| Throttling Tor Bandwidth Parasites |
23 Sep 2011 |
20 pages |
| Authors:
Rob Jansen; Paul Syverson; Nicholas J Hopper; MINNESOTA UNIV MINNEAPOLIS DEPT OF COMPUTER SCIENCE AND ENGINEERING
|
 | Tor's network congestion and performance problems stem from a small percentage of users that consume a large fraction of available relay bandwidth. These users continuously drain relays of excess bandwidth, creating new network bottlenecks and exacerbating the effects of existing ones. Attacking the problem at its source, we present the design of three new algorithms that throttle clients to reduce network congestion and increase interactive client performance. Unlike existing techniques, ... |
|
| Deploying Low-Latency Anonymity: Design Challenges and Social Factors |
Oct 2007 |
9 pages |
| Authors:
Roger Dingledine; Nick Mathewson; Paul Syverson; NAVAL RESEARCH LAB WASHINGTON DC
|
| Anonymous communication systems hide conversations against unwanted observations. Deploying an anonymous communications infrastructure presents surprises unlike those found in other types of systems. For example, given that users shouldn't need to trust each other or any part of the system, no single authority or organization should be able to observe complete traffic information for anyone's communication. This makes commercialization difficult and requires a rethinking of incentives for both users and ... |
|
| Improving Efficiency and Simplicity of Tor Circuit Establishtment and Hidden Services |
JUN 2007 |
|
| Authors:
Lasse Oeverlier; Paul Syverson; NORWEGIAN DEFENCE RESEARCH ESTABLISHMENT KJELLER
|
 | In this paper we demonstrate how to reduce the overhead and delay of circuit establishment in the Tor anonymizing network by using predistributed Diffie-Hellman values. We eliminate the use of RSA encryption and decryption from circuit setup, and we reduce the number of DH exponentiations vs. the current Tor circuit setup protocol while maintaining immediate forward secrecy. We also describe savings that can be obtained by precomputing during idle cycles ... |
|
| Probabilistic Analysis of Onion Routing in a Black-box Model |
2007 |
11 pages |
| Authors:
Joan Feigenbaum; Aaron Johnson; Paul Syverson; YALE UNIV NEW HAVEN CT
|
| We perform a probabilistic analysis of onion routing. The analysis is presented in a black-box model of anonymous communication that abstracts the essential properties of onion routing in the presence of an active adversary that controls a portion of the network and knows all a priori distributions on user choices of destination. Our results quantify how much the adversary can gain in identifying users by exploiting knowledge of their probabilistic ... |
|
| Distance Bounding Protocols: Authentication Logic Analysis and Collusion Attacks |
2006 |
21 pages |
| Authors:
Catherine Meadows; Radha Poovendran; Dusko Pavlovic; LiWu Chang; Paul Syverson; NAVAL RESEARCH LAB WASHINGTON DC
|
| Distance estimation, that is the estimate of the distance between two nodes, plays of a fundamental part in the setting up and maintenance of sensor networks. For example, a node trying to localize itself, can, if it learns its distance from three or more nodes with known locations, use multilateration to determine where it sits. This computation is a major part of many localization algorithms. Distance estimation can also be ... |
|
| Locating Hidden Servers |
2006 |
|
| Authors:
Lasse Oeverlier; Paul Syverson; NORWEGIAN DEFENCE RESEARCH ESTABLISHMENT KJELLER
|
| Hidden services were deployed on the Tor anonymous communication network in 2004. Announced properties include server resistance to distributed DoS. Both the EFF and Reporters Without Borders have issued guides that describe using hidden services via Tor to protect the safety of dissidents as well as to resist censorship. We present fast and cheap attacks that reveal the location of a hidden server. Using a single hostile Tor node we ... |
|
| Valet Services: Improving Hidden Servers with a Personal Touch |
2006 |
|
| Authors:
Lasse Oeverlier; Paul Syverson; NORWEGIAN DEFENCE RESEARCH ESTABLISHMENT KJELLER
|
| Location hidden services have received increasing attention as a means to resist censorship and protect the identity of service operators. Research and vulnerability analysis to date has mainly focused on how to locate the hidden service. But while the hiding techniques have improved, almost no progress has been made in increasing the resistance against DoS attacks directly or indirectly on hidden services. In this paper we suggest improvements that should ... |
|
| High-Power Proxies for Enhancing RFID Privacy and Utility |
2005 |
19 pages |
| Authors:
Ari Juels; Paul Syverson; Dan Bailey; RSA LABORATORIES BEDFORD MA
|
| A basic radio-frequency identification (RFID) tag is a small and inexpensive microchip that emits a static identifier in response to a query from a nearby reader. Basic tags of the smart-label variety are likely to serve as a next-generation replacement for barcodes. This would introduce a strong potential for various forms of privacy infringement, such as invasive physical tracking and inventorying of individuals. Researchers have proposed several types of external ... |
|
| Resisting Traffic Analysis on Unclassified Networks |
01 NOV 2004 |
56 pages |
| Authors:
Roger Dingledine; Nick Mathewson; Catherine Meadows; Paul Syverson; NAVAL RESEARCH LAB WASHINGTON DC
|
| While the need for data and message confidentiality is well known, the need to protect against traffic analysis on networks, including unclassified networks, is less widely recognized. Tor is a circuit-based low-latency anonymous communication service that resists traffic analysis. This second-generation Onion Routing system adds to the first-generation design with perfect forward secrecy, congestion control, directory servers, integrity checking, variable exit policies, and a practical design for rendezvous points. Tor ... |
|
| Synchronous Batching: From Cascades to Free Routes |
MAY 2004 |
21 pages |
| Authors:
Roger Dingledine; Vitaly Shmatikov; Paul Syverson; FREE HAVEN PROJECT
|
| The variety of possible anonymity network topologies has spurred much debate in recent years. In a synchronous batching design, each batch of messages enters the mix network together, and the messages proceed in lockstep through the network. We show that a synchronous batching strategy can be used in various topologies, including a free-route network, in which senders choose paths freely, and a cascade network, in which senders choose from a ... |
|
| Formal Specification and Analysis of the Group Domain of Intrepretation Protocol Using NPATRL and the NRL Protocol Analyzer (Preprint) |
2004 |
40 pages |
| Authors:
Catherine Meadows; Paul Syverson; Iliano Cervesato; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| Although research has been going on in the formal analysis of cryptographic protocols for a number of years, they are only slowly being integrated into the protocol design process. In this paper we describe how we furthered the integration of analysis and design by working closely with the Multicast Security Working Group in the Internet Engineering Task Force on the analysis of a proposed Internet Standard, the Group Domain Of ... |
|
| Tor: The Second-Generation Onion Router |
2004 |
18 pages |
| Authors:
Roger Dingledine; Nick Mathewson; Paul Syverson; NAVAL RESEARCH LAB WASHINGTON DC
|
| We present Tor, a circuit-based low-latency anonymous communication service. This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points. Tor works on the real-world Internet, requires no special privileges or kernel modifications, requires little synchronization or coordination between nodes, and provides a reasonable tradeoff between ... |
|
| What Price Privacy? (and why identity theft is about neither identity nor theft) |
2004 |
15 pages |
| Authors:
Adam Shostack; Paul Syverson; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| It is commonplace to note that in surveys people claim to place a high value on privacy while they paradoxically throw away their privacy in exchange for a free hamburger or a two dollar discount on groceries. The usual conclusion is that people do not really value their privacy as they claim to or that they are irrational about the risks they are taking. Similarly it is generally claimed that ... |
|
| The Paradoxical Value of Privacy |
14 MAR 2003 |
5 pages |
| Authors:
Paul Syverson; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| We consider some common assumptions about the value placed on privacy in society. We observe that: 1. Contrary to popular accounts, individuals are not obviously irrational in how they value privacy. 2. Current governmental and economic structures do not properly place the cost of privacy, thus skewing incentives and behavior. 3. Security of institutions may decrease and infrastructure costs may be increased by a reduction in privacy. |
|
| Metrics for Traffic Analysis Prevention |
2003 |
19 pages |
| Authors:
Richard E. Newman; Ira S. Moskowitz; Paul Syverson; Andrei Serjantov; FLORIDA UNIV GAINESVILLE FL CISE DEPT
|
| This paper considers systems for Traffic Analysis Prevention (TAP) in a theoretical model. It considers TAP based on padding and rerouting of messages and describes the effects each has on the difference between the actual and the observed traffic matrix (TM). The paper introduces an entropy-based approach to the amount of uncertainty a global passive adversary has in determining the actual TM, or alternatively, the probability that the actual TM ... |
|
| Reliable MIX Cascade Networks through Reputation |
MAR 2002 |
17 pages |
| Authors:
Roger Dingledine; Paul Syverson; FREE HAVEN PROJECT
|
| We describe a MIX cascade protocol and a reputation system that together increase the reliability of a network of MIX cascades. In our protocol, MIX nodes periodically generate a communally random seed that, along with their reputations, determines cascade configuration. Nodes send test messages to monitor their cascades. Senders can also demonstrate message decryptions to convince honest cascade members that a cascade is misbehaving. By allowing any node to declare ... |
|
| Reputation in Privacy Enhancing Technologies |
2002 |
7 pages |
| Authors:
Roger Dingledine; Nick Mathewson; Paul Syverson; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| Reputation is the linchpin of a dynamic and pseudonymous future. In a networked world in which individuals interact via anonymous re-mailers, and where the online services they use are themselves provided by an ever-changing pool of semi-anonymous users, the distinction between pseudonym and identity blurs. In this world, reputation is one of the few tools that can still provide trust -- trust among the users of distributed services, and even ... |
|
| From a Trickle to a Flood: Active Attacks on Several Mix Types |
2002 |
17 pages |
| Authors:
Andrei Serjantov; Roger Dingledine; Paul Syverson; CAMBRIDGE UNIV (UNITED KINGDOM) COMPUTER LAB
|
| The literature contains a variety of different mixes, some of which have been used in deployed anonymity systems. We explore their anonymity and message delay properties, and show how to mount active attacks against them by altering the traffic between the mixes. We show that if certain mixes are used, such attacks cannot destroy the anonymity of a particular message completely. We work out the cost of these attacks in ... |
|
| Environmental Requirements for Authentication Protocols |
2002 |
18 pages |
| Authors:
Ran Canetti; Catherine Meadows; Paul Syverson; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| Most work on requirements in the area of authentication protocols has concentrated on identifying requirements for the protocol without much consideration of context. Little work has concentrated on assumptions about the environment, for example, the applications that make use of authenticated keys. We will show in this paper how the interaction between a protocol and its environment can have a major effect on a protocol. Specifically we will demonstrate a ... |
|
| Formalizing GDOI Group Key Management Requirements in NPATRL |
2001 |
11 pages |
| Authors:
Catherine Meadows; Paul Syverson; Iliano Cervesato; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| Although there is a substantial amount of work on formal requirements for two and three-party key distribution protocols, very little has been done on requirements for group protocols. However, since the latter have security requirements that can differ in important but subtle ways, we believe that a rigorous expression of these requirements can be useful in determining whether a given protocol can satisfy an application's needs. In this paper we ... |
|
| Towards an Analysis of Onion Routing Security |
2000 |
20 pages |
| Authors:
Paul Syverson; Gene Tsudik; Michael Reed; Carl Landwehr; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| This paper presents a security analysis of Onion Routing, an application independent infrastructure for traffic-analysis- resistant and anonymous Internet connections. It also includes an overview of the current system design, definitions of security goals and new adversary models. |
|
| Dolev-Yao is no better than Machiavelli |
2000 |
7 pages |
| Authors:
Paul Syverson; Catherine Meadows; Iliano Cervesato; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| We show that all attacks that can be mounted by a traditional Dolev-Yao intruder against common cryptographic protocols can be enacted by an apparently weaker `Machiavellian' adversary in which compromised principals will not share long-term secrets and will not send arbitrary messages. We also show that a Dolev-Yao adversary composed of multiple compromised principals is attack-equivalent to an adversary consisting of a single dishonest principal who is only willing to ... |
|
| Onion Routing for Anonymous and Private Internet Connections |
28 JAN 1999 |
6 pages |
| Authors:
David Goldschlag; Michael Reed; Paul Syverson; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| Preserving privacy means not only hiding the content of messages, but also hiding who is talking to whom (traffic analysis). Much like a physical envelope, the simple application of cryptography within a packet-switched network hides the messages being sent, but can reveal who is talking to whom, and how often. Onion Routing is a general purpose infrastructure for private communication over a public network [8, 9, 4]. It provides anonymous ... |
|
| Towards a Strand Semantics for Authentication Logic |
1999 |
16 pages |
| Authors:
Paul Syverson; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| The logic BAN was developed in the late eighties to reason about authenticated key establishment protocols. It uncovered many flaws and properties of protocols, thus generating lots of attention in protocol analysis. BAN itself was also subject of much attention, and work was done examining its properties and limitations, developing extensions and alternatives, and giving it a semantics. More recently, the strand space approach was developed. This approach gave a ... |
|
| Weakly Secret Bit Commitment: Applications to Lotteries and Fair Exchange |
JUN 1998 |
14 pages |
| Authors:
Paul Syverson; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| This paper presents applications for the weak protection of secrets in which weakness is not just acceptable but desirable. For one application, two versions of a lottery scheme are presented in which the result of the lottery is determined by the ticket numbers purchased, but no one can control the outcome or determine what it is until after the lottery closes. This is because the outcome is kept secret in ... |
|
| A Formal Specification of Requirements for Payment Transactions in the SET Protocol |
24 FEB 1998 |
16 pages |
| Authors:
Catherine Meadows; Paul Syverson; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| Payment transactions in the SET (Secure Electronic Transaction) protocol are described. Requirements for SET are discussed and formally represented in a version of NPATRL (the NRL Protocol Analyzer Temporal Requirements Language). NPATRL is language for expressing generic requirements, heretofore applied to key distribution or key agreement protocols. Transaction vectors and other new constructs added to NPATRL for reasoning about SET payment transactions are described along with properties of their representation. ... |
|
| A Formal Language for Cryptographic Protocol Requirements |
1996 |
31 pages |
| Authors:
Paul Syverson; Catherine Meadows; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| In this paper we present a formal language for specifying and reasoning about cryptographic protocol requirements. We give sets of requirements for key distribution protocols and for key agreement protocols in that language. We look at a key agreement protocol due to Aziz and Diffe that might meet those requirements and show how to specify it in the language of the NRL Protocol Analyzer. We also show how to map ... |
|
| Limitations on Design Principles for Public Key Protocols |
1996 |
12 pages |
| Authors:
Paul Syverson; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| Recent papers have taken a new look at cryptographic protocols from the perspective of proposing design principles. For years the main approach to cryptographic protocols has been logical, and a number of papers have examined the limitations of those logics. This paper takes a similar cautionary look at the design principal approach. Limitations and exceptions are offered on some of the previously given basic design principals. The focus is primarily ... |
|
| Fail-Stop Protocols: An Approach to Designing Secure Protocols (Preprint) |
SEP 1995 |
13 pages |
| Authors:
Li Gong; Paul Syverson; SRI INTERNATIONAL MENLO PARK CA COMPUTER SCIENCE LAB
|
| We present a methodology to facilitate the design and analysis of secure cryptographic protocols. We advocate the general approach, and a new avenue for research, of restricting protocol designs to well-defined practices, instead of ever increasing the complexity of protocol security analysis mechanisms to deal with every newly discovered attack and the endless variations in protocol construction. In particular, we propose a novel notion of a fail-stop protocol, which automatically ... |
|
| Formal Requirements for Key Distribution Protocols |
1994 |
13 pages |
| Authors:
Paul Syverson; Catherine Meadows; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| We discuss generic formal requirements for reasoning about two party key distribution protocols, using a language developed for specifying security requirements for security protocols. Typically earlier work has considered formal analysis of already developed protocols. Our goal is to present sets of formal requirements for various contexts which can be applied at the design stage as well as to existing protocols. We use a protocol analysis tool we have developed ... |
|
| A Taxonomy of Replay Attacks |
1994 |
6 pages |
| Authors:
Paul Syverson; NAVAL RESEARCH LAB WASHINGTON DC
|
| This paper presents a taxonomy of replay attacks on cryptographic protocols in terms of message origin and destination. The taxonomy is independent of any method used to analyze or prevent such attacks. It is also complete in the sense that any replay attack is composed entirely of elements classified by the taxonomy. The classification of attacks is illustrated using both new and previously known attacks on protocols. The taxonomy is ... |
|
| A Logical Language for Specifying Cryptographic Protocol Requirements |
1993 |
14 pages |
| Authors:
Paul Syverson; Catherine Meadows; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| In this paper we present a formal language for specifying and reasoning about cryptographic protocol requirements. We give examples of simple sets of requirements in that language. We look at two versions of a protocol that might meet those requirements and show how to specify them in the language of the NRL Protocol Analyzer. [Mea91] [Mea92] We also show how to map one of our sets of formal requirements to ... |
|
| On Key Distribution Protocols for Repeated Authentication |
1993 |
8 pages |
| Authors:
Paul Syverson; NAVAL RESEARCH LAB WASHINGTON DC CENTER FOR HIGH ASSURANCE COMPUTING SYSTEMS (CHACS)
|
| In [KSL92], Kehne et al. present a protocol (KSL) for key distribution. Their protocol allows for repeated authentication by means of a ticket. They also give a proof in BAN logic [BAN89] that the protocol provides the principals with a reasonable degree of trust in the authentication and key distribution. They present an optimality result that their protocol contains a minimal number of messages. Nonetheless, in [NS93] Neuman and Stubblebine ... |
|
Reports by Author
