What are the advantages of implementing an onion routing and/or packet mixing on overlay networks, as opposed to run it on a bottom layer?
notes
better unlikeability: routing packets over tor still allows attackers to link packets to a given (although anonymous) IP. on the other hand, using anonymous routing on the top layer will make it harder to link packets to a node both at the protocol layer as well as the network layer.
better performance (?): the assumption is that the performance can improve. needs testing
privacy by diversion: if the privacy mechanisms (e.g. onion routing protocol) are implemented at the overlay layer, the nodes can arbitrarily change the mechanisms being used over time since they are in control. this plug-and-play may help to skew the attack surface of an adversary
plug and play privacy: the user can decide when they want to rely on privacy routing or not on a fine grain level (rather than just pushing all packets to another overlay network)
the problems might be:
enough entropy?
more resilient and better overall performance?
how to chose privately the relayers for the circuit
What are the advantages of implementing an onion routing and/or packet mixing on overlay networks, as opposed to run it on a bottom layer?
notes
better unlikeability: routing packets over tor still allows attackers to link packets to a given (although anonymous) IP. on the other hand, using anonymous routing on the top layer will make it harder to link packets to a node both at the protocol layer as well as the network layer.
better performance (?): the assumption is that the performance can improve. needs testing
privacy by diversion: if the privacy mechanisms (e.g. onion routing protocol) are implemented at the overlay layer, the nodes can arbitrarily change the mechanisms being used over time since they are in control. this plug-and-play may help to skew the attack surface of an adversary
plug and play privacy: the user can decide when they want to rely on privacy routing or not on a fine grain level (rather than just pushing all packets to another overlay network)
the problems might be: