pEp MixMailer presentation slides. See aditional documentation at https://mixmailer_docs.codeberg.page/ (source: https://gitea.pep.foundation/pEp.foundation/mixmailer_docs). See prototype at https://gitea.pep.foundation/pEp.foundation/mixmailer.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 

13 KiB

Mix networks


Anonymity

~= unlinkability

  • sender anonymity
  • receiver anonymity
  • location anonymity
  • third party anonymity

~= unobservability


Adversaries

  • Passive adversary
    • Oberving both ends
  • Active adversary
    • Observing both ends

Onion routing versus Mix networks


Onion routing

image


Tor (The Onion Router)

image


Mix networks

image


Latency

  • Mix networks are not suitable for:
    • Web browsing
    • Real time messaging
  • Suitable for:
    • Email
    • Cryptocurrency transactions
    • Voting

History


Anonymous remailers


Cypherpunks remailer

(Type I)

  • 1990s
  • David Chaum
  • OpenPGP
  • SMTP / POP3 / MIME format
  • Initially no mixing

Cypherpunks remailer

Weaknesses

  • Flooding attacks
  • Time and size analysis
  • Replay attacks

Type II or Mixmaster

  • 1995
  • Lance Cottrell
  • List of servers, pingers
  • Mixmaster packet format
  • Message pool
  • Cover traffic, dummy packets
  • No OpenPGP for nodes

Type II or Mixmaster (2)

image


Mixmaster weaknesses

  • Partition attacks
  • Replay attacks

Anonymity for 2015: Len Sassaman in 24C3, 2007


Type III or Mixminion

  • Single-Use Replay Blocks (SURBs)
  • Directory servers
  • TLS
  • Key rotation

Type III or Mixminion (2)

image


Batch and reorder

image


Limitations of remailers

  • Scale poorly
  • Time-consuming public key operations
  • Size of anonymity is the size of the batch
  • Traffic confirmation attacks
  • Active attacks
  • Spam

Spam

  • SPF
  • DKIM
  • DMARC

"Open" vs "Close" system

image


Modern mix networks

  • Loopix system
  • Sphinx packet format

Loopix


Stratified topology

  • Low-latency
  • Optimal for anonymity and scalability
  • Mix nodes arranged in layers
  • Path is compossed by nodes of each layer

image


Stop-and-Go-MIXes

  • Each packet is delayed before being sent
  • End-to-end latency of the packet

image


Loopix (2)

  • Unobservability

Sphinx

  • No time-consuming public-key operations

image


Sphinx: A Compact and Provably Secure Mix Format, Ian Goldberg, 2009


Katzenpost

  • Sphinx
  • Loopix
  • 2017
  • AGPL
  • Mail proxy

Katzenpost (2)

  • Providers

Katzenpost (3)

Pros:

  • third party untraceability
  • better scalability
  • predictable delays
  • Email proxy

Katzenpost (4)

Cons:

  • License
  • Devs do not like the Email proxy
  • No production network

Nymtech

  • 2019
  • Apache2
  • Not for Email
  • Testing network

Nym mixnet

image


pEp Mixnet

  • Cypherpunk mix network
  • OpenPGP using pEp Engine
  • Nodes/mixes are SMTP servers

Goals

  • Hide metadata (Email headers)
  • Unlinkability to a third party observer
  • No receiver nor sender anonymity
  • Maybe compatibility in the future with Mixmaster network

Who are the users

  • only pEp clients
  • nodes/mixes run by volunteers

Prototype

https://gitea.pep.foundation/pEp.foundation/pEpPythonMixnet/


Encryption layers

$ docker exec alice.whatever.example cat /root/log/mixnet.log
Created identity Alice Lovelace <alice@openpgp.example>
Setting my own identity to: Alice Lovelace <alice@openpgp.example>, EB85BB5FA33A75E15E944E63F231550C4F47E38E.
Set my own identity to: Alice Lovelace <alice@openpgp.example>, EB85BB5FA33A75E15E944E63F231550C4F47E38E
Created identity Bob Babagge <bob@openpgp.example>
Message encrypted for Bob Babagge <bob@openpgp.example>.
Created identity n1 <root@n1.pep.example>
Created identity n2 <root@n2.pep.example>
Created identity n3 <root@n3.pep.example>
Message from Alice Lovelace <alice@openpgp.example> encrypted to n3 <root@n3.pep.example>.
Message from Alice Lovelace <alice@openpgp.example> encrypted to n2 <root@n2.pep.example>.
Message from Alice Lovelace <alice@openpgp.example> encrypted to n1 <root@n1.pep.example>.
Sending email from: Alice Lovelace <alice@openpgp.example>, to: n1 <root@n1.pep.example>, via localhost:25

$ docker exec alice.whatever.example cat /var/log/mail.log
Dec  4 14:19:44 whatever postfix/qmgr[113]: CF94D2813CE: from=<alice@openpgp.example>, size=21035, nrcpt=1 (queue active)
Dec  4 14:19:44 whatever postfix/smtpd[119]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec  4 14:19:44 whatever postfix/smtp[124]: CF94D2813CE: to=<root@n1.pep.example>, relay=n1.pep.example[172.19.0.3]:25, delay=0.12, delays=0.01/0.02/0.06/0.02, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as E9F4E2813D7)
Dec  4 14:19:44 whatever postfix/qmgr[113]: CF94D2813CE: removed

$ docker exec n1.pep.example cat /var/log/mail.log
Dec  4 14:19:44 n1 postfix/qmgr[116]: E9F4E2813D7: from=<alice@openpgp.example>, size=21253, nrcpt=1 (queue active)
Dec  4 14:19:44 n1 postfix/smtpd[117]: disconnect from alice.whatever.example.peppythonmixnet_default[172.19.0.9] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec  4 14:19:45 n1 postfix/smtpd[117]: connect from localhost[127.0.0.1]
Dec  4 14:19:45 n1 postfix/smtpd[117]: D42C02813E5: client=localhost[127.0.0.1]
Dec  4 14:19:45 n1 postfix/cleanup[121]: D42C02813E5: message-id=<20201204141945.D42C02813E5@n1.pep.example>
Dec  4 14:19:45 n1 postfix/qmgr[116]: D42C02813E5: from=<alice@openpgp.example>, size=13205, nrcpt=1 (queue active)
Dec  4 14:19:45 n1 postfix/smtpd[117]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec  4 14:19:45 n1 postfix/pipe[122]: E9F4E2813D7: to=<root@n1.pep.example>, relay=remailer, delay=1, delays=0.01/0.01/0/0.97, dsn=2.0.0, status=sent (delivered via remailer service (User home /home/remailer/remailer _[32mINFO:mixnet.common:Imported key <_io.TextIOWrapper name='/pep))
Dec  4 14:19:45 n1 postfix/qmgr[116]: E9F4E2813D7: removed
Dec  4 14:19:45 n1 postfix/smtp[124]: D42C02813E5: to=<root@n2.pep.example>, relay=n2.pep.example[172.19.0.4]:25, delay=0.11, delays=0.01/0.02/0.06/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as ED7EF2813EC)
Dec  4 14:19:45 n1 postfix/qmgr[116]: D42C02813E5: removed

$ docker exec n2.pep.example cat /var/log/mail.log
Dec  4 14:19:45 n2 postfix/qmgr[116]: ED7EF2813EC: from=<alice@openpgp.example>, size=13413, nrcpt=1 (queue active)
Dec  4 14:19:45 n2 postfix/smtpd[117]: disconnect from n1.pep.example.peppythonmixnet_default[172.19.0.3] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec  4 14:19:48 n2 postfix/smtpd[117]: connect from localhost[127.0.0.1]
Dec  4 14:19:48 n2 postfix/smtpd[117]: B46E92813FA: client=localhost[127.0.0.1]
Dec  4 14:19:48 n2 postfix/cleanup[121]: B46E92813FA: message-id=<20201204141948.B46E92813FA@n2.pep.example>
Dec  4 14:19:48 n2 postfix/qmgr[116]: B46E92813FA: from=<alice@openpgp.example>, size=7519, nrcpt=1 (queue active)
Dec  4 14:19:48 n2 postfix/smtpd[117]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec  4 14:19:48 n2 postfix/pipe[122]: ED7EF2813EC: to=<root@n2.pep.example>, relay=remailer, delay=2.8, delays=0.02/0.01/0/2.8, dsn=2.0.0, status=sent (delivered via remailer service (User home /home/remailer/remailer _[32mINFO:mixnet.common:Imported key <_io.TextIOWrapper name='/pep))
Dec  4 14:19:48 n2 postfix/qmgr[116]: ED7EF2813EC: removed
Dec  4 14:19:48 n2 postfix/smtp[124]: B46E92813FA: to=<root@n3.pep.example>, relay=n3.pep.example[172.19.0.2]:25, delay=0.19, delays=0.01/0.12/0.04/0.02, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as E0FF2281401)
Dec  4 14:19:48 n2 postfix/qmgr[116]: B46E92813FA: removed

$ docker exec n3.pep.example cat /var/log/mail.log
Dec  4 14:19:48 n3 postfix/qmgr[116]: E0FF2281401: from=<alice@openpgp.example>, size=7727, nrcpt=1 (queue active)
Dec  4 14:19:48 n3 postfix/smtpd[117]: disconnect from n2.pep.example.peppythonmixnet_default[172.19.0.4] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec  4 14:19:51 n3 postfix/smtpd[117]: connect from localhost[127.0.0.1]
Dec  4 14:19:51 n3 postfix/smtpd[117]: 0457B28140F: client=localhost[127.0.0.1]
Dec  4 14:19:51 n3 postfix/cleanup[121]: 0457B28140F: message-id=<20201204141951.0457B28140F@n3.pep.example>
Dec  4 14:19:51 n3 postfix/qmgr[116]: 0457B28140F: from=<alice@openpgp.example>, size=3378, nrcpt=1 (queue active)
Dec  4 14:19:51 n3 postfix/smtpd[117]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Dec  4 14:19:51 n3 postfix/pipe[122]: E0FF2281401: to=<root@n3.pep.example>, relay=remailer, delay=2.2, delays=0.01/0.01/0/2.2, dsn=2.0.0, status=sent (delivered via remailer service (User home /home/remailer/remailer _[32mINFO:mixnet.common:Imported key <_io.TextIOWrapper name='/pep))
Dec  4 14:19:51 n3 postfix/qmgr[116]: E0FF2281401: removed
Dec  4 14:19:51 n3 postfix/smtp[124]: 0457B28140F: to=<bob@openpgp.example>, relay=openpgp.example[172.19.0.8]:25, delay=0.12, delays=0.01/0.02/0.07/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 202D5281416)
Dec  4 14:19:51 n3 postfix/qmgr[116]: 0457B28140F: removed

$ docker exec bob.openpgp.example cat /var/mail/root
From alice@openpgp.example  Fri Dec  4 14:19:51 2020
Return-Path: <alice@openpgp.example>
X-Original-To: bob@openpgp.example
Delivered-To: root@openpgp.example
Received: from n3.pep.example (n3.pep.example.peppythonmixnet_default [172.19.0.2])
	by openpgp.example (Postfix) with ESMTP id 202D5281416
	for <bob@openpgp.example>; Fri,  4 Dec 2020 14:19:51 +0000 (UTC)
Received: from n3.pep.example (localhost [127.0.0.1])
	by n3.pep.example (Postfix) with ESMTP id 0457B28140F
	for <bob@openpgp.example>; Fri,  4 Dec 2020 14:19:51 +0000 (UTC)
From: Alice Lovelace <alice@openpgp.example>
To: Bob Babagge <bob@openpgp.example>
Subject: =?utf-8?Q?p=E2=89=A1p?=
X-pEp-Version: 2.1
MIME-Version: 1.0
Content-Type: multipart/encrypted;
 boundary="2979318c3fd4cca9350961f6385bf0af";
 protocol="application/pgp-encrypted"
Message-Id: <20201204141951.0457B28140F@n3.pep.example>
Date: Fri,  4 Dec 2020 14:19:51 +0000 (UTC)
--2979318c3fd4cca9350961f6385bf0af
Content-Type: application/pgp-encrypted
Version: 1
--2979318c3fd4cca9350961f6385bf0af
Content-Type: application/octet-stream
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="msg.asc"
-----BEGIN PGP MESSAGE-----
wV4DR2b2udXyHrYSAQdAAM3o2Ec30JjaBiqY3OuPutPz1CGAPoTYH3e6RAK+h2gw
...
fwnunDc3lNgbDY7F
=ftrS
-----END PGP MESSAGE-----
--2979318c3fd4cca9350961f6385bf0af--


Mixing

  • Random delays

Padding

  • Impossibility to predict final message size

Topology

  • Stratified

TLS

Metadata (headers) visible to:

  • last node
  • between last node and receiver
  • receiver

Nodes/keys registration/discovery

GNUnet Name System (GNS) triples:

email=root@n1.pep.example;layer=1;opengpg=AAAA

GNS limitations

  • REST API, no TLS
  • REST API, no authentication
  • Not a global system

GNS delegation

  • Need of authorities
  • Authority delegates node record resolution to nodes
  • Node delegates other nodes record resolution to authority

GNS delegation (2)

image


GNS registration

  • How the new nodes joining the netwwork can tell the authority their keys?

GNS discovery

  • asking the authority(s) the TXT "mixnet" record

    n1,n2
    
  • asking the authority(s) the TXT records of the nodes


Comparative

image


Questions for you

  • Which existing mixnet software would you choose?
  • Which packet format would you choose?
  • Why do you think that to the date, there is not any mix network other than mixmaster and it has less than a dozen nodes?

Thanks!

Slides made 100% with FLOSS and 💜

juga at pep dot foundation

2DA8 1D01 455C 3A00 3219 8850 F305 447A F806 D46B