Yes and I think mix mechanisms are important but mixing within a single nodes RAM does not seem enough. Ideally I want to be able to take a message out of the network, potentially deliver it to the next hop by another out of band network, possibly even by physical usb stick transfer, to another node and then back into the network and on to its destination. The ability to add completely arbitrary time delays and take the data off-network or indeed on-network at anytime potentially make traditional traffic analysis far less reliable.
Mixing inside RAM is enough. If an attacker notices a signal go into your machine, and you take this on a USB to another machine two countries away prior to forwarding it on, sure it could confuse the attacker. But if the attacker notices a signal go into your machine, and then a thousand other signals, and then they see 1001 signals leave your machine in a randomized order, they will be just as confused.
If Apple and Android would allow it, I would love to see a peer to peer PAN (bluetooth) app that basically acted as a variable-latency mixing relay in a loosely coupled mesh. Imagine - I would send a message from my phone it would at some point be passed on to somebody nearby running the App or possibly straight onto the Internet to a relay, zapped half way around the world to a client endpoint running the ap then back into a local PAN for a hop of two on a busy street in Jakarta, back into the Internet and over to some guy stood on a Metro platform in New York - over the tracks to a gal on the other platform then back into the net and so on....finally getting to it's destination n hops later.... it will come
Here is a paper you would probably be interested in, it discusses wireless meshnet anonymity systems:
http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA495688&Location=U2&doc=GetTRDoc.pdf
These systems are kind of esoteric. Not much research has been done on them that I am aware of. This paper discusses several of them, in addition to many other things. The networks in this category have names such as SDAR, AnonDSR, MASK, ARM, ODAR, AMUR, HANOR, ANODR, SDDR, ASR, ZAP, AODPR, AO2P, SAS, ASC and ASRPAKE. I know essentially nothing about any of these designs, other than that they are meant to use mobile wireless nodes.
Yes I have heard of this but most of the material I have come across seems quite academic. I suppose one could adopt the concept of channels (effectively) and receive only a subset of the 'torrent' - but even with that I do not see how you can maintain the same level of recipient anonymity as the everyone gets everything model.
Well, if there are 5 PIR servers hosting a shared database for the PIR protocol from pynchon gate, a client can obtain data from them with information theoretic security unless all 5 of the nodes are owned by the same attacker. With everybody gets everything though they would have information theoretic security even if all of the nodes are owned by the same attacker. So in this instance the level of potential maximum anonymity is the same, but yeah everybody gets everything is superior because the absolute minimum anonymity is vastly different (nothing vs total anonymity).
Though in some, I admit rather contrived, examples it becomes less clear that everybody gets everything is superior. Imagine there is a standard centralized pynchon gate server cluster of 4 nodes. The clients using the system can download messages without the servers knowing the messages they downloaded, unless all of the servers are malicious. So 4 malicious servers is enough to break the security of this system. Now imagine an everybody gets everything network like BitMessage. Imagine only 6 nodes are part of the network. If 4 of the nodes are malicious, they can link messages from one client to another, since all messages are between the remaining two clients. In some instances they might even be able to tell which client sent which message (and from this deduce which client it was sent to), depending on the network topology. In this case both of the systems can fail with the same number of bad nodes. But this isn't really a fair comparison, since it isn't looking directly at the primitive used in the case of everybody gets everything, but rather looking at a way it could be used in a system that would weaken it. If anything this highlights the sometimes subtle difference between the types of security a system can have.
So in summary, I probably should not have said that there are systems equally secure to everybody gets everything. There are systems that can be as secure in practice, but theoretically they are still weaker, and this weakness could manifest in practice. And there are systems based on both primitives that can be equally insecure, but this is not really a fair analysis because it isn't looking directly at the primitive but at the way it could be integrated into a system. When I made that comment you quoted, the idea in my mind was the example I gave of 4 bad nodes being enough for a compromise in everybody gets everything PIR and Pynchon Gate PIR, as I explained above. But on giving it more thought, this isn't really a correct way to look at things, because it is looking at a system that could be built on everybody gets everything, rather than the primitive itself, which is more secure than the pynchon gate PIR, as it cannot be theoretically reduced from information theoretically secure, whereas Pynchon Gate PIR can be information theoretically secure but can also be theoretically and practically reduced from this level of security.
Show Posts