[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: leaker-optimized versions of Tor
On Wed, Dec 8, 2010 at 10:11 AM, Mitar <mmitar@xxxxxxxxx> wrote:
> Hi!
>
>> Relaxing the realtime constraint, adding random delays, more
>> hops and also chaff trafic in a Tor derivate would arguably
>> make such attacks more difficult.
>
> I am asking just about more hops. Why would more hops be necessary? It
> is enough that one node introduces random delay and this is it?
It is strictly necessary that the bad guy not control 100% of the
forwarding nodes.
On a realtime onion network anonymity is bounded by timing attacksâ
even if you could tolerate the delay of having a zillion middle nodes
the attacker could just watch the entrances an exits and correlate
timing. So adding a great many hops would not significantly increase
security.
A mix network can tolerate higher delays and, hopefully, eliminates
the timing attacks. So additional hops can be beneficial.
The down side is increased vulnerability to DOS attacks if flooders
can generate cheap round-the-world messages.
The creating a hidden service based overlay network, as was suggested
here by Karsten N., was what I thought when I read the threadâ but I
was concerned that if the network identity of all/most of the nodes is
hidden that an attacker could spin up thousands of fake mix nodes
without even needing a lot of network resources. They could make it
far more likely that all your hops were controlled by one party.
Although the risk exists for non hidden service based designs, it's
probably much easier with an anonymity layer in between. Any design
using hidden services would specifically need to address this risk.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/