[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] on the topic of tor's weaknesses
Here is a paper of mine on TCP Performance in Flow-Based Mix Networks:
If you are interested in why Tor performance is still not super, you an
refer to http://www.cs.uml.edu/~xinwenfu/paper/IPDPS08_Fu.pdf.
There are many other brilliant works on the performance problem.
On Sat, Feb 25, 2012 at 9:31 PM, Xinwen Fu <xinwenfu@xxxxxxxxx> wrote:
> That is a lot of thinking. Many of the problems have been discussed
> before. If you look at the bibliography on mixes, there are a lot of
> discussions. Here is one of my papers on mixes:
> http://www.cs.uml.edu/~xinwenfu/paper/fu_icdcs05.pdf. An adversary may
> choose different ways for correlation and attacks.
> What Tor achieves is phenomenal. It works against many attacks. Tor
> performance has been improving. I'm saying this because a workable system
> is not easy. For example, changing packet orders may not be a good idea. It
> may not help much on security, but will deteriorate the TCP performance Tor
> relies on. TCP is very sensitive to packet ordering errors.
> Indeed, there are still a lot of things we don't know for sure. However,
> at least Tor is over there and you can test it on the real one or a private
> Xinwen Fu
> On Sat, Feb 25, 2012 at 3:49 PM, Joe Btfsplk <joebtfsplk@xxxxxxx> wrote:
>> On 2/25/2012 12:41 PM, Xinwen Fu wrote:
>>> An attack may only work under its own threat model (capabilities and
>>> resources an adversary has). If entries and exit are all secure, some
>>> correlation attacks may not work. However, if the adversary can still
>>> observe (not need to compromise Tor routers) the traffic into and out of
>>> entries and exits, some attacks may still work, e.g., by correlating the
>>> traffic patterns at the two sides of a circuit. Here is a paper
>>> such possibility:
>>> Hope it helps a bit.
>>> Xinwen Fu
>> Thanks for the link, Xinwen. I have a more basic question regarding the
>> original question of adversaries somehow getting access to BOTH entry &
>> exit nodes, that lots of users probably are curious about. Re: getting
>> enough data (even if they could break encryption, if using * SSL *) to do
>> any good. Since Tor / Vidalia changes nodes often (is it at least every 10
>> min, at most? - & more often if a circuit fails), could an adversary get
>> enough data about ONE user to do any good?
>> In this case, is the threat that the adversary will ONLY be able to
>> identify that one is USING Tor network (not capture the actual data
>> transferred), assuming they have access to the * originating IP address,*
>> going to the entry node AND also to the exit node? I suppose (for now),
>> adversaries in repressive countries determining that one is USING Tor is a
>> big problem. Not so much in "free" societies, but that could change.
>> What effect, if any, would Tor changing relays more frequently than the
>> current default time, have on ability of adversaries tracking users (in a
>> meaningful manner) from entry to exit nodes?
>> In Tor network, does the data packet size & order, in & out of entry or
>> exit nodes necessarily HAVE to be the same? Would it be possible to make
>> the in & out packet sizes different sizes, or mix the order of packets at
>> an exit vs entry node? (I don't know the technicality of how this would
>> work). If you d/l a torrent (as an example), you don't receive the file
>> pieces in order. Is it theoretically possible the Tor network could
>> develop a way to mix up the packets (of a file), within the network, so
>> that even if an adversary had complete access to a given entry & exit
>> node(s), the data going in one end could never be matched w/ data coming
>> out? (don't answer too quickly! Never say never)
>> This is also somewhat similar in concept to the old data correction
>> process, where pieces of a file might be re transferred (due to
>> corruption), much later in the d/l process, after most of the file was
>> already downloaded.
>> The theoretical concept I'm pondering is, could all pieces of data
>> transmission through Tor be scrambled (the order and / or size) on purpose?
>> Adversaries generally can't read the actual data because of encryption (if
>> I understand). If there was also no correlation of packets (to an outside
>> observer) at one end vs the other, how could they ever track a user by
>> traffic analysis? Adversaries would theoretically have to monitor ALL
>> relays, ALL of the time.
>> Even then, how would they track a user, end to end, if the packet order
>> is purposefully & randomly jumbled within the network? It seems that the
>> current Tor network model will come under ever increasing attacks /
>> monitoring & needs to change the fundamental way it operates.
>> To some avg users, it might seem there is no way around a determined
>> adversary determining they are using Tor (with current Tor network
>> If an ISP sets up an entry relay or bridge & exit relay, you could be
>> If a user goes through a proxy to Tor, and an adversary runs the proxy
>> (how do we really know?), you could be screwed.
>> I could go on & on w/ scenarios. Lots of people throw around the phrase,
>> "Users have to determine their threat model..." Quite honestly, most
>> people wouldn't know how. For avg users, advanced users may as well say,
>> "We have no idea. You're own your own. Don't assume you'll be anonymous,
>> even if you follow directions exactly for using Tor / TBB."
>> OK, so instead of everyone shooting down my ideas, modify them so they
>> might work, or come up w/ other better ideas, instead of continuing to put
>> band aids on the current technology that seems to be fraught w/ problems.
>> tor-talk mailing list
tor-talk mailing list