[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: possible security hole(unsure)(really minor)



I think a lot of people are using an out-of-date or incomplete spec.
is there a site with all the specs?


On 4/12/06, Paul Syverson <syverson@xxxxxxxxxxxxxxxx> wrote:
> On Wed, Apr 12, 2006 at 03:06:24PM -0400, Watson Ladd wrote:
> > Its possible that a client picks two servers that don't currently have a
> > connection or have a connection with no other traffic between them to form a
> > hop. This results in complete lossage as only one client is sending data
> > through the connection, eliminating the security of that hop against timing
> > attacks. Do I have this wrong or is this a real issue?
>
> Both. Tor does not get security from mixing of traffic at a node but
> from the low probability that there is no attacker observing both
> endpoints of a Tor connection. While some trivial attacks are thwarted
> by the presence of other traffic through the same node, for the most
> part timing attacks can easily separate it. This was expected and
> described in the Tor design paper, and indicated in simulation
> elsewhere.  It has now been empirically shown for at least for hidden-server
> connections on the Tor network, cf.,
> http://www.onion-router.net/Publications.html#locating-hidden-servers
>
> Note that the latest versions of Tor are not vulnerable to the described
> attacks because of countermeasures implemented earlier this year.
>
> Relatedly, see last year's "Low-Cost Traffic Analysis of Tor"
> available at http://freehaven.net/anonbib/
>
> The attacks in that paper only identify the Tor node endpoints not the
> client, and only when a client visits a hostile web site. And the
> attacks were conducted when the network was less than a tenth its
> current size; it is an open question if they would scale to the
> current network.  Nonetheless, these two papers illustrate that one
> should not be thinking of Tor as a sort of mixnet, as it is often
> described, because that conveys an impression of mix-based security
> that Tor does not provide.
>
>
> -Paul
>
>


--
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin