensor scalability parts what's going on what's the cuts inverse project and and their and Paris is doing it does the scalability problem of more serious than the 1 for toward the the the other ideas you can do there's a there's so down the track and the idea of sort of making it more secure beyond as these people of projects like providing and things and on the on on trying to make it more scalable there's other things like we have a we have some people and their project the research in this in the past generally these peer-to-peer networking projects to try and come up with you know distributed pk eyes have very serious attacks against them these epistemic and especially epistemic attack type things so you're not going to completely fix those so the way that you would have a distributed PKI is you would have to prove that you really know how bad the attack is and then argue that this is better than some 9 people or whatever possibly being compromised but we don't talk too much about this because this is not our area of work Bo just 1 it's introduces a lot of interesting stuff there and right now so since leading from the epistemic attacks and they were going to tell you about sort of since this is 1 of the sky what Chinese go about how the scalability comes in but yeah
so for OK so that makes MedScan skin can use cascade topologies where everyone uses the same route and this is this is quite a different than tore where rout unpredictability is used to achieve because some of its anonymity properties so common makes that's on it you can use the same as everybody but this is a scalability problem of so we have other things like
fear and also
stratified topology but of fear out actually has slightly worse anonymity on quality is has got an excellent paper and about this another kind of the point about throughout is that in practice like the taught at work EU visualizes a free network and grew away from that dike like nodes have specific or authorized to be in specific positions and things like this so maybe that free routs part where you just you wouldn't land there anyway even if you tried fire exit exceed of forces God flags
Fedora but this is another diagram of the of stress or any later any mixing layer 0 0 can connect to any mix in layer 1 and and send an expected on so this is this is
sort of comes from the lipoxins I'm so it's so that would be mentioning some more design from the bricks of cool thing about this is it's fairly easy to of calculate the entropy of each makes compared to say free rel which is pretty
complicated and this also scales pretty
well we can add mixes of each
layer if we need to scale up for more traffic and more users so and we're going to mention a couple sometimes will put some citations on the slide I don't take she did not too critical but both the 1 on this 1 yeah cut it is a very nice paper for understanding the different i the analogies
and I believe right has a paper on this topic as
on OK so why isn't this for a while the main thing that we can say is that toward doesn't actually makes if the packets er you know what the packets coming in a particular point in time are basically the same packets going out you pretty much know uh in the much no so you was a very small number for the mixed strategy actually does is an algorithm that's part of the software to do the thing when mixed strategy actually does is it is it adds latency to reduce this the the correlation between packets and there's yeah OK yeah this so that of David chime 1981 with this 1st makes that paper of described this this threshold makes so say this makes had a threshold of for would accumulate for input messages like this and when it is I have enough for its special Bennewitz shuffle them and send them out on dynamics is also the unwrapping a layer of encryption for each of these hops and so if I was an attack and I want to break this what I could do it is weight of until the mix is empty or I can make that makes empty by sending my messages into it and then when a target message and this mix I could send my own messages and cause it to all achieve its threshold and set shuffle unsettled messes up so then I would recognize all the ciphertext of my own messages and the 1 message I don't recognize is the target message from and you can keep doing this reach up and this is called a n minus 1 attack or blending attack and there's
a lot of variations on them we are all we have continuous-time mixes of like a stop and go makes in the Personics strategies and these make strategies they allow the client to select delays for each hop are usually the from you know an exponential distribution but um so the if if an attacker wants to break this using a blending attack taking on 1st we need to empty the mixed Q by blocking all input messages from the makes and waiting some period of time where it's highly probable that the makes Q would then be empty and then they would allow the 1 target message to enter the mix and continue the block other input messages and then simply wait for that message to be output but not this these attacks we have we have some defense for them like say of the hobby protocol from of voltage church wrote a paper about 10 years ago tragedy an of it's also in the the picks papers well it's mentioned and um so we would have mixes with the a kind of Decree traffic called makes we refer to him as makes loops or hobby traffic were makes ascending itself a message like a self-addressed stamped envelope it's going through the makes networking coming back and if doesn't receive its hobby in some time out on use of it it could be under attack were of course it could be other problems in the network as well and so you want it may be a correlate attack with several of the earliest receive a heartbeat message
I the the then there's other defenses for planning attacks as well there was a recent paper published but we're not gonna talk about that right
now on the next the next category of attacking of is uh statistical disclosure attacks on this is essentially I I like to think of it as the at the adversary is obstructing the entire mixed network as if it's 1 mix and they're looking at of messages go in and messages come out and a lot of this literature is written from the perspective of of like point-to-point networks like come but when Allison Barber receiving messages from the mixed at work and they're receiving at their home IP addresses as if we had publicly routable IP addresses and knowing that places to get in the way of maybe a more modern sort of
architecture might involve In carrying messages of the this is a concept used in the pics design as well so the Olympics has got a bunch of
different the quick traffic types of in order to add noise to to this signal at various locations in the network of on so there's but drops the quick traffic where a client would select a random destination provided to send a message to so traverses MixNet and think it struck by the provider the and there's also the client loops and actually I should mention
if we're doing this these kind of statistical disclosure attacks and a lot of this stuff we don't know how well work in the real world because it really depends on the specific application and the adversary's ability to predict the user's behavior and that user and that behavior should be repetitive I'm in this depends on how much information is leaked by the system but make makes networks always leak information so it's it's about measuring the leakage of an understanding of the user behavior is dynamic enough of these attacks don't always they won't they cannot always of convergence success of so if it depends on the particular system and how it's too of in this the particular case of for queuing messages in in this style makes network the adversary would have to compromise their destination providers uh so previously here in this situation it would be this point-to-point never situation where people are actually receiving messages from the mix 2 there are like mailbox directly at today 0 my p but the adversaries a passive adversary but in the more modern or
architecture that where this is acute but I mean some more modern but it's the the Labex design which is a recent paper so this attack becomes an active attack
Anderson padding to the client so we have some amount of receiver unobservability and so clients receive the same amount of information when they seek mess the
but so OK so there's a question that's natural OK so we've talked about adding latency and we're also talking about having cover traffic she might ask is this enough and is the way I can give you could get away with less and the answer to couldn't you could I get away with less seems to be no problem it it least vise some artificial measures the uh the the your anonymity is can't really scale better than the cover traffic times the latency so um 2 1 take away from this is so Lin that why and what is store situation so having no larger always tells people that they don't know if a if the if adding cover traffic to toward would help and 1 sort of extreme version of this is of course it whatever cover traffic you had times something very small is still something rather relatively small so um V alright now you notice your course anonymity still looks quadratic in something but it's no longer in the number of users so what we were talking about is paying some sort of fixed up front cost that may be somewhat large part of part of it is in terms of of the user's experience with the latency and part of it is in terms of the actual sort of cost of their you know the network connection but it's you know it's it's doable of so 1 things OK so sometimes people have made these just to sort of wrap up this section about topologies and whatever uh and and strategies and things so people may be sort of quality religious statements about encryption from time to time and that the disorder boil that down to something concrete encryption is basically free and general and but for the makes network information at work we're gonna have to actually pay some kind of real cost OK so 1 thing about mixed
networks you don't want to roll your own packet format there's this wonderful 1st to know reasonable 1 of the roots of the 1 that has stopped much of the development in this area is strength it's some it's my compact and it has very nice security process by tossing is single bird so just a comment on the name so the packet format a header and a body and at the time that it was developed to the body has to be encoded with what's called a wide block safer and at the time it was developed those the white book the only white blocks so for the people were thinking about was was Linus and there's now some other why blocks efforts like easy by Rogaway in supposedly the DAB has 1 and and on the way and so on the sale of few things about the packet
format so the header has 3 parts but 1 of them the 1st part is a public key this elliptic curve point and come and then there's this body which is imperative box 4 so the way he sort of more you think about this node and operating is ours has a the others this he change between the mixed node analysis analysis that Alice 1st does it you think's up this this key for her packets and as you change and then the next node From computes the other side of it of it edges of that Diffie-Hellman and from that makes note extracts the next hop and he mutate he has to mutate all the different things so what strength is is the rules for how to mutate those but
OK so let's say 1 thing is kind of important so why are we using know why delta and it makes the comment on this too much but the header part was max and delta was not so why is what we not put a Mac on delta this seems very very dangerous because if you know if we had if we were just using an unmatched streamcipher than some adversary who controls on mixed node next to the sender and answer and some place for the messages in the place of messages going just X on arbitrary message in the packet and then check for when it arrives and um but we don't use it a streamcipher we use a white box IFA so what this means is that I and the attacker during the same sort of thing you will only will get it most a 1 bit tagging attack so again that's still it happened why would we tolerate even a 1 bit tagging attacking
I and the answer is that are anonymous receivers really matter and so there's a few things that says a few things the you so course a journalistic sources were whistleblower whatever on but also any kind of service like if you wanna talk to some cryptocurrency network we wanna talk to you or download some file or anything like this anything where you interact with the services uh you have to do you need some kind of acknowledgment back of it and in fact even just basic protocol Axford for messaging system need some sort of worm facing the need some sort of a spot replied so OK so what is this so how do we do anonymous research receivers with pre was from single-use reply block so that's some of 1st node where goes to 0 expiration date and then the header and also proper and also 1 where 1 might 1 cryptographic Kiefer of for 1 layer of it and so the the recipients makes up this uh this Serb and supplies it to the sender at some point in the past the sender attaches the delta and they can send to the recipient OK so great
no OK now let's get into something tricky and we have these cops OK we might worry so if you looked at the key exchange that I did the act this sender just may Alice descended is made up her out on the spot so she got a new she got a new shipper key is ephemeral but the mixer and he wasn't it was supplied by this PKI so um so all right that means so we wanna precocity forward secure and yeah towards forward secure does negotiate like negotiation with the top which is great and what we want we so we need that we need some kind of forward security and I we don't have it apriori so what we have to do so 1st of all makes that so we need some kind of really replay attack protection anyway I'm so EU would say this requires some sort of data structure that and that will eventually fill up or overflow or something like this so as to prevent that we have to do the rotation anyway so 1 option is to just rotate the makes he's fast problem with that is that you know what a stress the PKI too much because p k a's already scaling is already scaling back so don't have our but another problem with that is that the Serb lifetimes are equal to the node the life of the and they can't exceed the node key lifetimes so that means that we if we wanna be able to have a forward cavity compromise window smaller than the node you lifetimes where is that we have to do you are you know smaller than the survive lifetimes we have to do something
else so there's a couple ideas from so George Braque in 2000 their so what is the idea is to look at maybe we can be like a little like toward use more packets per firm for the packet we wanna send but not doing the way toward us it so George who proposed using 2 packets in different key epochs that's pretty good that that gives you that gives you a lot of nice properties and so there's another thing you can do about that I'm sort of bend that I've been working on which is you can you can use a little to the mix into a mixed narrowed to actually do uh a key exchange and then on the next node you can you can use a double Roger construction for some parts and that that that this term problem with this is it's cheating on these 2 these 2 things and our you wouldn't wanna do them all hops because they create some correlations between packets so the OK so we can now and so we can in general we can ask what is what we want to the key exchange that are mixed no no what we what have we make this makes forward secure so the model is it too much about this but are in general we can talk about the different stress different sort of rock basic uh technologies for key exchanges and the properties we can get out of them in the context of strengths and and you know anything is based on elliptic curves is not gonna be because quantum so if we want something based on a from 1 that we needed something else so there was a blinding operations thinks said entirely about doing that the post quantum context is tricky probably were stress IDH it no I will we don't know if it works for all the buII there we certainly have no idea how to efficiently maybe can be done in our March cheating strategy gives us nice curation properties it gives us post quantum if the loop but if the loop did oppose quantum key exchange and there's another nice property that gives that you can't really get any other way which is at the the blinding things hybrid put you can actually have a hybrid POS quantum properties and that means that you can use both elliptic curve and this dispose quantum key exchange and if either 1 of them is true is good then you can't break then you can break it on if you try and do this construction with something like LWE you're probably not going to be able to get that hybrid pos quantum property because the blinding operation itself will depend on the LWE cryptographic assumptions so um nevertheless I wanna conjecture that LWE maybe the sum of the beam isn't of learning with errors maybe some the eventual sort of oppose quantum key exchange why used as a mathematicians love conjectures so I don't think there's 1 with blinding but I think we can probably arm come up with something that eventually where we have some kind of nice blinding for the LWE scheme and it even has puncturing are punctured encryption is something that you can currently do with pairing they script auditing excruciatingly slow but I think it could buy suspect it could be done fat much faster with that of the beauty OK I OK so mixed
networks the unreliable the packet switching and so in that case some classical network literature can can be applied on now a automatic repeat request of protocol scheme is 1 of those protocols schemes that has recall acknowledgements and retransmits and we can do this over makes networks but leaks extra information every act and could potentially be used as a correlation attacked for instance if the adversary causes the act packet to be dropped in in a stubborn way Eric you the simplest variety of these protocols with leak the least amount of information on so that's what we're using and we have 3
cryptographic layers in our stacked right now in this of the big stats impose project were working on all Johnny Angel wrote a cryptographic link clear based on the noise of cryptographic framework on he's mixing you hook simple with R X 2 4 5 1 9 and the key exchange and I'm we also have a speaks cryptographic layer of sphinxes which have talked about earlier the cryptographic part format and we'll 7 and 10 and cryptographic messaging and this is another sort of
look big style diagram Alice sends a message to Bob's providers so it goes through the makes over to Bob the and Bob can ratives message later and with some relatively simple changes from this loop Olympics design we can and do you have a stronger application hiding properties were Alice and Bob or don't talk directly to the provider that the it's of retrieving messages from they can send a single use reply blocks to retrieve messages this would increase latency on so 1 thing that's nice there's a common to make here is that a lot of time certain schemes in academia and tend to use 1 use PIR for this retrieving the that that thing about from Europe from your provider and and the but 1 of the problems with using a PIR scheme here is that you're going to have very different could very different sort of assumptions of play there and the way in which you model it is going to be necessary necessarily quite complex it's far Fraunhofer registered and you during playing with all this stuff but it's actually giving all everything to match up will be complicated and so this is why so that in in the scheme but they were talking about here you actually you're you're mix that is giving you a location hiding properties so you can you can express of some work that will right and also whereas in this situation of the olympics designed it doesn't have a strong location properties in particular but if Alice really wanted to figure figure out where Bob is she would the hackers provider and then I stick it out until his IP address shut up again so on the 1 problem with this and
with these provider models is that like the images that you can get a provider hacked on and on there's a way to fix that but it requires modifying sinks a bit I said that would that we just said don't roll-your-own packet format but it's a good idea to go through the security proof again anyway and it's a small change but so the idea is that we have in this middle this hard drive picture is that is some sort of of mailbox server accumulation thing that the receiver here can move 1 every once without telling his contacts and it is contact section region in other ways you he gives them Serbs or he's puts the Serbs at this thing called a crossover point which I didn't wanna tell you too much about them on so but the the idea is that this guy can but I receiver can supply the consensus and Serbs to this point in the middle and then the PAC and when he holds online and then it will send him up messages so that the you can have this very this the coupling and 1 of the nice things so it at the end of the day what the proof what you're like security results that makes that's gonna be as light OK well in 3 months you know the mechanobiology on you 3 months so we may be able to do a bit more if we can move this guy in the middle periodically the OK so but this is working very much work in progress is not at all in the cats and posting it requires modifying Sphinx and doing the doing some do during all what that number of pairs so OK we've been talking about
out of applications to the idea being messaging on all those other applications and on where you're still sending messages but to give you a bit more something of a more concrete it it there's a there's a few um schemes for doing anonymous money will right now is a lot of seems to bring on as money mostly this out but there's a few there are actually quite would have extremely strong cryptographic assurances on the anonymity of the cash you basically we have to invert a hash function or something to break about the I am taller as well in the in the article I signatures information-theoretically secure binding which is they're absolutely unbreakable there's a point intolerance weaker than that but are another thing you might ask is some you know
can we do anything web-like where there is a project that wants to write a package of web pages and ship them over a free so you could use it to ship things over mixed network but but fundamental like if you imagine what we wanna do like build build some application that doesn't collaborative thing like run something like Google where have have adjusted Etherpad over mixed network you're going to have the interesting issues a pop up with like the mergers and other things and and the way the latencies gonna have other impacts on the users and 1 thing we're not really thinking about what we would really like other people to think about is sort of how to make and how to make
people happy with higher latency applications and I this sounds hard but actually a lot of times like you know when you look at people who are developing more modern web frameworks actually they are doing in a more the obstructing you know cat something accounts the is doing is is not literally in uh um you know of supporting latency but it's it's the coupling things away that is quite relevant to what we wanna do so that it would be fair for us to say like a user school messaging app on its unreliable so under send you a message but you might not get it and so we want deploy belittled some reliability and and you and you pay for that and in retransmission sometimes and and some extra leaked information for which we need to compensate with big it more decree traffic we can actually the Labex paper explores this tradeoff where you can make the latency lower in a mixed network if you are willing to send more decree traffic the and so but that should help yeah on it's it would still it's still doesn't make it makes networks so but I don't think as low latency is store or even close down but this is a matter of tuning and and we can release have lower latency makes our extend say 10 years got in 1 of the nice things about certainly the nice things about the stuff that they've been yawning have been doing is that there is directed to really trying to make the by this the the army there so the reliability measures worked in the next work in the or just just above the mix network and this is really essential if you wanna build something that application developers can use because of what that it is actually common an systems for for the sort of reliability measures to create 2 possibly compromise other things so having been able to do the reliability stuff in a way that you can still have a superior properties for his important again 0 0 yeah I would like
to say thanks to the researchers we've been working with on and as you like to think yarning into for all that good design advice and that work on the specifications and then through George for his advice and was poly hours moderate cloudy for the excellent paper on yeah further depicts paper Christian of the everything that I've been working on a photon analytical Madison from the Tor Project help me out a lot with the with the ah PKI specification of because while I mean he wrote the TREC 230 system for mixed Minion and for Victoria and and also to tremor apparent for on running this wonderful mailing list which were we you know where we get numbers of important ideas idea and Trevor also helps with the baguettes sense about those really great with our where protocol using joints and the anyway and and that's that's the this new sort of project and right that's the and it can be the they did so much right you have any questions you know room please line above the microphones so what do we have questions from the internet formulas the nobility the locus of formulas seed there's 1 goes from like from 1 and you mentioned the latency will be hired and for those who will be thinking of uh seconds minutes what so sort of order of we denote by so the question is of the latency will be added into or how I will be but we don't really know until we tune the mix network and you will join us claim seconds so I don't know of analyzes that if we're saying that makes it works on trying to be a general-purpose anonymity system like 4 we're trying to make up on customized networks for specific applications and so each application has different traffic patterns in different ways the use so the latency would would necessarily come after tuning of now some of we have some idea that maybe a few minutes let's say but it really that can answer the question it actually the researchers were working with the about to publish a new paper about how to the tune of Decree traffic and latency for the desired entropy want in each mix the the if the all mode for number to your question you have you have mentioned that the meets men were speaking eyes half a high year scalability problems or Weiss that looks like this now or will have less Nolde's because they didn't even unpredictability so what have I mean if you're trying to build a replacement for e-mail and you want everyone in the world to use it and if you work through like a sort of bullshit back of the envelope on the computation it there's an argument that you're in is that if you have a central but a centralized PKI a plus whatever other anonymity system is only about 10 million times better than just sending every message to everybody but the something you know that's very back of the envelope you can try and work uh so um you need some you OK so there's that and and the use of the specific seeing what I said it's less of a problem for 2 or is it toward you certain clever things like there's a there's 1 other proposals you think that should not take that serious at the moment is where they they published this big list that published PKI or sorry the bigger the the thing and nodes don't actually download the whole the the whole of this consensus at all they just point to a place in the consensus and they get back a proof that they were given the correct that they were forwarded to the correct node so this not just that gives you another order of magnitude at 2 on that fat on that note 10 million I just quoted you a big order my phone number 3 yeah hi this is mostly really good work and I'm happy to see it my question is if there are multiple applications which have different tuning requirements can the same networking and help each other anonymity said we have to have multiple networks pop so we agree with the best if they could help each other by increasing each other's anonymity set but were concerned that the specific tuning for the decree traffic might prohibit this in some cases for all of them actually and there's some other considerations is welcome and so since we're not stream-oriented on all the data has to fit in 1 packet and so if we have like an e-mail use case we probably you're gonna get around 50 k average size e-mails that say and if we wanna make like makes chapter passenger that applications I might send really short messages like you know what's up and now we're setting that in the big 50 K packet so 1 thing that is clear if you wouldn't do it for all the you would have a new thing for every application obviously if you have something that's gonna be quite infrequent like a payment thing then it needs of then you should be using a network with a with much more frequent packets and just accept that you're going to be used except for the efficiency of and there's another consideration to it which is sometimes in these chat and the applications of communication partnerships might be symmetrical and that we might send each other roughly the same amount of data and and stuff like not that I don't think makes sense are good for Web browsing but in stuff like the web it's more like get page and then you get a but bunch of information back so there's lot of different so what would the decree traffic look like that forces a symmetrical all communication partnership and so that's what I meant by some applications might not be
compatible with each other to set it to this decree traffic in the same except it would we certainly would hope that most sort of like peer to peer that the almost sort of peer-to-peer like all of your Etherpad your other sort of collaborative applications your e-mail your payment work which are available in all that stuff could be bundled on the 1 thing that was sort of optimized for this e-mail like use case and then where the if you actually need the instant messaging network at all is another question that all right like from them on what's the question can you give the world OK give more concrete examples of software to try out for like so that like like paper so great like if there is anything to attach to act to whatever will longing for actually right now we're running at test method makes that work on several machines that we have lying around and it works great but thanks for masculine colleagues for their help for that but but the we don't really have any anything near production-ready like was that I have waiver models of our dialog doesn't work had it so good it was so the answer to question his you know we we got enough and of the that but we hope we hope soon like that I'm not sure how soon but the funding of and than other things were working on the thank you all much and to was a question and I was thinking about this in in in the real world you're envisioning an app where people could communicate and our and I worry about mobile telephones uh uh because religion vision to users using this app to communicate with each other the idea would be that 1 person sent a message and then sometime later this other person takes the fun out of their pocket there's so much going on when a phone comes out of a pocket and discrete is turned on what's at this is talked to and there's so much that that you can look at outside of the cell makes network if you over a month of time can correlate who picks the phone out of their pocket every time when when a person sends a message so can't you correlate that way it is not a huge problem that that sort of is completely outside of the world of the of the problems you're thinking about how and my in my I deal I have no idea in my ideal world on the part of the solution to making users happier with latency is the phone doesn't being anymore you don't get notifications you just some you check your phone when you check your it in so I had I think that would be an important security properties as well but I would actually like it the there's a question here is would that make people actually happier with latency with would can you mean you you all these things are being built now are being built a sort of maximize engagement and you want to actually you actually don't want to do that anymore you want people but only use it when they won a year when they wanna use it and alright thank you since there are no more for the questions so thankful of 2 draft thanks also David thank you fit some was was
that it is the and and the the kind thank poop at at
Resultante
Torus
Unrundheit
Computer
Kolmogorov-Komplexität
Synchronisierung
Dijkstra-Algorithmus
Datennetz
Schätzung
Mathematikerin
Elektronischer Fingerabdruck
Zusammenhängender Graph
Streaming <Kommunikationstechnik>
Message-Passing
Einfach zusammenhängender Raum
Rechenschieber
Chiffrierung
Systemprogrammierung
Metadaten
Chiffrierung
Metadaten
Datennetz
Kryptologie
Kategorie <Mathematik>
Wort <Informatik>
Projektive Ebene
Computerunterstützte Übersetzung
Quick-Sort
Analysis
Korrelationsfunktion
Objektverfolgung
Ruhmasse
Zahlenbereich
Analysis
Endogene Variable
Zeitreihenanalyse
Datennetz
Zellularer Automat
Digitaltechnik
Statistische Analyse
Ruhmasse
Projektive Ebene
Routing
URL
Optimierung
Bruchrechnung
Analysis
Einfach zusammenhängender Raum
Web Site
Kategorie <Mathematik>
Shader <Informatik>
Profil <Aerodynamik>
Web Site
Service provider
Deskriptive Statistik
Message-Passing
Benutzerbeteiligung
Minimum
Elektronischer Fingerabdruck
Optimierung
Message-Passing
Subtraktion
Metadaten
Datennetz
Computersicherheit
Autorensystem
Knotenmenge
Public-Key-Infrastruktur
Quick-Sort
Eins
Richtung
Chiffrierung
Message-Passing
System F
Benutzerbeteiligung
Informationsmodellierung
Diagramm
Rechter Winkel
Datennetz
Strategisches Spiel
Computerarchitektur
Information Retrieval
Web Site
Public-Key-Infrastruktur
Mengentheoretische Topologie
Wasserdampftafel
Autorensystem
Gesetz <Physik>
Netzwerktopologie
Physikalisches System
Weg <Topologie>
Client
Digitalsignal
Skalierbarkeit
Maßstab
Kryptologie
Adressraum
Datennetz
Datentyp
Information Retrieval
Vorhersagbarkeit
Äußere Algebra eines Moduls
Schnitt <Graphentheorie>
Analysis
Leistung <Physik>
Einfach zusammenhängender Raum
Zentrische Streckung
Datennetz
Kategorie <Mathematik>
Datenhaltung
Inverse
Telekommunikation
Routing
Peer-to-Peer-Netz
Physikalisches System
Knotenmenge
Quick-Sort
Quadratische Gleichung
Datenfeld
Menge
Forcing
Flächeninhalt
Mereologie
Bandmatrix
Projektive Ebene
Wort <Informatik>
Bandmatrix
Verzeichnisdienst
Umwandlungsenthalpie
Mengentheoretische Topologie
Ortsoperator
Datennetz
Freeware
Routing
Netzwerktopologie
Freeware
Diagramm
Knotenmenge
Forcing
Datennetz
Fahne <Mathematik>
Grundsätze ordnungsmäßiger Datenverarbeitung
Mereologie
Overhead <Kommunikationstechnik>
Normalspannung
Rechenschieber
Korrelationsfunktion
Zentrische Streckung
Freeware
Mengentheoretische Topologie
Datennetz
Overhead <Kommunikationstechnik>
Entropie
Analogieschluss
Quick-Sort
Korrelationsfunktion
Schwellwertverfahren
Punkt
Mengentheoretische Topologie
Diskretes System
Zahlenbereich
Ein-Ausgabe
Algorithmus
Chiffrierung
Rechter Winkel
Software
Datennetz
Mereologie
Strategisches Spiel
Overhead <Kommunikationstechnik>
Korrelationsfunktion
Message-Passing
TVD-Verfahren
Exponentialverteilung
Protokoll <Datenverarbeitungssystem>
Datennetz
Einhüllende
p-Block
Ein-Ausgabe
Frequenz
Loop
Client
Rechter Winkel
Strategisches Spiel
Ablöseblase
Message-Passing
Funktion <Mathematik>
Netzwerktopologie
Statistik
Datennetz
Perspektive
Kategorie <Mathematik>
Statistische Analyse
Routing
Computerarchitektur
Knotenmenge
Ganze Funktion
Message-Passing
Netzadresse
Statistik
Architektur <Informatik>
Datennetz
Geräusch
Kartesische Koordinaten
Physikalisches System
Knotenmenge
Service provider
Physikalisches System
Loop
Client
Datentyp
Statistische Analyse
Client
URL
Information
Ordnung <Mathematik>
Message-Passing
Versionsverwaltung
Zahlenbereich
Term
Überlagerung <Mathematik>
Netzwerktopologie
Chiffrierung
Service provider
Client
Reelle Zahl
Grundraum
Statistische Analyse
Speicher <Informatik>
Einflussgröße
Graphiktablett
Einfach zusammenhängender Raum
Zentrische Streckung
Befehl <Informatik>
Siedepunkt
Datennetz
Quick-Sort
Quadratische Gleichung
Chiffrierung
Mereologie
Client
Strategisches Spiel
Garbentheorie
Entropie
Information
Computerarchitektur
Extreme programming
Public-Key-Kryptosystem
Prozess <Physik>
Punkt
Quader
Computerunterstütztes Verfahren
E-Mail
Chiffrierung
Stromchiffre
Knotenmenge
Computersicherheit
Kompakter Raum
Wurzel <Mathematik>
Softwareentwickler
E-Mail
Elliptische Kurve
Analysis
Nichtlinearer Operator
Datennetz
Computersicherheit
Datenmodell
Schlussregel
p-Block
Dateiformat
Ellipse
Quick-Sort
Tupel
Flächeninhalt
Mereologie
Dateiformat
Schlüsselverwaltung
Beweistheorie
Bit
Punkt
Quader
Extrempunkt
Dienst <Informatik>
Stromchiffre
Quellcode
Knotenmenge
Message-Passing
Protokoll <Datenverarbeitungssystem>
E-Mail
Gammafunktion
Teilnehmerrechensystem
Protokoll <Datenverarbeitungssystem>
Datennetz
Wurm <Informatik>
p-Block
Quellcode
Physikalisches System
Elektronische Publikation
Quick-Sort
Einfache Genauigkeit
Dienst <Informatik>
Mereologie
p-Block
Message-Passing
Blockchiffre
Kreisbewegung
Subtraktion
Gewichtete Summe
Drehung
Nummerung
Biegung
Term
Loop
Knotenmenge
Informationsmodellierung
Kryptologie
Bildschirmfenster
Protokoll <Datenverarbeitungssystem>
Schlüsselverteilung
Quantisierung <Physik>
Kontrollstruktur
Skript <Programm>
Delisches Problem
Hybridrechner
Datenstruktur
Korrelationsfunktion
Elliptische Kurve
Videospiel
Nichtlinearer Operator
Konstruktor <Informatik>
Kategorie <Mathematik>
Computersicherheit
Nummerung
Digitalfilter
Kontextbezogenes System
Hybridrechner
Knotenmenge
Public-Key-Infrastruktur
Quick-Sort
Konfiguration <Informatik>
Ratsche <Physik>
Chiffrierung
Loop
Pufferüberlauf
Mathematikerin
Strategisches Spiel
Vorwärtsfehlerkorrektur
Normalspannung
Schlüsselverwaltung
Normalspannung
Fehlermeldung
Geräusch
Framework <Informatik>
Leck
Service provider
Kryptologie
Hook <Programmierung>
Datennetz
Protokoll <Datenverarbeitungssystem>
Korrelationsfunktion
Protokoll <Datenverarbeitungssystem>
Datennetz
Kryptologie
Klassische Physik
Nummerung
Statistische Analyse
ARQ-Verfahren
Binder <Informatik>
Mereologie
Client
Dateiformat
Projektive Ebene
Information
Message-Passing
Varietät <Mathematik>
Instantiierung
Resultante
Subtraktion
Bit
Punkt
Mathematisierung
Zahlenbereich
Kartesische Koordinaten
Netzadresse
Service provider
Service provider
Loop
Festplattenlaufwerk
Message-Passing
Informationsmodellierung
Arithmetische Folge
Hacker
Figurierte Zahl
Bildgebendes Verfahren
Kategorie <Mathematik>
Computersicherheit
Einfache Genauigkeit
Nummerung
p-Block
Cross over <Kritisches Phänomen>
Quick-Sort
Diagramm
Beweistheorie
Server
Dateiformat
Garbentheorie
URL
Computerunterstützte Übersetzung
Message-Passing
Fundamentalsatz der Algebra
Bit
Punkt
Datennetz
Nummerung
Kartesische Koordinaten
Information
Web-Seite
RSA-Verschlüsselung
Elektronische Unterschrift
Quick-Sort
Kollaboration <Informatik>
Umkehrung <Mathematik>
XML
Hash-Algorithmus
Projektive Ebene
Message-Passing
Punkt
Momentenproblem
Kartesische Koordinaten
Computerunterstütztes Verfahren
Internetworking
Homepage
TUNIS <Programm>
Skalierbarkeit
Mustersprache
E-Mail
Einflussgröße
Gerade
Umwandlungsenthalpie
App <Programm>
ATM
Parametersystem
Datennetz
Kategorie <Mathematik>
Gebäude <Mathematik>
Güte der Anpassung
Rechter Winkel
Beweistheorie
Projektive Ebene
Information
Ordnung <Mathematik>
Computerunterstützte Übersetzung
Message-Passing
Telekommunikation
Subtraktion
Zahlenbereich
Analytische Menge
Polygon
Framework <Informatik>
Homepage
Ausdruck <Logik>
Mailing-Liste
Benutzerbeteiligung
Knotenmenge
Webforum
Mittelwert
Datennetz
Netzbetriebssystem
Speicher <Informatik>
Softwareentwickler
Protokoll <Datenverarbeitungssystem>
Zwei
Einhüllende
Mailing-Liste
Physikalisches System
Quick-Sort
Größenordnung
Softwaretest
App <Programm>
Datennetz
Kategorie <Mathematik>
Extrempunkt
Computersicherheit
Zellularer Automat
Peer-to-Peer-Netz
Kartesische Koordinaten
Quick-Sort
Hypermedia
Medianwert
Systemprogrammierung
Virtuelle Maschine
Kollaboration <Informatik>
Informationsmodellierung
Software
Reelle Zahl
Mereologie
Ablöseblase
E-Mail
Maschinelles Sehen
Hilfesystem
Message-Passing

Metadaten

Formale Metadaten

Titel Practical Mix Network Design
Untertitel Strong metadata protection for asynchronous messaging
Serientitel 34th Chaos Communication Congress
Autor Stainton, David
jeffburdges
Lizenz CC-Namensnennung 4.0 International:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/34829
Herausgeber Chaos Computer Club e.V.
Erscheinungsjahr 2017
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract We shall explain the renewed interest in mix networks. Like Tor, mix networks protect metadata by using layered encryption and routing packets between a series of independent nodes. Mix networks resist vastly more powerful adversary models than Tor though, including global passive adversaries. In so doing, mix networks add both latency and cover traffic. We shall outline the basic components of a mix network, touch on their roles in resisting active and passive attacks, and discuss how the latency impacts reliability, application design, and user experience.
Schlagwörter Resilience

Zugehöriges Material

Ähnliche Filme

Loading...
Feedback