M ixminion: D esign of a T ype III Anonymous Remailer Prot ocol Roger D ingledine T he Free Haven Project 1
T hreat M odel ( what we aim t o defend against ) • Global passive adversary – can observe
M ult iple Hops A E ...(E (M,to B), to 2) B E ...(M,to B) M 1 2 1 2 2
D irect Reply
Nymserver B A ... M,alice@nym.alias.net M, "alice" E(E(...(M))) NS N S knows A ’s reply block but not her locat ion. 9
Replay cache • W hen a message comes in, hash it and add it t o t he replay cache. • If it ’s already in t he cache, drop it . B ut : you have t o remember all t he hashes forever! 13
Expirat ion dat es • Exp dat e is chosen randomly between 3 days ago and 3 days from now. • Each node checks exp dat e; if more t han 7 days old, drop. • Now adversary can’t t ell when t he message was
Recommend
More recommend
