[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] on the topic of tor's weaknesses



On 2/25/2012 12:41 PM, Xinwen Fu wrote:
Chris,

An attack may only work under its own threat model (capabilities and
resources an adversary has). If entries and exit are all secure, some
correlation attacks may not work. However, if the adversary can still
observe (not need to compromise Tor routers) the traffic into and out of
entries and exits, some attacks may still work, e.g., by correlating the
traffic patterns at the two sides of a circuit. Here is a paper describing
such possibility:
http://www.cs.uml.edu/~xinwenfu/paper/TorCellSize_ICC11_Fu.pdf.

Hope it helps a bit.

Xinwen Fu
Thanks for the link, Xinwen. I have a more basic question regarding the original question of adversaries somehow getting access to BOTH entry & exit nodes, that lots of users probably are curious about. Re: getting enough data (even if they could break encryption, if using * SSL *) to do any good. Since Tor / Vidalia changes nodes often (is it at least every 10 min, at most? - & more often if a circuit fails), could an adversary get enough data about ONE user to do any good?

In this case, is the threat that the adversary will ONLY be able to identify that one is USING Tor network (not capture the actual data transferred), assuming they have access to the * originating IP address,* going to the entry node AND also to the exit node? I suppose (for now), adversaries in repressive countries determining that one is USING Tor is a big problem. Not so much in "free" societies, but that could change.

What effect, if any, would Tor changing relays more frequently than the current default time, have on ability of adversaries tracking users (in a meaningful manner) from entry to exit nodes?

In Tor network, does the data packet size & order, in & out of entry or exit nodes necessarily HAVE to be the same? Would it be possible to make the in & out packet sizes different sizes, or mix the order of packets at an exit vs entry node? (I don't know the technicality of how this would work). If you d/l a torrent (as an example), you don't receive the file pieces in order. Is it theoretically possible the Tor network could develop a way to mix up the packets (of a file), within the network, so that even if an adversary had complete access to a given entry & exit node(s), the data going in one end could never be matched w/ data coming out? (don't answer too quickly! Never say never)

This is also somewhat similar in concept to the old data correction process, where pieces of a file might be re transferred (due to corruption), much later in the d/l process, after most of the file was already downloaded.

The theoretical concept I'm pondering is, could all pieces of data transmission through Tor be scrambled (the order and / or size) on purpose? Adversaries generally can't read the actual data because of encryption (if I understand). If there was also no correlation of packets (to an outside observer) at one end vs the other, how could they ever track a user by traffic analysis? Adversaries would theoretically have to monitor ALL relays, ALL of the time.

Even then, how would they track a user, end to end, if the packet order is purposefully & randomly jumbled within the network? It seems that the current Tor network model will come under ever increasing attacks / monitoring & needs to change the fundamental way it operates.

To some avg users, it might seem there is no way around a determined adversary determining they are using Tor (with current Tor network technology). If an ISP sets up an entry relay or bridge & exit relay, you could be screwed. If a user goes through a proxy to Tor, and an adversary runs the proxy (how do we really know?), you could be screwed.

I could go on & on w/ scenarios. Lots of people throw around the phrase, "Users have to determine their threat model..." Quite honestly, most people wouldn't know how. For avg users, advanced users may as well say, "We have no idea. You're own your own. Don't assume you'll be anonymous, even if you follow directions exactly for using Tor / TBB."

OK, so instead of everyone shooting down my ideas, modify them so they might work, or come up w/ other better ideas, instead of continuing to put band aids on the current technology that seems to be fraught w/ problems.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk