[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "Low-Resource Routing Attacks Against Anonymous Systems"

To: or-talk@xxxxxxxxxxxxx
Subject: Re: "Low-Resource Routing Attacks Against Anonymous Systems"
From: "Ringo Kamens" <2600denver@xxxxxxxxx>
Date: Sun, 25 Feb 2007 17:17:43 -0700
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Sun, 25 Feb 2007 19:17:54 -0500
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=K5PGE7VNzDIKt7uGxZfhZX0fzr63uSoRBR+HuN0y89OTcvzE+buOQ+GZc14hDzwU6abDvPJDpgOho5EHr8/NP8BToL0Z6t35e4bYye/EUJz2CTOnN3sW8i0NkEJAinkWEAJ5VUolPLBehsTJtovnjT1aqm4H2ayOH5kcHuAYqz0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=QtTEyEMyiEzAnaNzsaH0V+hf5jeBS9JD2SZVtoNKUDBronjXFBg/lBK4lfRLJHIdYokmEzrNj9Xr747KD1x6cUakLL7Ddq3b6MhigC8jl+PRQN5G/MagDDvVbYCzlYMwHvItCCug7uzgUTcKzE/uARQBLuI9ABVPZ7gZ8X6hi6Y=
In-reply-to: <45E2263F.80406@scs.carleton.ca>
References: <45E21AA8.4090801@scs.carleton.ca> <3922422b0702251531q319738c9p6330e0e53b0ae4bf@mail.gmail.com> <45E2263F.80406@scs.carleton.ca>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

You're right about the ISPs. Again, I just skimmed the article and I
saw a lot of stuff that didn't look like plain English so I assumed it
was math. It's true a smaller ISP might not control both but when you
look as these huge communication companies like ATT it seems a little
more possible. If I'm not mistaken, ATT owns more than just a /16
subnet.
Ringo Kamens

On 2/25/07, James Muir <jamuir@xxxxxxxxxxxxxxx> wrote:

Ringo Kamens wrote:
> It's very interesting and from what I can deduce, right. However, this
> isn't new news. What *is* new is that it has been proved using math
> and logic. I know that tor will eventually rise to defend this attack
> as other applications such as freenet (i2p also?) have. Another
> implication to consider of this is what if the same ISP controlled the
> entry and exit nodes?

I just skimmed the paper quickly (I'm going to give it a careful read
tomorrow), but I didn't see too much math in there ;-)  The impressive
part of the paper seemed to me to be their experimental results (albeit
using a private 66-node Tor network installed on PlanetLab).

I agree that the principles underlying the attack do not seem to be
"new".  It was already known that nodes can submit false statistics
about their uptime and bandwidth to directory authorities.  And it was
already known that if you control the entry and exit node on a circuit
you can link initiators and responders using timing analysis.  But maybe
the paper has some new things to say about the implication of those facts.

Concerning an ISP controlling both entry and exit nodes:  when Tor
clients build paths, they avoid choosing two nodes on the same /16
subnet (see path-spec.txt).  So, it does not seem that this is likely to
happen.

-James

References:
- "Low-Resource Routing Attacks Against Anonymous Systems"
  - From: James Muir
- Re: "Low-Resource Routing Attacks Against Anonymous Systems"
  - From: Ringo Kamens
- Re: "Low-Resource Routing Attacks Against Anonymous Systems"
  - From: James Muir

Prev by Author: Re: "Low-Resource Routing Attacks Against Anonymous Systems"
Next by Author: Re: ISP controlling entry/exti ("Low-Resource Routing Attacks Against Anonymous Systems")
Previous by thread: Re: "Low-Resource Routing Attacks Against Anonymous Systems"
Next by thread: Re: ISP controlling entry/exti ("Low-Resource Routing Attacks Against Anonymous Systems")
Index(es):
- Author
- Thread