[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Who said it takes hours of latency to fix anonymity?

Subject: Re: [tor-talk] Who said it takes hours of latency to fix anonymity?
From: Juan <juan.g71@xxxxxxxxx>
Date: Tue, 17 Feb 2015 16:42:44 -0300
Cc: tor-talk@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 17 Feb 2015 14:40:08 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:cc:subject:in-reply-to:references:mime-version :content-type:content-transfer-encoding; bh=ETorwaNFQ3yg7XXibJAQp7gfuGhpmOlPpV48DDM0N3E=; b=n9OtaIuh/oY+Ss3GlQHxG/YiDPktUDOU7Dy0abo/q2J9Gk8V5XVGFM6GKCLe1c8yye ba7ik/SuLxr/MXXbFynTNmSXB92QWCEU74e1ZhskdGpXv33dR1GeMmQTbmj4dvEtZVG6 HdYWnQGnDWiG55OMweF1ef+4RrFKHIedDFTrBygyia1VGeea6aRgPnVcq8Vt7mJ/di1H k5xXv0f6wzOkLAgdzfFl0SXMQan9/6Fzxawm11z5qYbvKEpEA+Zornb6poDmBjOLViUT iacrXg8lmUQwWk2UJf5BcACzD5YFTk22Gv6geHmYWAEYUViNK/O05Orn6gm0sc6mrk0w cjkg==
In-reply-to: <20150215112731.GN37920@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20150215105508.GA27216@xxxxxxxxxxxxx> <20150215112731.GN37920@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Sun, 15 Feb 2015 06:27:31 -0500
Roger Dingledine <arma@xxxxxxx> wrote:

> On Sun, Feb 15, 2015 at 11:55:09AM +0100, carlo von lynX wrote:
> > I'm sorry to disturb with this, but I am being confronted with
> > hearsay about Roger D. having said that it would take latencies
> > in the order of hours to fully make communications impossible
> > to shape and correlate. And that hearsay is being purported as
> > generic for any kind of anonymization network. To me, if it is
> > true, this only makes sense applied to Tor's low latency approach
> > of things. A system that uses shaping-resistant fixed size packets
> > would not need latencies in the order of hours to be provably
> > successfully anonymizing even in the face of a pervasive global
> > attacker, and I presume several papers in anonbib propose viable
> > strategies concerning that. They are just too many to pick one to
> > start from. Am I missing a clue? I am so embarrassed to ask this,
> > I don't even feel like mailing Roger about it. I prefer having 
> > more advanced questions to ask.
> 
> It's actually worse than that -- we have no idea.
> 
> I'd love to have a graph where the x axis is how much additional
> overhead (latency, bandwidth, whatever) we're willing to add, and the
> y axis is how much additional security (anonymity, privacy, whatever)
> we can get.
> 
> Currently we have zero data points for this graph.



	Isn't that interesting? 

	There's a whole 'industry' of 'academics'  getting millions in
	grants for 'researching' stuff and doing 'science', and yet
	they don't provide any useful data. Interesting and cute. 





> 
> The NRL folks have a fun paper on how to turn a defense against
> passive timing attacks into a defense against active timing attacks:
> http://freehaven.net/anonbib/#active-pet2010
> But you have to have a defense against passive timing attacks or their
> paper isn't useful to you yet.
> 
> On the 'bad news' side, check out
> http://freehaven.net/anonbib/#e2e-traffic
> which shows reasonable scenarios against high-latency anonymity
> systems where the anonymity breaks down over time against a passive
> observer.
> 
> Such attacks work especially well against a world where you have
> "users" and you have "mixes", and the users don't participate
> consistently for the entire existence of the system.
> 
> I've always been fond of
> http://freehaven.net/anonbib/#drac-pet2010
> as an example of what you can do if all your users are mixes and no
> users need to send or receive much traffic. But that paper also comes
> with many hidden assumptions, so be careful thinking the next step is
> to just build it.
> 
> On the 'good news' side, consider that with millions of traffic flows,
> maybe you just have to drive the false positives up a little bit, and
> suddenly an attacker with only a partial view of the system can't
> trust his conclusions: see the "More precisely, it's possible that
> correlation attacks don't scale well because" paragraph in
> https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters
> 
> The PETS conference is where it's at in terms of progress so far. But
> it's been a while since things have moved forward. One next step might
> be to try to rephrase the question into something that somebody can
> answer better.
> 
> --Roger
> 

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Who said it takes hours of latency to fix anonymity?
  - From: Andreas Krey

References:
- [tor-talk] Who said it takes hours of latency to fix anonymity?
  - From: carlo von lynX
- Re: [tor-talk] Who said it takes hours of latency to fix anonymity?
  - From: Roger Dingledine

Prev by Author: Re: [tor-talk] Fwd: I Encourage Everyone, Right Here And Now, To Donate Money To His Three Main Security Programs, Which He Uses The Most!
Next by Author: Re: [tor-talk] Who said it takes hours of latency to fix anonymity?
Previous by thread: Re: [tor-talk] Who said it takes hours of latency to fix anonymity?
Next by thread: Re: [tor-talk] Who said it takes hours of latency to fix anonymity?
Index(es):
- Author
- Thread