[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Padding effective against simple passive end-to-end correlation attacks?

I'll make a simple example to demonstrate the point.

Alice lives in country with few Tor users. Let's take Uganda as random
example from the Tor metrics page. There are between ~40 and ~120 Tor
users per day from that country. [1] Alice likes to read a local forum
and she posts in her local dialect.

Behavior A:
Alice always starts Tor every day around the time of xx:xx:xx and checks
a forum and posts.

Behavior B:
1.) Open a Tor connection.
3.) Transfer some cover/dummy traffic. The longer the better?
4.) After some time check doing the stuff. (Ex: check mail, go on
irc, post on forum) - Or at some random days, not doing any stuff,
supposed to be hidden.
5.) Transfer more cover/dummy traffic. The longer the better?
6.) Close Tor connection.

Adversary skills:
- Forcing the country's ISP's to log when and for how long someone
connects to the Tor network.
- Surveillance of the local forum, watching the forum post time stamps.
- The adversary compares the time stamp with the the public viewable
time stamp of the forum post.
- The adversary can watch the amount of encrypted traffic between Alice
and the entry guard.

Isn't it significantly more difficult for the adversary to find out who
is behind Alice's actions, when choosing Behavior B? It gets more
difficult than just comparing time stamps?

tor-talk mailing list