[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How to obfuscate the Tor Browser activity from the Time/Size correlation attack?

> How would you obfuscate the packets from the the Time/Size 
> correlation in this example activity:
> The user in California sends the E-Mail message from the web
> client provider, possibly 1Gmail to the 2Gmail address?
> It is said that Tor Browser working with protocol that is made to 
> send this message in 512 bytes packets. The users Internet
> provider could log and see the approximate size of the message and
> in California for example the Google working with self-owned
> Internet Provider could correlate the approximate size of the send
> to the message sent from 1Gmail to the Entry Node with the size of
> the message received by 2Gmail. Does this threat exists?

It's called an end-to-end correlation attack and is one of Tor's
initial design trade-offs *not* to do anything about it.

> Maybe the web application that could be opened in the same Tor 
> Browser next to the web mail client and that application would 
> generate some truly random traffic from some truly random
> generating server so the Internet Provider would see the all
> traffic including the random and would not be able to sufficiently
> correlate the Size? It would be wonderful if there could be such
> option in the Tor Browser. It would be awesome if the user could
> just use non-exit relaying for this purpose but not everyone is
> able to use it because of the NAT or Firewall. It looks that Time
> could not be obfuscated as easily as Size. Is the Size obfuscation
> possible within the current Tor protocol specification for the Tor
> Browser? If this kind of web application is possible and would
> obfuscate the Size from the Internet Provider? If Google is running
> the Entry Node or it is being hosted on Google, the Google would
> still be able to correlate the Size and Time?

Called padding and sometimes cover traffic. A difficult issue:

There is also a paper on about padding in anonbib:

See also:

Some terms you could use in a search engine to find older discussions.

host:lists.torproject.org end-to-end correlation attack
host:lists.torproject.org padding
host:lists.torproject.org traffic confirmation

(Or drop the "lists.")

In *theory*, high latency networks can defeat it, but they come with
problems on their own:

At the moment their is no low latency network defeating this attack.
Unfortunately, there is no real alternative to Tor (legally available
to ordinary citizen, defeating that attack, low latency tcp, access
clearnet), no competition.

I can't say, how well/if the proposed solutions work. Just gave you
some keywords and links if you are interested to read more about this.
tor-talk mailing list