commit 64c504ddb2b6df6f6315cc1fe891b433bcf56bca Author: Steven Murdoch Steven.Murdoch@cl.cam.ac.uk Date: Mon Jan 6 18:53:34 2014 +0000

Other systems --- tor-design-2012.bib | 11 ++++++++++- tor-design-2012.tex | 47 ++++++++++++++++++++++++++++------------------- 2 files changed, 38 insertions(+), 20 deletions(-)

diff --git a/tor-design-2012.bib b/tor-design-2012.bib index 981761e..c52046d 100644 --- a/tor-design-2012.bib +++ b/tor-design-2012.bib @@ -143,7 +143,7 @@ note = {\url{http://www.privoxy.org/%7D%7D }

-@Misc{i2p, +@Comment{i2p, key = {i2p}, title = {{I2P}}, note = {\url{http://www.i2p.net/%7D%7D @@ -1487,6 +1487,15 @@ Stefan Katzenbeisser and Fernando P'{e}rez-Gonz'{a}lez}, bookurl = {http://petsymposium.org/2008/%7D, }

+@inproceedings{i2p, + title = {Peer Profiling and Selection in the {I2P} Anonymous Network}, + author = {{zzz} and Schimmer, Lars}, + year = {2009}, + month = {March}, + address = {TU Dresden, Germany}, + booktitle = {{PET}-{CON}} +} + %%% Local Variables: %%% mode: latex %%% TeX-master: "tor-design" diff --git a/tor-design-2012.tex b/tor-design-2012.tex index 1efb544..731d7ef 100644 --- a/tor-design-2012.tex +++ b/tor-design-2012.tex @@ -351,17 +351,19 @@ crosses several servers, and each server only knows the adjacent servers in the circuit, no single server can link a user to her communication partners.

-The {\bf Java Anon Proxy} (also known as JAP or Web MIXes) uses -fixed shared routes known as \emph{cascades}. As with a -single-hop proxy, this approach aggregates users into larger -anonymity sets, but again an attacker only needs to observe both -ends of the cascade to bridge all the system's traffic. The -Java Anon Proxy's design calls for padding between end users and -the head of the cascade~\cite{web-mix}. However, it is not -demonstrated whether the current implementation's padding policy -improves anonymity. -% They're called JonDos now; I don't know if the above paragraph is at all -% accurate about their current design. -NM +{\bf JonDo} (previously known as JAP or Web MIXes) uses fixed +shared routes known as \emph{cascades}. As with a single-hop +proxy, this approach aggregates users into larger anonymity +sets, but again an attacker only needs to observe both ends of +the cascade to bridge all the system's traffic. JonDo's design +calls for padding between end users and the head of the +cascade~\cite{web-mix}. However, it is not demonstrated whether +the current implementation's padding policy improves anonymity. +% They're called JonDos now; I don't know if the above paragraph +% is at all accurate about their current design. -NM +% +% From what I can tell on their website, this is still correct +% -SJM

{\bf PipeNet}~\cite{back01, pipenet}, another low-latency design proposed around the same time as Onion Routing, gave stronger @@ -387,20 +389,27 @@ systems are designed primarily for communication among peers, although Herbivore users can make external connections by requesting a peer to serve as a proxy.

-Systems like {\bf Freedom} and the original Onion Routing build -circuits all at once, using a layered ``onion'' of public-key -encrypted messages, each layer of which provides session keys -and the address of the next server in the circuit. Tor as -described herein, Tarzan, MorphMix, {\bf - Cebolla}~\cite{cebolla}, and Rennhard's {\bf Anonymity - Network}~\cite{anonnet} build circuits in stages, extending -them one hop at a time. +Systems like {\bf Freedom}, {\bf I2P}~\cite{i2p}, and the +original Onion Routing build circuits all at once, using a +layered ``onion'' of public-key encrypted messages, each layer +of which provides session keys and the address of the next +server in the circuit. Tor as described herein, Tarzan, +MorphMix, {\bf Cebolla}~\cite{cebolla}, and Rennhard's {\bf +Anonymity Network}~\cite{anonnet} build circuits in stages, +extending them one hop at a time. Section~\ref{subsubsec:constructing-a-circuit} describes how this approach enables perfect forward secrecy.

% We should also mention designs like I2P, Phantom, Salsa. There are lots of % proposals here of varying degrees of quality. We should sift through them % all. -NM +% +% We don't want to turn into a survey of the many many design +% variations out there, but IMO should just list the papers +% which we would like a Tor researcher to be familiar with +% before started. I would prioritize historically important +% systems like what we have listedg, anything particularly +% distinctive, and deployed systems.

Circuit-based designs must choose which protocol layer to anonymize. They may intercept IP packets directly, and relay