-----BEGIN PGP SIGNED MESSAGE----- [ To: cypherpunks ## Date: 07/02/96 03:35 pm ## Subject: Re: anonymous mailing lists ]

Date: Fri, 28 Jun 1996 23:04:28 -0500 (CDT) From: ichudov@algebra.com (Igor Chudov @ home) Subject: Re: anonymous mailing lists

How about this attack: suppose I want to find out who hides behind an alias MightyPig@alpha.c2.org and I have the ability to monitor all internet traffic. Then I simply start mailbombing that address and see whose account gets unusually high traffic volume.

Yes. This is a simpler version. The advantage of the attack I was describing over this attack is that an attacker doesn't have to know how to send messages to the recipient--just where the stream of messages is originating.

A nice, albeit quite expensive, way of pretection from traffic analysis is to create a mailing list (or a newsgroup) and forward all messages to all users of that mailing list or newsgroup. Of course, since messages are encrypted, only the recipients will be able to decrypt them.

The flaw here is that only a small number of people will be willing to plow through any volume of messages at all, in order to occasionally get a single readable message. There are also some potential problems with giving the right recipient a cheap way to determine whether or not this message is for him, without giving anyone else a cheap way to determine this. (An application for ``Rabin for Paranoids,'' anyone?)

This way the list of suspects is all subscribers of that list or newsgroup and there is no way to discriminate them.

If this is a small enough group, that may still be a problem. And the bandwidth and processing requirements are probably enough to ensure that it's a small group.

Instead of having messages to be sent to all recipients all the time, alpha.c2.org may be programmed so that it sends out every message not to only one recipient X, but to X and 20 other randomly selected people.

This makes the attack only a little harder. If the other 20 are selected randomly, then for a stream of many messages, only one recipient will correlate properly with sender volume and timing. If it's the same 20 every time for a given receiver, then the attacker will be able to narrow the recipient down to 20 people. At that point, he can use other techniques (wiretaps, black-bag jobs, TEMPEST attacks, etc.) to make his final determination.

- Igor.

Note: Please respond via e-mail as well as or instead of posting, as I get CP-LITE instead of the whole list. --John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMds0OUHx57Ag8goBAQFE8QP/ZWBP32mg2xdkcUrloFwruW+4L1bgY+Uk CEGxngqarxQxTNAckF0vOzpbS5gtjrs6dlEOFIQGeEuF3UWxHeKUIoOejofBZ2vT Htp/FT4x2xkfTFlgVE6GLyjE7bxK8DqfwH3ACAtbR4l+YwKQDNoInfpeFw0HKD40 jC/R8M7l0Lk= =9uja -----END PGP SIGNATURE-----