[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Timing attacks from a user's point of view


As the recent (and not so recent) research shows [1, 2], it is quite
possible for a low-bandwidth adversary controlling the exit node or
destination server to identify all the nodes in a circuit. If the victim
is unlucky, the further deanonymization may use a malicious entry node.
Otherwise, the attacker can measure the RTT distance between the victim
and entry node and benefit from that somehow [3].

One of the obvious methods (of yet unclear efficiency) to mitigate the
issue is introducing of high variance random delays at the routers. As I
can understand, however, the Developers want to keep net delays low.
They have their reasons (the lower the delays, the larger the net and
the stronger anonymity). Nevertheless, a user is able to randomly delay
her traffic before the first router of a circuit. Does this make any

a. the user tries to decrease the reliability of the attack from [2];
she hopes that there will be more false positives and all the
measurements become less significant or take more time.

b. using the attack from [2], the adversary can make a chosen router
delay some cells for quite a long time (tens of seconds). Since such
delay variances are hardly tolerable, e.g. for web surfing, the user is
very limited in her ability to simulate a false positive.

c. the user will have an unusual delay pattern, which could suffice for
pseudonymity requirements only.

[1] Murdoch, Danezis. Low-cost traffic analysis of Tor.
[2] Evans, Dingledine, Grothoff. A practical congestion attack on Tor
using long paths.
[3] Hopper, Vasserman, Chan-Tin. How much anonymity does network latency

Thanks in advance.

http://www.fastmail.fm - A no graphics, no pop-ups email service

To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/