Thus spake Paul Syverson (syverson@xxxxxxxxxxxxxxxx): > > For those who want more background, you can read more at item #1 on > > https://www.torproject.org/research.html.en#Ideas > > (I hoped to transition > > https://www.torproject.org/volunteer.html.en#Research over to that new > > page, but haven't gotten around to finishing) > > Yes. Exploring defensive techniques would be good. Unlike correlation, > fingerprinting seems more likely to be amenable to traffic shaping; > although the study of this for countering correlation (as some of us > recently published at PETS ;>) may be an OK place to build on. > Personally I still think trust is going to play a bigger role as an > effective counter than general shaping, but one place we seem to be in > sync is that it all needs more study. Yeah, though again I want to point out that what we are actually looking at when we intuitively believe fingerprinting to be easier to solve than correlation is the event rate from the base rate fallacy. Otherwise, they really are the same problem. Correlation is merely the act of taking a live fingerprint and extracting a number of bits from it, and adding these bits to the number of bits obtained from a window of time during which the event was supposed to have occurred. Or, to put it in terms of event rates, it is merely the case that much fewer potentially misclassified events happen during the very small window of time provided by correlation, as opposed to the much larger number of events that happen during a dragnet fingerprinting attempt. Any classifier needs enough bits to differentiate between two potentially coincident events. This is also why Tor's fixed packet size performs better against known fingerprinting attacks. Because we've truncated the lower 8 bits off of all signatures that use size as a feature in their fingerprint classifiers. They need to work to find other sources of bits. Personally, I believe that it may be possible to develop fingerprint resistance mechanisms good enough to also begin to make inroads against correlation, *if* the network is large enough to provide an extremely high event rate. Say, the event rate of an Internet-scale anonymity network. For this reason, I think it is very important for academic research to clearly state their event rates, and the entropy of their feature extractors and classifiers. As well as source code and full data traces, so that their results can be reproduced on larger numbers of targets and with larger event rates, as I mentioned in my other reply. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpEmKIchoKgK.pgp
Description: PGP signature