[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: fingerprinting
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 5 Mar 2005, jeff wrote:
> As many of you have probably seen, some CAIDA folks have come up
> with a method for fingerprinting machines on the 'net by
> calculating the box's clock skew.
>
> Since the express purpose of tor is to allow people to use the
> Internet anonymously, this could be a direct "attack" on tor.
>
> Thinking about it a bit, it appears to me that tor is not vuln
> to this as the "fingerprintee" would only be susceptible during
> it's first hop to the tor entry server. The middle & exit
> servers would then change the timestamp to their /own/
> timestamp and then send that to the final web server.
>
> Am I looking at this correctly? Does tor mitigate these
> fingerprint attacks?
>
> That said, are their any other suggestions for preventing these
> types of fingerprinting?
>
> http://www.caida.org/outreach/papers/2005/fingerprinting/
> http://www.zdnet.com.au/news/security/0,2000061744,39183346,00.htm
> http://it.slashdot.org/article.pl?sid=05/03/04/1355253 ok, i'm a
> bit embarassed to be linking to slashdot... ;)
the abstract states that they can give a _probability_ that two clients
are the same, if it is "tens of milliseconds away"
when I checked this morning (using privoxy)
http_proxy=http://localhost:8118 time lynx -source http://lsmod.de/
gave 0:01.29 which is 1290 ms. retries showed variation by hundreds ms.
so IMHO this random delay should protect from such timing attacks.
-----BEGIN PGP SIGNATURE-----
iD8DBQFCLXW4STYLOx37oWQRAlj4AKCv5YyWbBINqTKwKdlJKhRjdUTzDQCeM4GA
e+WJ0qWFPMJIaaXZCpvog7s=
=8VfE
-----END PGP SIGNATURE-----