Re:Pseudo-DC-net Project
janke@unixg.ubc.ca writes:
I am working on a project to implement a variation of a DC-net to be run over the Internet. I am posting this summary to find out if it overlaps with projects others are working on; to see what members of the lists think of the general ideas for the network I have in mind; and to see if anyone is interested in helping me out.
Short version: Your proposal will not work and is trivial for a TLA to break. Long version: There are two problems with this proposal, the star topology collapses the DC network into a two-party version of the DC-net protocol (in which collusion is trivial) and the shared PRNG allows _any_ participant to compromise a target member of the network (or evesdrop at the server and decode all traffic.) A simple example of such an attack would be for the TLA to register a host on the network and get the shared secret key for the PRNG. The TLA then taps in either to the server's internet connection or any point in the network which divides the client graph into two parts, the server and a single client on one side and the remaining clients on the other. The TLA then just XORs out the blinding data (which it knows because it is a member of the network) and it has all of the connections. Additionally, having a MAC is just plain silly, the objective is to hide who is sending and having a MAC defeats the entire purpose of the proposal. You have basically created a simple packet anonymizer, which is not bad in and of itself, but it is not even close to a true DC-net (at least I am assuming so, based upon the initial description.) You have not mentioned whether or not all traffic exits the network at the server, if this is the case you are better off having each client establish a secure link to the server, running a PRNG constantly that is mirrored by the server, and XORing all of their traffic in to this stream. The constant PRNG stream hides when the client is sending or receiving and the secure channel to the server discourages passive evesdropping. This does not defeat traffic analysis at the server, but then again neither does your proposal. Some other tips from someonw who has spent too much time thinking about DC-net implementations: Ignore collision detection, just use ALOHA or a similar protocol. Until you get up to serious bandwidth the computational cost is not worth the effort. Don't abandon the ring topology (this is where the DC-net gets its security.) Use multiple small (4-7 host) rings with overlap between the rings, think of each ring as a LAN and hosts which are on multiple rings as bridges/routers and you should get the picture... Bandwidth economy will always suck, you can use hash trees to get around a few of the problems but for the most part you have to accept the costs and work around them in other areas. You really, really need to read the 1987 Eurocrypt proceedings. jim
Thank you for the comments, but I'm not sure I fully understand them all. First of all what is a TLA? Second of all, and this seems to be something I was unclear about in my first post---I need *not* mean to suggest that all clietns shared the same PRNG. Every pair of clients will have their own. By star-shapped, I meant the configuration of the communications network, not the abstract connection that exist between cleints by virtue of the PRNG's. As for a MAC being silly, well it would be if everyone used a different one, but I meant for it to be shared by all participants, so that the most the MAC would reveal is that *someone* on the network sent the message. Your paragraph that I have created a simple packet anonymizer is probably based on the misunderstanding of the points I mentioned above. I do like the idea of encrypting the link to the server with a PRNG, and since I will be running lots anyway... :) (O(N) not 1 for each client! :) ) it might be worth adding. Then again, I do not want to regard the server as a trusted party in any way... Collision detection is easy with a MAC, so I think I will keep it. I hadn't thought of using a ring topology... Interesting. I'll think about that one some more. How do hash trees help? Is that mentioned in the paper you cite? I'll take a look at that one before long. What's the title and author? -- Leonard Janke (pgp key id 0xF4118611)
-----BEGIN PGP SIGNED MESSAGE----- On 8 Jul 1996 janke@unixg.ubc.ca wrote:
Thank you for the comments, but I'm not sure I fully understand them all. First of all what is a TLA? Second of all, and this seems to be
A TLA is a Three Letter Acronym. Such examples would be FBI, NSA, DEA, and CIA.
I hadn't thought of using a ring topology... Interesting. I'll think about that one some more.
The ring topology is definitely more secure. A DC-Net has to have at least three hosts to be of any use. When a centralized server is used, the security is basically lost.
How do hash trees help? Is that mentioned in the paper you cite? I'll take a look at that one before long. What's the title and author?
Hash trees help by preventing collisions while preserving anonymity. The property of hash trees is that it takes log 2(N) number of elements of the tree to verify where N is the total number of elements in the tree. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm@voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMeHwUrZc+sv5siulAQG9SAQAm7vPPFGjM/x0ntXTk9SZhNZ98WoRzHDT 6o1r+iWdZPBx1loAb8AGq+i8OumSrdDvVfdjGCDOp5smlFwJH/jSUBDHyi2Fkwp9 duzvukxHgazX7CQY9p585UX+y6Uu1d/Dfj74DzIIbyPBIwJNW9qzbAbUGQqXM1zR zzuVA7RxPWI= =qNZe -----END PGP SIGNATURE-----
On Tue, 9 Jul 1996, Mark M. wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On 8 Jul 1996 janke@unixg.ubc.ca wrote:
Thank you for the comments, but I'm not sure I fully understand them all. First of all what is a TLA? Second of all, and this seems to be
A TLA is a Three Letter Acronym. Such examples would be FBI, NSA, DEA, and CIA.
Yes, but it _stands_ for Three Letter Agency. (Or at least I always thought so)
participants (4)
-
Black Unicorn -
janke@unixg.ubc.ca -
Mark M. -
mccoy@communities.com