[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) U.S. government patents "Onion Routing" anon browsing techniques




------- Forwarded message follows -------
Date sent:      	Sat, 18 Aug 2001 10:33:48 -0400
To:             	cryptography@wasabisystems.com
From:           	Declan McCullagh <declan@well.com>
Subject:        	U.S. government patents "Onion Routing" anon browsing technique


http://www.wired.com/news/politics/0,1283,46126,00.html

    Pentagon Hides Behind Onion Wraps
    By Declan McCullagh (declan@wired.com)
    2:00 a.m. Aug. 17, 2001 PDT

    [...]

    [Paul] Syverson said that the U.S. government was awarded patent
    number 6,266,704 for Onion Routing on July 24.

    That announcement prompted an angry reaction from Usenix
    attendees, many of whom are programmers, security consultants and
    system administrators, who aren't big fans of software patents --
    especially in the area of anonymous communications, where there's
    been so much prior work before the Navy ever got involved.

    Mathematician David Chaum, for instance, wrote an article titled
    "Untraceable Electronic Mail, Return Addresses and Digital
    Pseudonyms" for Communications of the ACM as far back as 1981.
    Lance Cottrell, who now runs anonymizer.com, wrote part of the
    mixmaster system in the early 1990s, and similar techniques were
    discussed on the cypherpunks mailing list even earlier.

    Syverson, who is listed on the patent with co-inventors Michael
    Reed and David Goldschlag, defended the government's move. "It is
    a necessary step for those of us working for the government to
    bring technology to the public," Syverson said.

    The patent describes Onion Routing, which has been the subject of
    analysis at previous security conferences, as providing "an
    electronic communication path between an initiator and a responder
    on a packet-switching network comprising an onion routing network
    that safeguards against traffic analysis and eavesdropping by
    other users of the packet switching network" such as the Internet.

   [...]

*********

http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PA
LL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50&s1='6,266,704'.WKU.&OS=PN/
6,266,704&RS=PN/6,266,704

    United States Patent 6,266,704
    Reed ,   et al. July 24, 2001
      ________________________________________________________________
      _

    Onion routing network for securely moving data through
    communication networks

                                   Abstract

    The onion routing network is used to protect Internet initiators
    and responders against both eavesdropping and traffic analysis
    from other users of the Internet. In the onion routing of the
    invention, instead of making connections directly to a responding
    machine, users make connections through onion routers. The onion
    routing network allows the connection between the initiator and
    responder to remain anonymous. Anonymous connections hide who is
    connected to whom and for what purpose from outside eavesdroppers.
      ________________________________________________________________
      _

    Inventors: Reed; Michael G. (Bethesda, MD); Syverson; Paul F.
    (Silver Spring, MD); Goldschlag; David M. (Silver Spring, MD)
    Assignee: The United States of America as represented by the
    Secretary of the Navy (Washington, DC) Appl. No.: 086541 Filed:
    May 29, 1998

    [...]

      ________________________________________________________________
      _

                                 Description
      ________________________________________________________________
      _

    BACKGROUND OF THE INVENTION
    1.0 Field of the Invention
    The present invention relates to the field of moving user
    real-time data within a communication network and, more
    particularly, to a system which moves data within a communication
    network, such as the Internet, without revealing the identity of
    the initiator of the data, nor the identity of the receiver of the
    data, nor the content of the data. 2.0 Description of the Prior
    Art The present invention is concerned with the right to privacy
    involved in electronic communication which may be better described
    by first discussing other forms of more commonly known
    communications. For example, letters sent through the Post Office
    are usually in an envelope marked with the sender's and
    recipient's addresses. The general public trusts that the Post
    Office does not peek inside the envelope, because the contents are
    private. The general public also trusts that the Post Office does
    not monitor who sends mail to whom, because that information is
    also considered private. These two types of sensitive information,
    the contents of an envelope and its addresses, apply equally well
    to electronic communication over the Internet. As the Internet
    becomes an increasing important part of modern day communication
    and electronic commerce, protecting the privacy of electronic
    messages also becomes increasingly important. Just like mail,
    electronic messages travel in envelopes, that is, electronic
    envelopes. Protecting the privacy of electronic messages requires
    both safeguarding the contents of their envelopes and hiding the
    addresses on their envelopes. Although communicating parties
    usually identify themselves to one another, there is no reason
    that the use of a public network, such as the Internet, ought to
    reveal to others who is talking to whom and what they are talking
    about. The first concern is traffic analysis, the latter is
    eavesdropping. By making both eavesdropping and traffic analysis
    hard, the privacy of communication is protected. However,
    anonymity need not be completely maintained because two parties
    communicating with each other may need to identify each other. For
    example, if a Web surfer wants to buy something using the
    electronic equivalent of cash, the purchaser may need to be
    identified to properly establish the debt being incurred; however,
    the network need not know any of this information. If an
    electronic envelope keeps its contents private, and the address on
    the envelope is also hidden, then any identifying information can
    only be inside the envelope. So for anonymous communication, we
    also should remove identifying information from the contents of an
    envelope. This may be called anonymizing a private envelope. An
    anonymous connection is a communications channel for which it is
    infeasible to determine both endpoints, that is, which principal
    initiated the communication and whom receives the communication.
    The principal initiating the connection is the initiator, and the
    principal to whom the initiator connects is the responder. The
    present invention implements a mechanism for anonymous connections
    that operates below the application layer and supports a variety
    of Internet applications, wherein the application layer is the
    highest layer within the hierarchy of the protocols being used to
    perform the data transfer. The usage of anonymous communication is
    known and generally referred to by the use of various terms in the
    art. For example, anonymous "Mixes" were introduced in 1985 as a
    store and forward mechanism for anonymously moving data through a
    network. These Mixes are not suitable for bidirectional real-time
    communication which is of importance to the present invention.
    Anonymous remailers, also known in the art, have been used to
    store and forward mail from a sender to a recipient without
    revealing the identity of the sender to observers of the network.
    Different versions of these remailers use Mixes in a highly
    application specific way which limits their applicability for
    other uses. Anonymous bidirectional real-time communication for
    Integrated Service Digital Network (ISDN) has also been explored,
    especially as in related phone switching means. Mixes are
    incorporated into an ISDN phone switch to permit anonymous
    connections between callers within the same ISDN switch. The usage
    of these anonymous connection means is dependent upon the
    characteristics of the ISDN phone switches which, in turn, has
    inherent limitations which, in turn, limit their usage. The first
    mention of near real-time Mixes for the Internet appears in the
    Pipe-Net techniques also known in the art. Pipe-Net's design
    provides fixed bandwidth, low-capacity communications channels
    strongly protected against both active and passive traffic
    analysis attacks. However, the fixed bandwidth and low-capacity
    communication limit their usage. Further, to our knowledge this
    Pipe-Net's design has never been built, fully described, nor
    formally published. The anonymizer, known in the art, provides
    weak protection against traffic analysis of World Wide Web (WEB)
    communications, by providing a centralized service that removes
    identifying information from the data stream. So called "Crowds"
    extends this approach to decentralize the proxy. However, the
    Anonymizer does not protect against passive attacks at the
    centralized proxy; whereas Crowds does not protect against global
    passive attacks. It is desired to provide a general purpose system
    that allows anonymous connections to move data through a
    communication network and that does not suffer the drawbacks of
    the prior art.

    [...]




---------------------------------------------------------------------
The Cryptography Mailing List Unsubscribe by sending "unsubscribe
cryptography" to majordomo@wasabisystems.com
------- End of forwarded message -------