[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] possible to identify tor user via hardware DRM?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] possible to identify tor user via hardware DRM?
From: <proper@xxxxxxxxxxxxxxx>
Date: Thu, 28 Jun 2012 12:15:47 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 28 Jun 2012 06:16:00 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=secure-mail.biz; s=default; t=1340878547; bh=cL9/H27PI84kS6FRwNmn5i6NDy2qHst8tR5Ggs9IfHc=; l=1971; h=Date:MIME-Version:Message-ID:From:Subject:Reply-To:To:In-Reply-To: References:Content-Type:Content-Transfer-Encoding; b=dkec3HLKbZjPg6nIbyOoBNkqo/F69Ph31YqfGlco9bFTvccQW+DRCT1MpG2u+U4Np sC6uPLJp17+Gd8lYIXyOCaMecNl60L8Rk8XXl3RNLcjcXZ7ylh4hFnngWaXVFtcmM4 GtL8zNHvfL48VXxx2BOcwZxynR3uN8bjf/wyA8fA=
In-reply-to: <20120628052820.GX2758@sescenties.(null)>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <108EE399-299C-40E5-80B8-69CD2E83A9B1@xxxxxxxxxx> <87mx3okrc3.fsf@xxxxxxxxxxx> <20120628052820.GX2758@sescenties.(null)>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

<schoen@xxxxxxx> wrote:
> One of the defenses people have talked about against hardware
> fingerprinting is running inside a virtual machine.  Normally,
> software inside the virtual machine, even if it's malicious,
> doesn't learn much about the physical machine that hosts the VM.
> If you always use Tor inside a VM, then even if there's a bug
> that lets someone take over your computer (or if they trick you
> into installing spyware), the malicious software won't be able
> to read much real uniqueness from the host hardware, unless
> there's also a bug in the VM software.
>
> [...]  There's probably more research to be done
> about the conditions under which VMs can be uniquely identified
> both "from the inside" by malware, and remotely by remote
> software fingerprinting, absent VM bugs that give unintended
> access to the host.

We documented, which data, malware inside a VM could collect to identify users. [1] That doesn't mean, we wouldn't be happy about sophisticated, dedicated research. However, here is a summary:

- (Apart from obvious and known, IP, DNS, (browser) fingerprinting.)
- internal LAN IP (of virtualized operating system)
- time zone (of virtualized operating system)
- username (of virtualized operating system)
- hostname (of virtualized operating system)
- mac address of virtual machine
- mac address of host (if using bridged networking) or mac address of gateway (if using virtual internal networking)
- virtual disk uuids
- Some information about the real CPU, depends on VM software. There might be options to further hide information about the CPU.
- Installed software packages.
- If you copy data into the VM: metadata.

[1] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#TorBOXsProtocol-Leak-ProtectionandFingerprinting-Protection

______________________________________________________
powered by Secure-Mail.biz - anonymous and secure e-mail accounts.

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] possible to identify tor user via hardware DRM?
  - From: Jerzy Åogiewa
- Re: [tor-talk] possible to identify tor user via hardware DRM?
  - From: Nick M. Daly
- Re: [tor-talk] possible to identify tor user via hardware DRM?
  - From: Seth David Schoen

Prev by Author: Re: [tor-talk] possible to identify tor user via hardware DRM?
Next by Author: Re: [tor-talk] How to force redirect each application through separate SocksPorts? (preventing identity correlation)
Previous by thread: Re: [tor-talk] possible to identify tor user via hardware DRM?
Next by thread: Re: [tor-talk] possible to identify tor user via hardware DRM?
Index(es):
- Author
- Thread