[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Traffic shaping attack

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Traffic shaping attack
From: Oskar Wendel <o.wendel@xxxxx>
Date: Fri, 18 Mar 2016 23:48:04 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 18 Mar 2016 19:48:28 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Let's assume that a global adversary sets up (or seizes) a hidden service 
with illegal content and wants to deanonymize users who download this 
content from this service.

Users are educated, use only trusted, newest software and have all plugins 
disabled.

We all know about traffic correlation attacks. But let's take it further.

Let's set up a service in a way that it will modulate the traffic, so the 
download would look like:

Few seconds - maximum traffic speed
Few seconds - download completely stopped
Few seconds - again, maximum traffic speed
Few seconds - again, download completely stopped

Then, we monitor traffic flowing into various entry nodes (remember we're 
a global adversary, having direct access to infrastructure around the 
globe) and spot the traffic that matches our pattern.

Traffic fluctuations are normal and common, but fixed sequence of 
interrupts in proper times is absolutely unique.

Seems possible? Seems probable?

- -- 
Oskar Wendel, o.wendel@xxxxxxxxxxxxxxxxx
Pubkey: https://pgp.mit.edu/pks/lookup?search=0x6690CC52318DB84C
Fingerprint: C8C4 B75C BB72 36FB 94B4 925C 6690 CC52 318D B84C
-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJW7JOxAAoJEGaQzFIxjbhMOKwIALCNpacHME11xF7o3CycaYHv
+agBNRmhmsSWlwb5gMs/IIUEOINYD2j5MfK1/SsfKcTqa6UQZsEtwvMRqGbJWO77
hMRaZ3fLSMrvB8fWUSWDTG40rViqNNd5e+hC+aCVpI6FAbHBXmZbIPIgrRo6BXWj
AhHb19IvHokYKnDnV02W0UDD6pCXRztEiEDB3cUVzj/MAnPizufxa/lHNH1QsW+C
z8ZoifT7Sn6fNDi7qA9B76XcQPbQdQHz+mK8QutgRB9IhN98LAfAzoNM1cUmYLbJ
JiO9Hgf6aliwsevX4kDSCGxuhd5nXKw2+VdpjZzIkMzxOY6a7St/CUYSdWrKIQI=
=XlNO
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Traffic shaping attack
  - From: coderman
- Re: [tor-talk] Traffic shaping attack
  - From: grarpamp
- Re: [tor-talk] Traffic shaping attack
  - From: Oskar Wendel

Prev by Author: [tor-talk] tor-onions on gmane
Next by Author: Re: [tor-talk] tor-onions on gmane
Previous by thread: Re: [tor-talk] Invalid consensus today
Next by thread: Re: [tor-talk] Traffic shaping attack
Index(es):
- Author
- Thread