draft-iab-privsec-confidentiality-mitigations-05.txt   draft-iab-privsec-confidentiality-mitigations-06.txt 
IAB T. Hardie, Ed. IAB T. Hardie, Ed.
Internet-Draft March 20, 2016 Internet-Draft March 20, 2016
Intended status: Informational Intended status: Informational
Expires: September 19, 2016 Expires: September 19, 2016
Confidentiality in the Face of Pervasive Surveillance Confidentiality in the Face of Pervasive Surveillance
draft-iab-privsec-confidentiality-mitigations-05 draft-iab-privsec-confidentiality-mitigations-06
Abstract Abstract
The IAB has published [RFC7624] in response to several revelations of The IAB has published [RFC7624] in response to several revelations of
pervasive attack on Internet communications. In this document we pervasive attack on Internet communications. In this document we
survey the mitigations to those threats which are currently available survey the mitigations to those threats which are currently available
or which might plausibly be deployed. We discuss these primarily in or which might plausibly be deployed. We discuss these primarily in
the context of Internet protocol design, focusing on robustness to the context of Internet protocol design, focusing on robustness to
pervasive monitoring and avoidance of unwanted cross-mitigation pervasive monitoring and avoidance of unwanted cross-mitigation
impacts. impacts.
skipping to change at page 6, line 34 skipping to change at page 6, line 34
simultaneous connections may make it difficult to corelate the simultaneous connections may make it difficult to corelate the
traffic going into and out of the mid-point. For this to be traffic going into and out of the mid-point. For this to be
effective as a mitigation, traffic to the mid-point must be effective as a mitigation, traffic to the mid-point must be
encrypted and traffic from the mid-point should be. encrypted and traffic from the mid-point should be.
o Onion routing: Routing a session through several mid-points, o Onion routing: Routing a session through several mid-points,
rather than directly end-to-end, with encryption that guarantees rather than directly end-to-end, with encryption that guarantees
that each node can only see the previous and next hops. This that each node can only see the previous and next hops. This
ensures that the source and destination of a communication are ensures that the source and destination of a communication are
never revealed simultaneously. Note, however, that onion routing never revealed simultaneously. Note, however, that onion routing
anonymity guarantees depend +on an attacker being unable to anonymity guarantees depend on an attacker being unable to control
control many of the routing nodes +[TorPaper]. many of the routing nodes [TorPaper].
o Multi-path: Routing different sessions via different paths (even o Multi-path: Routing different sessions via different paths (even
if they originate from the same endpoint). This reduces the if they originate from the same endpoint). This reduces the
probability that the same attacker will be able to collect many probability that the same attacker will be able to collect many
sessions or associate them with the same individual. If, for sessions or associate them with the same individual. If, for
example, a device has both a cellular and 802.11 interface, example, a device has both a cellular and 802.11 interface,
routing some traffic across the cellular network and other traffic routing some traffic across the cellular network and other traffic
over the 802.11 interface means that traffic analysis conducted over the 802.11 interface means that traffic analysis conducted
only with one network will be incomplete. Even if conducted in only with one network will be incomplete. Even if conducted in
both, it may be more difficult for the attacker to associate the both, it may be more difficult for the attacker to associate the
 End of changes. 2 change blocks. 
3 lines changed or deleted 3 lines changed or added

This html diff was produced by rfcdiff 1.44. The latest version is available from http://tools.ietf.org/tools/rfcdiff/