[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?
From: Ondrej Mikle <ondrej.mikle@xxxxxxxxx>
Date: Sat, 21 Apr 2012 20:05:46 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 21 Apr 2012 14:06:08 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :x-enigmail-version:content-type:content-transfer-encoding; bh=vQq8qmq4/pRE816lujRMHpzcNAs2wcYPsmgZqZIiL6Q=; b=K6M7JqC/AcUC1+UTN1Lrf0zi9bjg+YwXaep5qM5DTnHrv9jhtmdCK4KCQcnOLlf3nK v91n/I/p5/xL/vbhspCYPBnVOO9zI2fYqqSEQquP4j1/Gl1APWpQucNYAE6tYaS0PGPr U3WfIncKEpBCkU6rQoEA2RjsHMSwQD3Rz4qzRzG1U0uUKTFI7dpcGjSZ0kCY+NlQ5mYc OoFuPtEhdNH/m8qxhFbKd1znk92GAyNLVH2NuIi0gxL8kbYkMLxo1dJiQ8QYbR7964uj /nxvhqaxjD+65mzq7cuHsCPXHBvzWBSC3rABYm6P4qFw24VBqHXU/yaV9o8WpA9IeI3s /N4g==
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1

Hi,

I'd like to ask what possible attacks on retroactive traffic confirmation on Tor
are known when attacker has data retention records - i.e. can use them for
traffic confirmation for past period.

Scenario 1:

If the ISP's records store [srcIP, srcPort, srcMac, dstIP, dstPort, size,
startTime, endTime] for every TCP connection, then it's definitely doable; note
that srcMac is MAC of client visible from ISP's side of the router to internet
(so that clients behind NAT can be identified, though the srcPort gives that
away, too).

Scenario 2:

What if the records stored are: [srcIP, srcPort, srcMac, size, start_time,
end_time]? Obviously "regular" (non-Tor) connections are susceptible to traffic
confirmation: e.g. victim writes "Minister of finance is 5-year child in
adult-like costume from NSA." on a site, attacker wants to know who it was.
Attacker retrieves site's logs (by court order/coercion) and that reduces the
situation to equivalent of scenario 1.

However, can an attacker do Tor traffic confirmation attack in scenario 2?

- (obviously) if attacker can simultaneously get data retention records for all
Tor nodes, then yes
- attacker notices what guard nodes victim uses by obtaining court order on to
eavesdrop (later after sought-after traffic took place). Attacker listens to
victim's communication and then requests data retention records from the guard
nodes. Now attacker sees where the second node in circuit is.
  - if second node in circuit is attacker-controlled, then attacker sees where
the exit node is, thus retrieves data retention records for exit and finally for
destination site
- if attacker controls exit node, then it's reduced to "classic scenario"
control of entry and exit
- what if size field is not present in the data retention records? Does it make
substantially harder? What if size is present, but not time fields?

Can you think of any other scenarios? (I might have been wrong in some points,
so correct me where I am mistaken, please.)

Can you think of any attack on ordinary "non-Tor" connection which the attacker
could employ in scenario 2 if he doesn't have the server logs? Possibly create
some statistical fingerprint of traffic from/to each IP in country or selected
IP set and compare to data retention records?

(This is actually a real scenario in CZ: a year ago, data retention scenario 1
was in effect, then stopped by constitutional court, now scenario 2 is coming
back; though it's not yet definite.)

Thanks a lot,
  Ondrej
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?
  - From: Pascal

Prev by Author: Re: [tor-talk] Another openssl advisory: Tor seems not to be affected
Next by Author: Re: [tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?
Previous by thread: Re: [tor-talk] Problem with TransPort etc.
Next by thread: Re: [tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?
Index(es):
- Author
- Thread