[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Anonymity easily thwarted by flooding network with relays?

Some of you may be aware of the paper,"Cyber Crime Scene Investigations
(C2SI) through Cloud Computing"
(http://www.cs.uml.edu/~xinwenfu/paper/SPCC10_Fu.pdf) which illustrates
a feasible method of invalidating the anonymity afforded by Tor.

For those who are not, the approach is this: Someone with a lot of
money, such as a government, uses cloud computing to release a veritable
army of Tor relays into the Tor network. The number of legitimate Tor
relay nodes in the network is dwarfed by those under the government's
control. The chances of your Tor client choosing a government-controlled
("evil") Tor node when building a circuit increase to 99/100. Since one
entity (the government) controls the evil relay nodes, and 2 or 3 of the
three relay nodes in your circuit are evil; chances are you have no
anonymity left to speak of.

Does anyone have any comments on this paper? Any reassurance? Frankly,
this is scary.

I nominate this paper as a founding reason why Tor should permit users
to increase the number of relay nodes used in each circuit above the
current value of 3...


  Theodore Bagwell

http://www.fastmail.fm - The professional email service

To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/