The routing approach to mix-nets has taken over the more traditional methods. In this approach, each mix-server takes information from clients or from other mix servers and then forwards that information in a more processed form to some other server. Routing mix-nets are currently in widespread use because it is relatively easy to modify a mail server or router to strip headers. This means that most networks al- ready have the hardware in place to create a mix-net.
The routing approach relies on multiple source and destination mix-net servers. Each server will receive messages in the form of encrypted packets. The server, us- ing public key cryptography, decrypts the message. Inside are another encrypted
Part V Preserving Privacy 149
Chapter 12 Preserving Privacy: Anonymity 17_200423_CH12_Sonnenreich 9/3/03 2:41 PM Page 149
150 Network Security Illustrated
Wes w ants to cr eate a ano nym o us m essag e. In this exam ple, a r o uting m ix- net is used to str ip aw ay Wes's identifying inf o r m atio n.
A r o ute thr o ug h the m ixnet s cho sen, either by the user o r the m ixnet so ftw ar e. Fo r each ho p in the r o ute, the m essag e is encr ypted using the public key o f the m ix r elay. The r esult is an o nio n- like m essag e w her e each layer is an encr ypted r o uting instr uctio n. The inner m o st layer is the o r ig inal m essag e.
The m essag e is sent to the fir st m ix- net r elay.
The m ix r elay r eceives the m essag e and uses its secr et key to decr ypt the o uter m o st layer o f the o nio n.
The decr ypted m essag e co ntains the r o uting info r m atio n o f the next ho p, and r eveals inner encr ypted layer s o f the
The final ho p is the ultim ate destinatio n o f the m essag e. The m essag e g ets deliver ed to the r ecipient. The entir e pr o cess is
untr aceable. The m ix r elay sends the inner m essag e o n to the next ho p m ix r elay. Steps 4 and 5 r epeat until the final ho p is r eached. Ho w Ro uting M ix-Nets Wo rk
Illustr atio n by
■Figure 12-1
message and the address for the next mix-net hop. The inner message is then sent along to the next hop, and then the process begins again. This is like peeling away the layers of an onion. The outer layers are stripped away, meaning that a server can’t trace the data any further than one hop back. The more hops/layers used, the less likely it is that an observer will be able to track a message from source to destination.
• Benefits: This is the most common approach used when establishing mix- nets and the most straightforward to set up and maintain. Mix-nets can be “piggy backed” onto mail servers, for example, because many mail servers are capable of stripping headers out of packet data. Mail servers are well understood by network administrators and therefore more easily manipulated into the form of a mix-net.
Once servers are configured to strip headers of incoming messages, public key cryptography is fairly easy to add. A mail server set up to strip message information and encrypt all message instructions can also be easily
replicated and distributed to multiple locations. In short, the means and methods involved in the routing approach are fairly attainable and can be quickly implemented on multiple host networks.
Another benefit to the routing approach is that mailed instructions are encrypted using public key cryptography. The routing instructions for a specific mix-net are encrypted with the public key of that particular mix- net. The result is that each mix-net can only read the encrypted instructions destined for it, and not for any other mix-net in the chain of hops.
• Detractions: The major drawback to routing mix-nets is that they rely on routing. In other words, each mix-net server is required to analyze traffic that it receives, and actively strip headers from certain packets of that traffic. This can put an immense strain on server hardware, especially if it is also performing other critical services such as Simple Mail Transport Protocol(SMTP) for email. Finding an effective and practical balance in the implementation of a routing mix-net can be time-consuming and costly. There is another more traditional approach to mix-nets known as permutation mix-nets, or list-based mix-nets. Routing mix-nets cannot collaborate with one an- other as traditional mix-nets can. So the following is a key point of trade off in the world of privacy and anonymity: increased reliability at the expense of inter-server communication. In other words, you lose all the benefits the mix-net can provide as a direct result of inter-server communication.