Mixminion Designing a Type-III Anonymous Remailer Protocol Nick - - PowerPoint PPT Presentation

mixminion
SMART_READER_LITE
LIVE PREVIEW

Mixminion Designing a Type-III Anonymous Remailer Protocol Nick - - PowerPoint PPT Presentation

Mixminion Designing a Type-III Anonymous Remailer Protocol Nick Mathewson nickm@freehaven.net Our Goals Fix holes in Mixmaster (Type-II) remailers Conservative design Working implementation; deployed network Our Adversary


slide-1
SLIDE 1

Designing a Type-III Anonymous Remailer Protocol

Mixminion

Nick Mathewson nickm@freehaven.net

slide-2
SLIDE 2
  • Fix holes in Mixmaster (Type-II) remailers
  • “Conservative” design
  • Working implementation; deployed

network

Our Goals

slide-3
SLIDE 3
  • Global passive adversary
  • Owns some of the nodes
  • Can generate some traffic

Our Adversary

We are not real-time, packet-based, or steganographic.

slide-4
SLIDE 4

Changes from Mixmaster...

slide-5
SLIDE 5
  • Type II has no automated key rotation
  • Type II has sketchy replay prevention
  • Solve them together: keep hash of all

headers seen since last key roation

Key Rotation/Replay prevention

slide-6
SLIDE 6
  • Cypherpunk has reply blocks, but is vulnerable

to replay attacks (and everything else...)

  • Mixmaster has no reply blocks; people who

want replies must use Cypherpunk.

  • Mixminion provides single-use reply blocks:
  • Indistinguishable from forward messages
  • ...even by the nodes!

Secure replies

slide-7
SLIDE 7
  • Cypherpunk and Mixmaster use SMTP for

transport

  • Mixminion uses TLS over TCP
  • Forward anonymity against future

compromise

Link Encryption

slide-8
SLIDE 8
  • Integrated directory service
  • Integrated exit policies
  • Nymservers with single-use reply blocks.

And more...

slide-9
SLIDE 9

Read our papers Play with our code

http://mixminion.net/ We’ll be at Oakland (IEEE Security and Privacy) in May