[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] on the topic of tor's weaknesses

That is a lot of thinking. Many of the problems have been discussed before.
If you look at the bibliography on mixes, there are a lot of discussions.
Here is one of my papers on mixes:
http://www.cs.uml.edu/~xinwenfu/paper/fu_icdcs05.pdf. An adversary may
choose different ways for correlation and attacks.

What Tor achieves is phenomenal. It works against many attacks. Tor
performance has been improving. I'm saying this because a workable system
is not easy. For example, changing packet orders may not be a good idea. It
may not help much on security, but will deteriorate the TCP performance Tor
relies on. TCP is very sensitive to packet ordering errors.

Indeed, there are still a lot of things we don't know for sure. However, at
least Tor is over there and you can test it on the real one or a private


Xinwen Fu

On Sat, Feb 25, 2012 at 3:49 PM, Joe Btfsplk <joebtfsplk@xxxxxxx> wrote:

> On 2/25/2012 12:41 PM, Xinwen Fu wrote:
>> Chris,
>> An attack may only work under its own threat model (capabilities and
>> resources an adversary has). If entries and exit are all secure, some
>> correlation attacks may not work. However, if the adversary can still
>> observe (not need to compromise Tor routers) the traffic into and out of
>> entries and exits, some attacks may still work, e.g., by correlating the
>> traffic patterns at the two sides of a circuit. Here is a paper describing
>> such possibility:
>> http://www.cs.uml.edu/~**xinwenfu/paper/TorCellSize_**ICC11_Fu.pdf<http://www.cs.uml.edu/%7Exinwenfu/paper/TorCellSize_ICC11_Fu.pdf>
>> .
>> Hope it helps a bit.
>> Xinwen Fu
> Thanks for the link, Xinwen.  I have a more basic question regarding the
> original question of adversaries somehow getting access to BOTH entry &
> exit nodes, that lots of users probably are curious about.  Re:  getting
> enough data (even if they could break encryption, if using * SSL *) to do
> any good.  Since Tor / Vidalia changes nodes often (is it at least every 10
> min, at most? - & more often if a circuit fails), could an adversary get
> enough data about ONE user to do any good?
> In this case, is the threat that the adversary will ONLY be able to
> identify that one is USING Tor network (not capture the actual data
> transferred), assuming they have access to the * originating IP address,*
> going to the entry node AND also to the exit node?  I suppose (for now),
> adversaries in repressive countries determining that one is USING Tor is a
> big problem.  Not so much in "free" societies, but that could change.
> What effect, if any, would Tor changing relays more frequently than the
> current default time, have on ability of adversaries tracking users (in a
> meaningful manner) from entry to exit nodes?
> In Tor network, does the data packet size & order, in & out of entry or
> exit nodes necessarily HAVE to be the same?  Would it be possible to make
> the  in & out packet sizes different sizes, or mix the order of packets at
> an exit vs entry node?  (I don't know the technicality of how this would
> work).  If you d/l a torrent (as an example), you don't receive the file
> pieces in order.  Is it theoretically possible  the Tor network could
> develop a way to mix up the packets (of a file), within the network, so
> that even if an adversary had complete access to a given entry & exit
> node(s), the data going in one end could never be matched w/ data coming
> out?  (don't answer too quickly!  Never say never)
> This is also somewhat similar in concept to the old data correction
> process, where pieces of a file might be re transferred (due to
> corruption), much later in the d/l process, after most of the file was
> already downloaded.
> The theoretical concept I'm pondering is, could all pieces of data
> transmission through Tor be scrambled (the order and / or size) on purpose?
>  Adversaries generally can't read the actual data because of encryption (if
> I understand).  If there was also no correlation of packets (to an outside
> observer) at one end vs the other, how could they ever track a user by
> traffic analysis?  Adversaries would theoretically have to monitor ALL
> relays, ALL of the time.
> Even then, how would they track a user, end to end, if the packet order is
> purposefully & randomly jumbled within the network?  It seems that the
> current Tor network model will come under ever increasing attacks /
> monitoring & needs to change the fundamental way it operates.
> To some avg users, it might seem there is no way around a determined
> adversary determining they are using Tor (with current Tor network
> technology).
> If an ISP sets up an entry relay or bridge & exit relay, you could be
> screwed.
> If a user goes through a proxy to Tor, and an adversary runs the proxy
> (how do we really know?), you could be screwed.
> I could go on & on w/ scenarios.  Lots of people throw around the phrase,
> "Users have to determine their threat model..."  Quite honestly, most
> people wouldn't know how.  For avg users, advanced users may as well say,
> "We have no idea.  You're own your own.  Don't assume you'll be anonymous,
> even if you follow directions exactly for using Tor / TBB."
> OK, so instead of everyone shooting down my ideas, modify them so they
> might work, or come up w/ other better ideas, instead of continuing to put
> band aids on the current technology that seems to be fraught w/ problems.
> ______________________________**_________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talk<https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
tor-talk mailing list