Improved remailer reordering

Jim Dixon jdd at aiki.demon.co.uk
Sun Aug 7 11:50:46 PDT 1994 

In message <9408062320.AA17234 at ah.com> Eric Hughes writes:
> About message mixing:
> 
>    A measure that is used for situations like this is entropy.  
> 
> Indeed.  This is exactly the mathematical measure for what I've called
> "privacy diffusion" in a remailer network.  It is, namely a measure of
> of the uncertainty to a watcher of what ingoing message corresponds to
> what outgoing message.
> 
> As soon as you begin to write down some of the equations for this
> value, several things become distinct possibilities:
> 
> -- duplicate messages may decrease security
> -- retries may reduce security
> -- interactive protocols may reduce security
> -- there is such a thing as a needlessly lengthy remailer path
> -- noise messages might not be worth the bother
> -- multiple different routes may reduce security
> 
> One thing becomes blaringly obvious:
> 
> -- it's reordering that's mathematically significant; that's what goes
> directly into the equations.

On thing is glaringly obvious: if you use the wrong assumptions, you
will get the wrong answers.

Imagine a RemailerNet (v0.2) that maintained a fixed level of
traffic between gateways.  Messages are injected into the system at
various gateways and emerge at various gateways.  All traffic between
gateways is encrypted.  All traffic takes the form of packets of the
same length, perhaps 1024 bytes.  [It is possible that a much smaller
packet size might be desirable, specifically the ATM packet size,
with 48 bytes of data payload.]

Messages are fragmented according to policies at the entry gateway.
Intervening gateways may or may not further fragment incoming packets
according to gateway policy.  The exit gateway is responsible for
reassembling packets into messages.  The routing of packets is
randomized to some extent.  Message transmission is guaranteed to be
reliable in the sense that either the message will get there or the
sender will be told that it didn't.

Users desiring a high level of security are required to participate
in the game.  They must accept and send a fixed number of packets
at each connection.  These users should be responsible for packetizing
their own messages when sending and assembling their own messages
when receiving.  They must encrypt all communications with gateways.

These 'empowered' users are in fact operating RemailerNet gateways.
It is likely that different levels of gateway would have to be
defined, depending upon the degree of physical control that the
operator had over the gateway and the level of resources that he
or she was willing to devote to RemailerNet operations.  Entry
level users would communicate using ordinary email.  Major gateway
operators would communicate using RemailerNet protocols over TCP/IP.

Time is measured in this system in steps.  Each step corresponds to
the dispatch of one set of packets.  The relationship between 'step
time' and chronological time will vary from link to link.

This system will tolerate an arbitrary level of traffic.  Over time
the level of traffic (in bytes/sec) would be some multiple of the
average volume (bytes/sec) of messages carried.  The gateways would
automatically adjust the traffic level.  [Probably it should rise
quickly and fall gradually.]

The functioning of the system as a whole makes it very difficult to
do any kind of realistic traffic analysis.  Any reordering of messages
is performed at the packet level.  In general, the messages do not exist
as wholes along the lines connecting the gateways, so a discussion of
their reordering is a good way to waste time.

A detailed mathematical analysis of what makes the system difficult to
attack would itself be quite difficult.  But I would suggest that the
key factors are the fragmenting of messages, the use of fixed length
packets, the systematic introduction of noise, and random delays in
dispatching packets.  [The random delays reorder the packets and they
also introduce noise -- an unused timeslot is filled with a noise
packet.]

If, of course, your equations include only measures of the reordering
of messages, your results will depend only upon measures of reordering
of messages.

--
Jim Dixon

    [this is not a complete or final description of RemailerNet]
    [v0.2 but should be sufficient to encourage a few attacks  ]

More information about the cypherpunks-legacy mailing list