[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Anonymity easily thwarted by flooding network with relays?



On Thu, 18 Nov 2010 18:19:03 -0800
"Theodore Bagwell" <toruser1@xxxxxxx> wrote:

> Some of you may be aware of the paper,"Cyber Crime Scene
> Investigations (C2SI) through Cloud Computing"
> (http://www.cs.uml.edu/~xinwenfu/paper/SPCC10_Fu.pdf) which
> illustrates a feasible method of invalidating the anonymity afforded
> by Tor.

The quick answer is that this is a known active attack, and has been
documented for many years.  See the Tor design paper from 2004, 
https://svn.torproject.org/svn/projects/design-paper/tor-design.html#sec:attacks.
Specifically, 

"Run a hostile OR. In addition to being a local observer, an isolated
hostile node can create circuits through itself, or alter traffic
patterns to affect traffic at other nodes. Nonetheless, a hostile node
must be immediately adjacent to both endpoints to compromise the
anonymity of a circuit. If an adversary can run multiple ORs, and can
persuade the directory servers that those ORs are trustworthy and
independent, then occasionally some user will choose one of those ORs
for the start and another as the end of a circuit. If an adversary
controls m > 1 of N nodes, he can correlate at most ([m/N])2 of the
traffic â although an adversary could still attract a
disproportionately large amount of traffic by running an OR with a
permissive exit policy, or by degrading the reliability of other
routers."

Perhaps Roger, Nick, or Paul have a more in-depth answer.

-- 
Andrew
pgp 0x31B0974B
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/