On Fri, Apr 28, 2006 at 02:14:20PM -0400, Geoffrey Lewis Goodell wrote: [...] > Timing attacks are always possible in low-latency anonymity systems. > This is a theoretical limit; without increasing additional latency > (substantially degrading usability and thus the size of the anonymity > set) or adding cover traffic near the source (requiring sources to stay > connected for long periods of time, saturate their upstream link, starve > their other applications, and break the business model of their ISPs), > it is literally impossible to prevent an attacker from correlating the > timing of traffic close to the source with the timing of traffic close > to the destination. I'd like to register a small objection: while (absent countermeasures) correlation attacks work, it remains to be proven whether or not you can improve security significantly while adding only a small, tolerable, amount of padding and delay. Research on high-latency mix-nets seems to show that you can delay intersection attacks by increasing latency variability and decreasing sender-frequency variability; but nobody has done the numbers (yet, AFAIK) to tell whether these techniques are useful on the low end of the latency scale There are smart researchers with strong intuitions in either direction on this; my intuition tells me that when so many clever people disagree, more experimental results are needed. Of course, nothing like this will go into Tor in the forseeable future. We have a strong design policy: "No Voodoo." In other words, we try not to add "security" features unless someone can demonstrate that they actually improve security. (Anybody interested in doing something like this as a research project: first, check out the papers about traffic analysis on http://freehaven.net/anonbib . Many of the most 'obvious' ideas don't work as well as you'd think they would; many of the recent traffic-analysis techniques work better.) -- Nick Mathewson
Attachment:
pgpvgQLObEFqr.pgp
Description: PGP signature