[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Oh boy...



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I know someone else mentioned this, but I misplaced the email:

********

- From : http://web.crypto.cs.sunysb.edu/spday/

"Simulating a Global Passive Adversary for Attacking Tor-like Anonymity
Systems
We present a novel, practical, and effective mechanism for identifying
the IP address of Tor clients. We approximate an almost-global passive
adversary (GPA) capable of eavesdropping anywhere in the network by
using LinkWidth, a novel bandwidth-estimation technique. LinkWidth
allows network edge-attached entities to estimate the available
bandwidth in an arbitrary Internet link without a cooperating peer host,
router, or ISP. By modulating the bandwidth of an anonymous connection
(e.g., when the destination server or its router is under our control),
we can observe these fluctuations as they propagate through the Tor
network and the Internet to the end-user's IP address. Our technique
exploits one of the design criteria for Tor (trading off GPA-resistance
for improved latency/bandwidth over MIXes) by allowing well-provisioned
(in terms of bandwidth) adversaries to effectively become GPAs. Although
timing-based attacks have been demonstrated against
non-timing-preserving anonymity networks, they have depended either on a
global passive adversary or on the compromise of a substantial number of
Tor nodes. Our technique does not require compromise of any Tor nodes or
collaboration of the end-server (for some scenarios). We demonstrate the
effectiveness of our approach in tracking the IP address of Tor users in
a series of experiments. Even for an under-provisioned adversary with
only two network vantage points, we can accurately identify the end user
(IP address) in many cases. Furthermore, we show that a well-provisioned
adversary, using a topological map of the network, can trace-back the
path of an anonymous user in under 20 minutes. Finally, we can trace an
anonymous Location Hidden Service in approximately 120 minutes."

*********

I wonder if this could be true, and what exactly this all means; if it
means that pretty much anyone can jump into the role of a GPA, we're
screwed.

- --
F. Fox
AAS, CompTIA A+/Network+/Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSDR1e+j8TXmm2ggwAQhYSBAAjd86xH3G1b4zauY9V5txc59n+VAZtD3I
dih3M1LI/AthXGymIsTn7GfQIhsw9wIlBMxxs8Se0Azgdm2QIB2sQkJSwsQB8JrJ
45PV2tYOhThfZayvPNq3RLZ70rlWum654IYbh5VYh1ODOENqmcg5/YLYeLORc/NE
zEkvRo2PGxKY/7V0icVyN7Q/+vwpu61Wm3Yt/D3mrHvLddh2ft3MiTqifAMRpjaj
ZbyKzcDwsMsltCKnJiz9ECNDja2FTj0x6pyQGHDO8DSnY9KXus95Brt9cjKW5yF0
Ix7wGt5V87MYFpEoWEErbHHCKU9N4zFgu4dBj8dTJFqe09eXe/FZGrKHPS7pnnNE
02FKNiafuyf7+jUQYrQFZMxi8TnjveHDcjc1w1OTx355bu3xZzVEmHR9PnG5oDWr
HpfsA13649j+vGfm+Afjvd0Yw0Db3yeYo9uDG/mJDcvyl2qI30tFwI4YggbWHgVL
6UTEk5SwPI6k1A+9IAUObrHtqqb/qQJOZy3tHx9slogI6qPJSYIUTQWgBjNZ1yJ9
C2l7t5y5JqMXQHQzZwdNRboaeIEMunedevN/zweLK5Lt308FP7JAJJHLz/f7MDLK
WN4oZEyL0LWuIlqbEPBNODgIXyicHNf2Hd+lMDOasCIc63mCaa7hlk+j73gQjH/B
lQIwdbevNBU=
=CKp7
-----END PGP SIGNATURE-----