Resources

• Three different sizes of envelopes (such that the smallest fits the medium-size and medium-size fits the largest envelope). The envelopes need either be of different colour or feature coloured dots for easy observation. Add a message to a small envelope, the small envelope is placed in a medium size envelope, and that one in a large size envelope.
• Opaque containers (bags for example)
• Enough people willing to play the parts
  • a network of at least 12 people holding boxes as mixnodes. People can be source and destination.
  • 3 extra destinations (services on servers).
  • Depending on what situation you are translating, a few people are playing ISP observers (those infamous black boxes placed at ISP's). For example, for creating a situation like in Egypt, have one ISP (that is directly talking to government).
  • Some people playing governments
  • Everybody not in one of the above roles can be observers, of which some report to governments.

Scenario: Mixnets

As this first mixnet scenario have a few people make messages and place them in mixnodes (at random). Mixnodes remove one envelope for each message and distributed each message to a new mix node. Those mixnodes repeat the procedure. And again, until mixnodes see who the recipient is and forward the message to their destinations. Just have people send messages back and forth at different times.

Now ask the observers to focus on three senders to determine who gets whose message. And what else seems noteworthy. Play with the parameters and scenarios.

Scenario: Onion routing

Mix networks get their security from the mixing done by their component mixes, and may or may not use route unpredictability to enhance security. Onion routing networks primarily get their security from choosing routes that are difficult for the adversary to observe, which for designs deployed to date has meant choosing unpredictable routes through a network. And onion routers typically employ no mixing at all. This gets at the essence of the two even if it is a bit too quick on both sides. Mixes are also usually intended to resist an adversary that can observe all traffic everywhere and, in some threat models, to actively change traffic. Onion routing assumes that an adversary who observes both ends of a communication path will completely break the anonymity of its traffic. Thus, onion routing networks are designed to resist a local adversary, one that can only see a subset of the network and the traffic on it. - Paul Syverson - Why I'm not an Entropist http://freehaven.net/anonbib/cache/entropist.pdf

Practically speaking, if I built a route from my machine in France, to a server in Australia, to a server in Russia, to a server in Sweden, and then visit a webpage in France - there are a number of adversaries who could see part of this path. For example: people on our local network, our local ISP, the Chinese, Australian, Russian, Swedish, and French governments, the website operator and their Internet Service Provider. Supposedly none of those entities are able to see the entire path because they do not own, control, or have direct influence over every network link I'm using.

If an adversary is able to see the entire path, Onion Routing loses its security. Can people in the room see that it was Cathy who passed a message to Heathcliffe? What if there are multiple messages being passed, can we still see? What if a country creates their own national internet and we set up Tor in this country? What if (policing or intelligence agencies) of countries share what they see?

Scenario: Garlic routing

Resources

• Sleeping dogs lie on a bed of onions but wake when mixed https://www.petsymposium.org/2011/papers/hotpets11-final10Syverson.pdf