[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: concurrent circuits for traffic fragmentation



On Thu, Jun 3, 2010 at 11:38 PM, Brian Szymanski <ski@xxxxxxxxxxxxx> wrote:
> ... But wouldn't your proposal open tor up to further timing attacks and
> other sorts of analysis - in other words, it's easier to notice N new
> circuits going between two nodes than it is to notice one.

It would multiply exposure to those traffic confirmation attacks, but
I'm not sure their accuracy would improve. I suppose that problem
would have to be solved first. (I have one idea regarding this that I
hope to elaborate on once I gain some understanding.)

Unless, given a minimum amount (time-wise) of traffic that must be
observed to make a decent correlation, one is careful to have chunks
of traffic not exceed that limit? Have there been studies done in that
regard?

> ... And there's no reason to expect that fragmentation is significantly
> useful in terms of making endpoint connections less insecure - sniffing
> the first packet of a ssh connection is more than enough. Leaking half
> of a classified document is not necessarily significantly better than a
> whole classified document.  Etc. Perhaps if you gave every byte in the
> connection a different route, you would do ok, but performance would be
> unusable, if the packets even made it through.

That's true. The second half of the hypothetical PDF file wouldn't be
of much use, but the very first chunk would have a value up to that of
the whole file. Especially considering things like email data...

But there would at least be the benefit of frustrating automated
sniffing, which I imagine is what's going on in all but very targeted
attacks. It would downgrade those scenarios to requiring a minimum of
human interaction.

> In short, tor does not and IMO should not try to eliminate the need for
> encrypted protocols like ssh and https. This doesn't seem like a win to me.

It still wouldn't eliminate that need, but I think Tor shouldn't be
content with warning users of the risks. There has to be some way to
make obsolete sniffing on exit nodes...

> Or am I missing something?

No, you're correct. ; ) But if someone can think of improvement to the
shortcomings you mentioned, I think there is potential to such an
approach.

-- 
Mansour Moufid