Comparison Between Two Practical Mix Designs
We evaluate the anonymity provided by two popular email mix implementations, Mixmaster and Reliable, and compare their effectiveness through the use of simulations which model the algorithms used by these mixing applications. Our simulations are based on actual traffic data obtained from a public anonymous remailer (mix node). We determine that assumptions made in previous literature about the distribution of mix input traffic are incorrect: in particular, the input traffic does not follow a Poisson distribution. We establish for the first time that a lower bound exists on the anonymity of Mixmaster, and discover that under certain circumstances the algorithm used by Reliable provides no anonymity. We find that the upper bound on anonymity provided by Mixmaster is slightly higher than that provided by Reliable.
We identify flaws in the software in Reliable that further compromise its ability to provide anonymity, and review key areas that are necessary for the security of a mix in addition to a sound algorithm. Our analysis can be used to evaluate under which circumstances the two mixing algorithms should be used to best achieve anonymity and satisfy their purpose. Our work can also be used as a framework for establishing a security review process for mix node deployments.
KeywordsActive Attack Outgoing Message Entropy Source Passive Attacker Cryptographic Library
Unable to display preview. Download preview PDF.
- [BHRPD]Ben-Halim, Z., Raymond, E., Pfeifer, J., Dickey, T.: NcursesGoogle Scholar
- [CEHL]Cox, M., Engelschall, R., Henson, S., Laurie, B.: The OpenSSL ProjectGoogle Scholar
- [Cor]Microsoft Corporation. Visual basic language reference–Rnd function. MSDN LibraryGoogle Scholar
- [Cot]Cottrell, L.: Mixmaster and remailer attacksGoogle Scholar
- [Cot95]Cottrell, L.: Announcement: Mixmaster 2.0 remailer release! Usenet post (May 1995)Google Scholar
- [DDM03]Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: Proceedings of the 2003 IEEE Symposium on Security and Privacy (May 2003)Google Scholar
- [DG96]Deutsch, P., Gailly, J.-L.: ZLIB Compressed Data Format Specification version 3.3. Request for Comments: 1950 (May 1996)Google Scholar
- [DS03a]Danezis, G., Sassaman, L.: Heartbeat traffic to counter (n-1) attacks. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2003), Washington, DC, USA (October 2003)Google Scholar
- [GW96]Goldberg, I., Wagner, D.: Randomness and the Netscape browser. Dr. Dobb’s Journal (January 1996)Google Scholar
- [Haz]Hazel, P.: Perl compatible regular expressionsGoogle Scholar
- [M0̈2]U lf Möller. Personal communication. Private email to Len Sassaman (August 2002)Google Scholar
- [MCPS03]Möller, U., Cottrell, L., Palfrader, P., Sassaman, L.: Mixmaster Protocol – Version 2 (July 2004), http://www.abditum.com/mixmaster-spec.txt
- [PK00]Pfitzmann, A., Kohntopp, M.: Anonymity, unobservability and pseudonymity – a proposal for terminology. In: Designing Privacy Enhancing Technologies: Proceedings of the International Workshop on the Design Issues in Anonymity and Observability, July 2000, pp. 1–9 (2000)Google Scholar
- [RPr99]RProcess. Selective denial of service attacks. Usenet post (September 1999)Google Scholar
- [Sas02]Sassaman, L.: The promise of privacy. In: LISA XVI (November 2002) (invited talk)Google Scholar
- [Tha03]Thayer, R.: SlimJim: shared library shimming for password harvesting. Presentation, ToorCon (September 2003)Google Scholar
- [Tho84]Thompson, K.: Reflections on trusting trust. Communications of the ACM 27(8) (August 1984)Google Scholar