[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)
From: Geoffrey Goodell <goodell@xxxxxxxxxxxxxxxx>
Date: Fri, 28 Apr 2006 14:14:20 -0400
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Fri, 28 Apr 2006 14:14:25 -0400
In-reply-to: <71cd4dd90604280951y165ee186md059f61003a41b44@mail.gmail.com>
References: <71cd4dd90604280439w25c5a059la8a2f6a89c78e343@mail.gmail.com> <44520152.80200@ml1.net> <71cd4dd90604280517l57e11731x9d8148ed29d7f968@mail.gmail.com> <44521833.9080309@ml1.net> <71cd4dd90604280847k483f99a1x38f7ee71e8164500@mail.gmail.com> <20060428155424.GG10635@moria.seul.org> <44524025.5040007@ml1.net> <71cd4dd90604280951y165ee186md059f61003a41b44@mail.gmail.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i

On Fri, Apr 28, 2006 at 12:51:35PM -0400, Anthony DiPierro wrote:
> Well, if it only takes 2 compromised nodes in a circuit to compromise
> that circuit, then Tor isn't really useful for anything other than
> keeping your IP address out of server logs.  That's fine, as that's
> all I use Tor for anyway, and it works well for that limited purpose. 
> I just thought there was more potential.

Timing attacks are always possible in low-latency anonymity systems.
This is a theoretical limit; without increasing additional latency
(substantially degrading usability and thus the size of the anonymity
set) or adding cover traffic near the source (requiring sources to stay
connected for long periods of time, saturate their upstream link, starve
their other applications, and break the business model of their ISPs),
it is literally impossible to prevent an attacker from correlating the
timing of traffic close to the source with the timing of traffic close
to the destination.

That said, Tor does what it can to eliminate identifying characteristics
of the traffic; for example, it ensures that all cells are the same
size.

The reason for three hops rather than two is that in the case of two
hops, an attacker in the vicinity of the source will be able to succeed
if he controls the second hop, or an attacker in the vicinity of the
destination will be able to succeed if he controls the first hop.  In
the case of three hops, an attacker in the vicinity of the first hop
will need to explicitly coordinate with an attacker in the vicinity of
the last hop in order to succeed.  Such coordination is a statistical
attack at this point; further increasing the number of hops provides no
qualitative advantage.

> Anyway, as I've said in my other post, I need to delve a lot deeper
> into the design information.  I should probably build my own client
> while I'm at it - to really understand what's going on.

Good luck with the client.  Let us know if you manage to circumvent any
theoretical limitations.

Thanks,

Geoff

Attachment: signature.asc
Description: Digital signature

Follow-Ups:
- Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)
  - From: glymr
- Mid-Latency [Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)]
  - From: Nick Mathewson

References:
- Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)
  - From: Anthony DiPierro
- Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)
  - From: glymr
- Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)
  - From: Anthony DiPierro
- Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)
  - From: glymr
- Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)
  - From: Anthony DiPierro
- Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)
  - From: Roger Dingledine
- Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)
  - From: glymr
- Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)
  - From: Anthony DiPierro

Prev by Author: Re: How to define DNS name?
Next by Author: Re: Cover Traffic
Previous by thread: Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)
Next by thread: Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)
Index(es):
- Author
- Thread