[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Padding effective against simple passive end-to-end correlation attacks?
I'll make a simple example to demonstrate the point.
Alice lives in country with few Tor users. Let's take Uganda as random
example from the Tor metrics page. There are between ~40 and ~120 Tor
users per day from that country. [1] Alice likes to read a local forum
and she posts in her local dialect.
Behavior A:
Alice always starts Tor every day around the time of xx:xx:xx and checks
a forum and posts.
Behavior B:
1.) Open a Tor connection.
3.) Transfer some cover/dummy traffic. The longer the better?
4.) After some time check doing the stuff. (Ex: check mail, go on
irc, post on forum) - Or at some random days, not doing any stuff,
supposed to be hidden.
5.) Transfer more cover/dummy traffic. The longer the better?
6.) Close Tor connection.
Adversary skills:
- Forcing the country's ISP's to log when and for how long someone
connects to the Tor network.
- Surveillance of the local forum, watching the forum post time stamps.
- The adversary compares the time stamp with the the public viewable
time stamp of the forum post.
- The adversary can watch the amount of encrypted traffic between Alice
and the entry guard.
Question:
Isn't it significantly more difficult for the adversary to find out who
is behind Alice's actions, when choosing Behavior B? It gets more
difficult than just comparing time stamps?
[1]
https://metrics.torproject.org/users.html?graph=direct-users&start=2012-10-28&end=2013-01-26&country=ug&events=off#direct-users
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk