[e-privacy] Interessante paper e test "su strada" (Mixmaster vs. Reliable)

marcoc1 at dada.it marcoc1 at dada.it
Tue Mar 30 15:44:25 CEST 2004 

Ho appena avuto il tempo per una veloce lettura, ma la paper che 
 la mail allegata indica e' *veramente* molto interessante
 (ed anche tosta da leggere)

http://www.abditum.com/~rabbi/mixvreliable.pdf

Tra le altre cose evidenzia l'esistenza di molte
 pecche nel codice di Reliable.

Italy Remop ci sei ? Cosa ne pensi ?

-----Forwarded Message-----
From: Peter Palfrader <peter at palfrader.org>
To: remops at freedom.gmsociety.org
Subject: [Remops] Comparison between two practical mix designs (Mixmaster vs. Reliable)
Date: Tue, 30 Mar 2004 15:30:03 +0200

Hi,

you may be interested in a paper by Claudia Diaz, Len Sassaman, and
Evelyne Dewitte.  Evelyne is a statistician and Claudia an anonymity
researcher, both at the University of Leuven, Belgium.

Abstract:

We evaluate the anonymity provided by two popular email mix implementations,
Mixmaster and Reliable, and compare their effectiveness through the use of
simulations which model the algorithms used by these mixing applications. In
order to draw accurate conclusions about the operation of these mixes, we use
as our input to these simulations actual traffic data obtained from a public
anonymous remailer (mix node). We determine that assumptions made in previous
literature about the distribution of mix input traffic are incorrect, and our
analysis of the input traffic shows that it follows no known distribution. We
establish for the first time that a lower bound exists on the anonymity of
Mixmaster, and discover that under certain circumstances the algorithm used by
Reliable provides no anonymity. We find that the upper bound on anonymity
provided by Mixmaster is slightly higher than that provided by Reliable. We
identify flaws in the software code in Reliable that further compromise its
ability to provide anonymity, and review key areas which are necessary for the
security of a mix in addition to a sound algorithm. Our analysis can be used to
evaluate under which circumstances the two mixing algorithms should be utilized
to best achieve anonymity and satisfy their purpose. Our work can also be used
as a framework for establishing a security review process for mix node
deployments.

The full paper can be found at http://www.abditum.com/~rabbi/mixvreliable.pdf
Note that this is still a draft.
-- 

+     il  Progetto Freenet - segui il coniglio bianco        +
*     the Freenet  Project - follow the  white rabbit        *
*   Marco A. Calamari    marcoc at dada.it     www.marcoc.it    *
*     PGP RSA: ED84 3839 6C4D 3FFE 389F 209E 3128 5698       *
+ DSS/DH:  8F3E 5BAE 906F B416 9242 1C10 8661 24A9 BFCE 822B +

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
URL: <http://lists.winstonsmith.org/pipermail/e-privacy/attachments/20040330/6ada11c7/attachment.pgp>

More information about the E-privacy mailing list