Reliable M IX Cascade Networks t hrough Reput at ion Roger D - - PowerPoint PPT Presentation

Reliable M IX Cascade Networks t hrough Reput at ion Roger D ingledine, Reput at ion T echnologies Paul Syverson, Naval Research L ab

1

W ays of Improving Reliability B uild prot ocols wit h provable robust ness guarant ees Provide economic incent ives for reliability Add reput at ion t o \ improve" reliability D ist inct ion between reliability and robust ness

3

Relat ed W ork M IXes ( Chaum) Robust M IX-net s ( Flash M ix, Universally Veri able M IX) D eployed Remailer Syst ems ( cypherpunks, M ixmast er) Remailer st at ist ics ( L evien’s st at ist ics, Jack B Nymble 2)

4

T hreat M odel | Adversary can: Passively read all t ra c Compromise some fract ion of t he M IXes ( Insert , modify, delay, or drop messages)

6

Previous paper at Info Hiding 4 M IXes writ e per-hop receipt s t o prove good service; wit nesses verify and t ally failure claims. B ut : Global wit nesses are t rust and communicat ion bot t lenecks O wning high reput at ion nodes means you own more pat hs?

7

W hat ’s a M IX cascade? Fixed pat h t hrough t he M IX network L onger cascades ) lower chance all bad nodes ) more anonymity L onger cascades ) lower chance all good nodes ) less reliability Cascades provide more defense against int ersect ion at t ack.

8

D esign O verview Cascades rearrange periodically ( e.g., daily) A node fails it s own cascade if it det ect s misbehavior Nodes send t est messages t o monit or t heir cascades Senders can demonst rat e decrypt ions t o show failure

Communal Randomness Goal: collaborat ing nodes cannot predict t he cascades Cent ralized ( but veri able) for convenience All nodes commit , t hen all reveal B ut nodes can in uence communal value by not revealing?

Heurist ics for picking cascades Increase cost of breaking anonymity

At t ack: Creepe589a/ F15 ( D eat h) ]T J/ F219.833 T f 0 -184.262 -72.727d[( A)

Need t o limit number of bad nodes in network Proof of work, proof of bandwidt h not st rong enough Advogat o t rust met ric: Number of bad nodes cert i ed is based on number of confused nodes ( good nodes t hat might cert ify bad nodes) Cert ify by t rustwort hiness, not expect ed performance

13

So how do we choose cascades? Pick a t arget safety fact or S ( eg 1 in 105 pat hs bad) Choose rst cascade randomly from large enough pool of high-reput at ion nodes Replace chosen nodes t o maint ain pool size W hen pool cont ains all remaining nodes, just build remaining cascades randomly

14

D et ect ing M isbehavior Ent ry point : Incoming messages reject ed? Inside cascade: M essages replaced wit h dummy messages? Exit point : M essages not delivered?

16

D et ect ing M isbehavior at Ent ry Point Alice can send int o any node. T hey all deliver t o t 0e head. T hus nodes can insert indist inguishable t est messages Alice get s a receipt ( if not , s0e t ries elsewhere) Head publishes bat ch snapshot ( hashes of messages) If message not in snapshot , receipt proves misbehavior

17

D et ect ing M isbehavior at Exit Point T ail bounces t ra c t o all nodes. All nodes deliver. If insert ed t est message doesn’t arrive, somebody failed. O pt imize: if t ail collect s a delivery receipt , no broadcast .

19

T est messages Nodes reuse recipient addresses in t est messages Reusing addresses helps prot ect against t ime-based int ersect ion at t ack

20

Q uality of Service, Resource M anagement Nodes send failure messages and hourly heart beat s t o Reput at ion Servers Users compare advert ised Q oS and reput at ion from each

Fut ure D irect ions B et t er bandwidt h use