[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: a serious TOR adversary?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Thus spake Bernardo Bacic, on 5/21/08 6:45 AM:
| This link http://web.crypto.cs.sunysb.edu/spday/ contains a summary
| description of a possible TOR threat.
|
| Does anyone have more details? opinions?
|
|
| (apologies if this has been discussed before, i read the list only as
| much as time permits)

"Although timing-based attacks have been demonstrated against
non-timing-preserving anonymity networks, they have depended either on a
global passive adversary or on the compromise of a substantial number of
Tor nodes."

Incorrect: Steven J. Murdoch. "Hot or Not: Revealing Hidden Services by
their Clock Skew"; Nicholas Hopper, Eugene Y. Vasserman, and Eric
Chan-Tin. "How much anonymity does network latency leak?".
(Full disclosure: I'm one of the authors of the second paper).

"Furthermore, we show that a well-provisioned adversary, using a
topological map of the network, can trace-back the path of an anonymous
user in under 20 minutes."

Most Tor circuits only live a maximum of 10 minutes, no? I never figured
out just how much of hard limit this is. Can an application ask to keep
the circuit longer? Can someone in the know clue me in?

Eugene

- --
Eugene Y. Vasserman
Ph.D. Candidate, University of Minnesota
http://www.cs.umn.edu/~eyv/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iFcDBQFINKaNb9W6r3tKSVIRCM/tAQCRNkxdA6p11nA1l8m0ttai5hy/pGSVskEw
wo+gU3YLZQD/SwAFV3st15ef8sSMzVo6DzvreorCchgioceDewg/7Yo=
=mzDl
-----END PGP SIGNATURE-----