Anonymity Questions. Leland Smith

Transcription

1 Anonymity Questions Leland Smith Publius 1. One of Publius's goals is to be censorship resistant. Another is to be tamperevident. Don't these goals clash if tampering with a sufficient number of shares causes all the tamper checks to fail and the document to be considered irretrievable? (Glenn Fink) 2. In Figure 1, the serverlist[] array is used before it is defined. This array is used to compute the server's IP address. Where does it come from? (Glenn Fink) 3. If the documents and even the URLs themselves are encrypted, and if special software is required to retrieve and read them, is Publius information truly "published?" Seems like a very obscure way to publish. (Glenn Fink) 4. Will anyone read these documents? (Glenn Fink) 5. Will any search engine index them? (Glenn Fink) 6. If any user can view Publius published information, can't a malicious user find out which URLs the Publius client is accessing and force the administrators to delete this content? (Glenn Fink) 7. Since Publius requires a user proxy that works transparently, could an adversary defeat it by posting a false "upgrade" to Publius users that didn't work correctly? Could he use this trojaned version to redirect users to his own pages rather than the material he was trying to block? (Glenn Fink) 8. Do all the HTML features work with Publius? For example, can a publisher implement access control to files he publishes? (Glenn Fink) 9. Increasing n (the number of shares) or decreasing k (the number of shares needed to reconstruct the key) makes it harder for an adversary to delete a sufficient number of documents to censor Publius content. But doesn't decreasing k also make an adversary's job easier when he is conducting an update corruption (redirection) attack? (Glenn Fink) 10. In general, what is the applicability of the Publius? (Haiyen Cheng) 11. Although it solves the anonymous problem, the whole procedure is complicated. If a dynamic link needs to be updated by the publisher, then all associated links have to go through the process again. (Haiyen Cheng)

2 12. In the limitation part, the author said that the more we increase n, or the more we decrease k, the harder we make it for an individual, or group of individuals, to censor a published document. The n part is understandable, but for k, if k is decrease, would it be easy to reproduce the key? (Haiyen Cheng) 13. Successfully using Publius requires anonymize all hyperlinks in a published html file, so the better anonymity is tied with less links contained in the html file. In that sense, will it contradict with the functionality of the html being hyperlink? (Haiyen Cheng) 14. If one of the available servers has problem and the static table of available server needs to be updated, should the publisher repost all of his/her published material? (Haiyen Cheng) 15. Is it possible to validate the credentials of anonymous posts to avoid cranks? (Darrell Hyatt) 16. Based upon the attack described as faking an update and the remedy to it (marking a document un-updateable), PUBLIUS UPDATE seems like a useless feature. (Darrell Hyatt) 17. Publishing directory is not clear. (Vinod Eligeti) 18. After the author publishes a document he gets a URL for the document. Is this one put on net to access the document? In that case some one can update by taking this Url and giving it to the publius proxy easily? This wil change the content of the file. (Vinod Eligeti) 19. How many anonymous authors are using this by the way? Instead of anonymous publishing it is more appropriate to say anonymous content location. But I don t think the number of Publius servers deployed are many. So only the issue is the processing time. Any attacker can wait till the system gets compromised. (Vinod Eligeti) 20. The paper says the Publius servers don t know who is publishing. But it can know by which Publius proxy server has posted that document. So an attacker who sits as at the Publius server can know at which proxy is sending. Then the attacker can sit on the Publius proxy and can know who is sending the document. (Vinod Eligeti) 21. Isnt there a conflict with regards to the design in one case we say that we need to increase n or decrease k to make it harder to censor the document. At the same time we say to prevent update file deletion or corruption we need to have a larger values of k. (Bharath Ramesh)

3 22. An attacker can eavesdrop on the Publius servers and get the encrypted version of the password and then go ahead request for that URL and generate the key and then tamper with the password and modify or censor the content, which defeats the purpose of using Publius. (Bharath Ramesh) 23. How do you publish Publius URLs anonymously? 24. In the paper, the authors mentioned that Note that the name are dependent on every bit of the web page contents and share contents is this practical especially when the size of the content get larger. This thing could be advantages if the content size is relatively small but is this is not the case this will overload the system. 25. Since the list of the Publius s server is static, this means after awhile the locations and the identities of the servers will be in jeopardy, any one who interest to know this information will be able to do this. Is this a big weakness in the Pubius? 26. In Publius, the produced URL contains at least d name values concatenated together. Could someone guess the identity of the author based on this? 27. When n and k get large, the term (nk) will substantially become too large; this means Bob will spend significant time trying to retrieve the document. This will degrade the performance of the system if for example 10 user doing the same process simultaneously. Does the system suffer from the scalability problem? 28. If one of the key shares get corrupted for any reason. This means that no one could have access to this document any more so after awhile the servers will be filled by garbage documents. 29. Circular dependency problem will put limitation on the flexibility. (Muhammad Abu-Saqer) Crowds 1. Are there advantages to the crowds (P2P) approach to routing messages over the Onion Routing approach? (Glenn Fink) 2. If the paths are static, doesn't this make new members readily identifiable? (Glenn Fink) 3. Is the process of regenerating the paths efficient enough to do periodically? (Glenn Fink)

4 4. Over time and multiple path changes, is it possible for an attacker within a crowd to collect enough information from the web transactions it sees to make at least some connections between initiators and servers? (Glenn Fink) 5. What is the optimal size of the Crowds for an acceptable performance? (Haiyen Cheng) 6. Does the degree of Anonymity depend heavily on how good the random generator is? (Haiyen Cheng) 7. How to properly balance the anonymity of the sender and the anonymity of the message? It seems there s a dilemma. The more anonymity the sender is, the larger the crowds is, the less the anonymity of the message is. (Haiyen Cheng) 8. Do the members in the Crowds have some kind trust relationship? What are the cons of joining the Crowds? (Haiyen Cheng) 9. Could multiple jondos cause congestion by all running their messages through jondo X? (Darrell Hyatt) 10. Would some requests never be received by the end-server because of looping among jondos? (Darrell Hyatt) 11. I am unclear as to how the end-server's reply gets back to the original requester. Does each jondo store which predecessor sent it which request? (Darrell Hyatt) 12. Since the last jundo parses the html file, is it not a overhead on the whole system? (Vinod Eligeti) 13. The protocol seems to allow for the possibility that a message will bounce around a set of jondos forever. Is there anything in the specification that will enforce eventual message transmission? Are there some practical restrictions that should be placed on the probability of forwarding? (Sean Kugele) 14. The paper mentions a mechanism to prevent timing attacks that relies on the user's response time being slower than some time that is less than a second. Does this mean that if the user is using some type of automated user agent, such as a spider, that his anonymity may be compromised? (Sean Kugele) 15. In the discussion on Jondo membership and the size of a collaboration set of attackers the authors suggest that it would be extremely difficult in a large public crowd to secure a significant fraction of the membership to compromise group privacy as a whole. It seems that a worm targeting machines running the jondo client software could pull off such an attack. Is this a risk? (Sean Kugele)

5 16. In the performance analysis it will took over 13 seconds to download 25 1kB images; even the web page retrieval speeds are extremely slow for path sizes approaching (Sean Kugele) 17. In light of this is the tested implementation too slow to be usable? (Sean Kugele) 18. Isn't there a trust issue with relying on fellow crowd members instead of "trusted" central servers to route information? (Ranjit Randhawa) 19. Another trust issue is that if sensitive information is being routed through a users machine by a member of the crowd isn't the user partly responsible or can they claim ignorance? (Ranjit Randhawa) 20. Can the lack of central proxies/crowds servers mean this system/crowd will be as slow as its slowest member? (Ranjit Randhawa) 21. Is this implemented only for HTTP or can it be extended to other protocols? (Ranjit Randhawa) 22. Is there a way by which a user can repudiate his messages in Crowds? (Aparna Sharma) 23. How do the authors determine 6 degrees of anonymity? Are more degrees possible? (Aparna Sharma) 24. It is possible for a message to be forwarded infinitely within a large crowd (n ). Is there a max limit on the path length? Do messages have an expiration time beyond which they should be discarded from the crowd? (Aparna Sharma) 25. A jando flips a biased coin to determine whether or not to forward a request to another jando; the coin indicates to forward with the probability pf. How is this probability pf calculated? (Aparna Sharma) 26. Are there any checks made to find cycles within the paths in crowd? What are the restrictions on the permissible paths? (Aparna Sharma) 27. What are the implications if a path key is shared by a malicious jondo outside the crowd? (Aparna Sharma) 28. What is the frequency at which a jando checks for failed jandos and how does it accomplish this? (Aparna Sharma) 29. What are the overheads for re-establishing the paths in a crowd? (Aparna Sharma)

6 30. For a very large n (n ) the path length maybe large too. In this case the response latency would greatly increase. How scaleable is Crowds for such large path lengths given the huge latency response time? (Aparna Sharma) 31. How is jando failure detected in Crowds? (Aparna Sharma) 32. Currently, do we have versions of Crowds where the blender serves only to distribute the Diffie-Hellman public keys of crowd members? (Aparna Sharma) 33. How does the blender broadcast the join commit? (Aparna Sharma) 34. At present is Crowds deployed in the real world apart from being used in AT&T? (Aparna Sharma) 35. In Crowds the path is calculated as the request traverses the network. If one of the node in between can go down and wont that prevent the result of the request from reaching the user back. (Bharath Ramesh) 36. The strategy of crowds is built on the routing onion algorithm, which employs uniform message length and layered encryption to complicate traffic analysis, but it didn t come up with an efficient solution to make use of dummy traffic to significantly increase the protection from traffic analysis attacks. As a result, these systems do not employ dummy traffic, which implies that they are not very resistant against a powerful adversary. 37. If an initiator was revealed once, it can be recognized at each time due to the use of static paths. 38. Does Crowds protect against internal denial-of-service attacks. (Muhammad Abu- Saqer) 39. I am wondering if Crowds can work well with firewalls. Firewall will prevents a jondo outside the firewall from connecting to another behind the firewall. 40. Each jondo might be the one who actually sends the request to its destination. Could we reach case that jondo cannot distinguish between the request he originally initiate and the other he is forwarding. 41. While other jondos are not able to determine who originated a given request, however, could the contents of the request and reply may be exposed to them? This is primarily a concern when, e.g., passwords for accessing web pages are included in this content. 42. Could Crowds protect from global eavesdrops.

7 General 1. All anonymity solutions seem to consume a lot of resources for. e.g. more cpu for encryption, increased bandwidth and delay due to random routing, increased storage of multiple copies). Does this put a limit on scalability and deployment of these solutions? Without widespread deployment the degree of anonymity that can be promised is reduced. (Ved Vyas Duggirala) 2. My question is in the other side of the map, the side where some web resources are requested by anonymity side, could the web server distinguish the anonymity traffic. Is there any mechanism that enables the server to know that the requestor is not presenting his/her real identity? 3. Full freedom sometimes could be misused, also full control sometimes could be abused we need a system that make kind of subtle balance these two tradeoff. I think neither Publius nor Crowds achieve this, does we really need such systems. 4. If someone misuses the power that is his /her identity could not be recognized to publish some wrong content. Theses two system don t provide solutions for such cases since it is contrary to its principles and goals. However, these cases frequently happened. What can be done to prevent this? Questions received from: Glenn Fink Ranjit Randhawa Haiyen Cheng Darrell Hyatt Vinod Eligeti Sean Kugele Aparna Sharma Bharath Ramesh Ved Vyas Duggirala Muhammad Abu-Saqer