On the PET Workshop Panel “Mix Cascades Versus Peer-to-Peer: Is One Concept Superior?”

  • Rainer Böhme
  • George Danezis
  • Claudia Díaz
  • Stefan Köpsell
  • Andreas Pfitzmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3424)

Abstract

Editors’ note. Following the panel discussion on Mix Cascades versus P2P at PET 2004, we invited the original panel proposers to write a summary of the discussion for the proceedings. This is their contribution.

After almost two decades of research on anonymous network communication the development has forked into two main directions, namely Mix cascades and peer-to-peer (P2P) networks. As these design options have implications on the achievable anonymity and performance, this paper aims to elaborate the advantages and disadvantages of either concept. After clarifying the scope of the discussion, we present arguments for Mix cascades and P2P designs on multiple areas of interest: the level of anonymity, the incentives to cooperate, aspects of availability, and performance issues. Pointed thesis and antithesis are given for both sides, before a final synthesis tries to articulate the status quo of the discussion.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Acquisti, A., Dingledine, R., Syverson, P.: On the Economics of Anonymity. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 84–102. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Back, A., Möller, U., Stiglic, A.: Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems. In: Moskowitz, I.S. (ed.) IH 2001. LNCS, vol. 2137, pp. 245–257. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Berthold, O., Federrath, H., Köpsell, S.: Web MIXes: A System for Anonymous and Unobservable Internet Access. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 115–129. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Berthold, O., Langos, H.: Dummy Traffic against Long Term Intersection Attacks. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 110–128. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Berthold, O., Pfitzmann, A., Standtke, R.: The Disadvantages of Free MIX Routes and How to Overcome Them. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 30–45. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM 24, 84–88 (1981)CrossRefGoogle Scholar
  7. 7.
    Chaum, D.: Security without Identification: Transaction Systems to Make Big Brother Obsolete. Communications of the ACM 28, 1030–1044 (1985)CrossRefGoogle Scholar
  8. 8.
    Danezis, G.: Mix-Networks with Restricted Routes. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 1–17. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Danezis, G.: Statistical Disclosure Attacks: Traffic Confirmation in Open Environments. In: Proceedings of Security and Privacy in the Age of Uncertainty (SEC 2003), Athens, pp. 421–426 (May 2003)Google Scholar
  10. 10.
    Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2003)Google Scholar
  11. 11.
    Danezis, G.: The Anonymity of Continuous Time Mixes. In: Paper presented at the Privacy Enhancing Technologies Workshop, Toronto, Canada (May 2004)Google Scholar
  12. 12.
    Díaz, C., Preneel, B.: Reasoning about the Anonymity Provided by Pool Mixes that Generate Dummy Traffic. In: Fridrich, J. (ed.) IH 2004. LNCS, vol. 3200, pp. 309–325. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Díaz, C., Sassaman, L., Dewitte, E.: Comparison between Two Practical Mix Designs. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 141–159. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards Measuring Anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Dingledine, R., Freedman, M.J., Hopwood, D., Molnar, D.: A Reputation System to Increase MIX-net Reliability. In: Moskowitz, I.S. (ed.) IH 2001. LNCS, vol. 2137, pp. 126–141. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation Onion Router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)Google Scholar
  17. 17.
    Dingledine, R., Shmatikov, V., Syverson, P.: Synchronous Batching: From Cascades to Free Routes. Paper presented at the Privacy Enhancing Technologies Workshop, Toronto, Canada (May 2004)Google Scholar
  18. 18.
    Dingledine, R., Syverson, P.: Reliable MIX Cascade Networks through Reputation. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357. Springer, Heidelberg (2003)Google Scholar
  19. 19.
    Douceur, J.: The Sybil Attack. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, p. 251. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Farber, D.J., Larson, K.C.: Network Security Via Dynamic Process Renaming. In: Fourth Data Communications Symposium, Quebec City, Canada, pp. 8-13–8-18 (October 1975) Google Scholar
  21. 21.
    Freedman, M.J., Morris, R.: Tarzan: A Peer-to-Peer Anonymizing Network Layer. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), Washington, DC (November 2002)Google Scholar
  22. 22.
    Jakobsson, M., Juels, A., Rivest, R.L.: Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking. In: Proceedings of the 11th USENIX Security Symposium (August 2002)Google Scholar
  23. 23.
    Kesdogan, D., Agrawal, D., Penz, S.: Limits of Anonymity in Open Environments. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 53–69. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Neff, C.A.: A Verifiable Secret Shuffle and its Application to E-Voting. In: Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS 2001), pp. 116–125. ACM Press, New York (November 2001)CrossRefGoogle Scholar
  25. 25.
    Pfitzmann, A.: Diensteintegrierende Kommunikationsnetze mit teilnehmerüberprüfbarem Datenschutz. Universität Karlsruhe, Fakultät für Informatik, Dissertation, February 1989. IFB 234. Springer, Heidelberg (1990)Google Scholar
  26. 26.
    Pfitzmann, A., Köhntopp, M.: Anonymity, Unobservability, and Pseudonymity – A Proposal for Terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  27. 27.
    Rennhard, M., Plattner, B.: Practical Anonymity for the Masses with MorphMix. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 233–250. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  28. 28.
    Serjantov, A., Danezis, G.: Towards an Information Theoretic Metric for Anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  29. 29.
    Serjantov, A., Dingledine, R., Syverson, P.: From a Trickle to a Flood: Active Attacks on Several Mix Types. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 36–52. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Rainer Böhme
    • 1
  • George Danezis
    • 2
  • Claudia Díaz
    • 3
  • Stefan Köpsell
    • 1
  • Andreas Pfitzmann
    • 1
  1. 1.Technische Universität DresdenGermany
  2. 2.University of CambridgeUnited Kingdom
  3. 3.Katholieke Universiteit LeuvenBelgium

Personalised recommendations