Re: Torbutton Documentation - Adversary Capabilities. - fork: Normalization of XHR requests

[Paul Syverson <syverson@xxxxxxxxxxxxxxxx>]

On Tue, Jul 13, 2010 at 05:30:27PM +0100, Anon Mus wrote:
> Paul Syverson wrote:
>> Tor doesn't do any batching or delaying.  This is just another way you
>> could be identified by timing attacks. Tor provides no resistance to
>> timing attacks, and so far there are no countermeasures that have
>> been identified as working against a passive, much less active, adversary
>> without imposing unacceptably high overhead or limitations.
> Since Tor's inception (must be getting ion for 10 years now) it has been 
> getting faster year after year, this is due to network  speed and bandwidth 
> increases, which have been about a 200 fold (e.g. speeds of 100+Kbps max 
> 2003 to 20+Mbps today).
>
> OK, there have been some increases in  web page byte size but it not more 
> than 10 fold.
>
> That means a real speed increase of at least 10 fold. So perhaps Tor 
> developers should start putting in some "timing attack" protection. It 
> seems to me that the time is right. What is holding them back? Are they 
> afraid of global big brother complaining they cannot identify users at 
> will? Anonymous should mean anonymous, no?
>

Even assuming your description of the evolution of Tor network
communication processing is correct, I don't understand what increase
in network speed (throughput?) or bandwidth have to do with making it
more feasible to protect against timing attacks. Faster networks
should just make timing attacks more effective, and we know that we
were already unable to do anything useful when such attacks were less
effective.

People should continue to work on this hard research problem.  (I
myself have a paper on it to be presented in the Privacy Enhancing
Technologies Symposium next week, "Preventing Active Timing Attacks in
Low-Latency Anonymous Communication ".) But as the blog post I pointed
at noted, nobody has yet made a suggestion that clearly improves the
situation (even in theory) and would clearly be feasible and practical
to deploy on the Tor network as it stands.

And just as there is no such thing as a secure system---only systems
secure against a given adversary conducting a given class of attack
provided that the implementation, deployment and environment satisfy
certain assumptions, so to there is no such thing as an anonymous
system. In that sense, the answer is no, "anonymous" should not mean
anonymous, or rather it depends what _you_ mean by anonymous and a
whole bunch of other things that must be stated.

HTH,
Paul
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/