-----BEGIN PGP SIGNED MESSAGE----- Courtesy of Cypherlist-Watch. Hadn't seen this cross the list here. - -----BEGIN FORWARDED MESSAGE----- Date: Sat, 29 May 1999 15:30:24 -0700 From: Wei Dai <weidaiat_private> To: cypherlist-watchat_private Subject: a practical attack against ZKS Freedom Message-ID: <19990529153024.B7065at_private> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Although the ZKS Freedom AIP protocol (as described in version 1.0 of the ZKS whitepaper) is conceptually similar to the PipeNet protocol, there are several attacks against ZKS which PipeNet is not susceptible to. The reason is that PipeNet uses end-to-end traffic padding, whereas ZKS only uses link padding. I came up with several attacks against link padding systems while developing PipeNet, which is why I ultimately choose end-to-end padding. However one can argue that end-to-end padding is too costly, and that these attacks are not practical because they require a global observer or the cooperation of one or more of the anonymous router (AIP) operators. ZKS has not publicly made this argument, but since they are probably aware of these earlier attacks they must have followed its reasoning. I hope the practicality of the new attack presented here will change their mind. In this attack, a user creates an anonymous route from himself through a pair of AIPs back to himself. He then increases the traffic through this route until total traffic between the pair of AIPs reach the bandwidth limit set by the ZKS Traffic Shaper. At this point the AIPs no longer send any padding packets to each other, and the real traffic throughput between them can be deduced by subtracting the traffic sent by the attacker from the bandwidth limit. This attack implies that link padding buys virtually no security. An attacker, without access to network sniffers or cooperation of any AIP operator, can strip off link padding and obtain real-time throughput data between all pairs of AIPs. If end-to-end padding is not used, this data would correlate with traffic throughput of individual users, and statistical analysis could then reveal their supposedly anonymous routes. - ----- END FORWARDED MESSAGE ----- ( ______ )) .--- "There's always time for a good cup of coffee" ---. >===<--. C|~~| (>--- Jay D. Dyson - jdysonat_private ---<) | = |-' `--' `- Superman had Kryptonite, I have NT. Life is real. -' `-----' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBN1RQE82OVDpaKXD9AQHqbgP/bvCWyLvSKzsFEtHko5dVk/3wCqv8mytB +xkInNPYxi8+no9Zv4ksAF/422ebK5HUjNC/HCDd62GcXwej2gE/vaQbxdf/eL6W GbUPeaQ+VB49N9U5yhH9pLt1kqbgOMgVx+QE6Ro4DByL6YAxkdNdHbi7qKFQ+pQu /AmZANl3NCQ= =upzI -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:07 PDT