In September we will be producing a CD with the 15-year accumulation of these dissertations*, plus some dissertations from CERIAS affiliate programs. We will provide a copy of this CD free of charge to anyone who requests one. There will be a limit of one per department address -- you can make copies for your colleagues. We will also have all of these dissertations on-line in our WWW library. We expect the mailing to occur in late September, after summer graduation is finalized at all the involved institutions.

Because of copyright issues, we will be unable to include the conference and journal publications associated with these dissertations -- sorry. If you would like one of these CDs when they are ready, please send me email (spaf@purdue.edu) with a valid postal address. Put the string "PHD-CD" in the subject line, please. If you have any suggestions on additional content or organization of the CD, please let me know that as well.

Also, we welcome any additions of infosec-related theses and papers for our on-line library, assuming the copyright status allows unrestricted dissemination. Please see the bibtex archive for details.

Tor is like a remailer network for TCP streams. Instead of wrapping an email message in multiple encryption envelopes which reflect the path of remailers a message should take en route to its destination, onion routing implementations originally worked by creating an onion of envelopes containing session keys and next-hop information for a TCP stream. In its current form, however, Tor uses an incremental or telescoping design, adding each new node to the end of the path, then ultimately using an "exit" node to connect to an arbitrary internet host. This provides several advantages over prior designs, avoiding replay problems and providing perfect forward secrecy for the connection. As with remailer networks, each node only learns the prior and next nodes in the tunnel. And since the tor client implements a socks4a proxy, users can use unmodified web browsers and other traditional applications while keeping their originating IP addresses secret from active and passive attackers. With an application-aware proxy like privoxy, users can also strip out cookies and other application data commonly used to track users. Application-layer proxies can also route DNS lookups through the Tor network, avoiding a potential privacy leak.

While onion routing has been implemented before, Tor makes onion routing robust and viable for widespread use. In particular, Tor allows the creation of location-hidden services, in which servers can create a DNS-like address such as "6sxoyfb3h2nvok2d.onion" which allows users to contact the server without learning its IP address.

Tor is rapidly maturing. On my Debian GNU/Linux system, installing Tor was as easy as "apt-get install tor privoxy". Then I added the line "forward-socks4a / localhost:9050 ." to /etc/privoxy/config, instructing the anonymizing proxy "privoxy" to use Tor, as recommended by the configuration guide. After setting Mozilla's HTTP proxy to localhost, port 8118 (the port on which privoxy listens), I was ready to surf the web anonymously. Privoxy properly handles DNS resolution for normal addresses as well as the .onion TLD. Tor is also available for Windows, OS X, and most other flavors of Unix.

The Tor Network Status page currently lists over 100 server nodes with at least 500kbit/sec links, and over 20 servers offering at least 4 Mbit/sec, with more being added every day. Tor's bandwidth management features allow servers to specify the maximum amount of traffic they are willing to pass, and allow clients to choose paths which can offer the bandwidth required by their applications. Consequently, even users with asymmetric bandwidth limits can contribute to the network without unnecessarily limiting the bandwidth available to other users. Administrators estimate that about 30,000 clients currently use the 200 Tor servers now in operation across 5 continents.

Tor brings up interesting and important questions regarding online privacy, and creates a platform on which other privacy protecting systems can be built. In particular, constructions based on Chaum's Blind Signatures and recent credential systems like Hidden Credentials offer strong protections against traceability, but are problematic to implement on a network in which users can be traced by their IP addresses. On the other hand, Wikipedia recently blocked most Tor exit nodes as "open proxies" in the ongoing challenge of keeping the site available to the thousands of (semi-)anonymous editors who contribute, while blocking the small percentage of antisocial or vandalizing users who cause problems for others or add spam to articles. These practical issue may spur the development of reputation or pseudonymity systems which will allow access control and anonymity to coexist peacefully.

See Freehaven's anonymity bibliography for more information on anonymity systems.

The Monday, Sept. 26 sessions are specifically open to the public, and will include talks by Butler Lampson, Distinguished Engineer, Microsoft, Joel Birnbaum, Senior Technical Advisor at HP, and David Brailer, National Coordinator for Health Information Technology at HHS (invited), as well as an extensive poster session displaying progress by Cyber Trust PIs.

The first Trusted Computing awards are reaching the end of their three-year terms, and other awards under the Cyber Trust umbrella are also producing significant advances. This meeting offers PIs the opportunity to showcase their results, and it offers industry and government representatives the opportunity to identify research results they can exploit and researchers with whom they can partner.

Please visit the registration web site and make plans to come. Thanks to Sharad Mehrotra, Quent Cassen, and staff at UC-Irvine for hosting the event.