[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Netflow analysis breaks Tor

On Fri, Nov 14, 2014 at 7:42 PM, Roger Dingledine <arma@xxxxxxx> wrote:
> On Fri, Nov 14, 2014 at 06:20:16PM -0500, grarpamp wrote:
>> Professor Sambuddho Chakravarty, a former researcher at Columbia
>> http://thestack.com/chakravarty-tor-traffic-analysis-141114
>> https://mice.cs.columbia.edu/getTechreport.php?techreportID=1545&format=pdf
> I put up a few pointers here for readers to get up to speed:
> https://blog.torproject.org/blog/traffic-correlation-using-netflows
> There sure are a lot of things going on in Tor-land these days, but I
> don't think this has much to do with any of the other recent stories.
> Rather, some journalist thought this would be a great time to drop
> another story.
> In summary, it's great to see more research on traffic confirmation
> attacks, but a) traffic confirmation attacks are not a new area so don't
> freak out without actually reading the papers, and b) this particular one,
> while kind of neat, doesn't supercede all the previous papers.

'Tor Stinks', well yes, both in:
- how hard it is to for adversaries to attack using certain methods
- how poorly it defends against other methods of attack

If your threat model is the former, use with confidence.
If your threat model is the latter, stop using it.

[Of course there's a broad middle area too.]

I'd suggest it's entirely appropriate to freak out whenever any
attack appears that forces you to transition from the former category
[closer] to the latter. Particularly if it can be applied ex post
facto, such as through analysis of recorded traffic.

The piling on of similar papers may be redundant, but the message
regarding particular threat models is not.

Even with attacks with relatively high false positive rates that
also have a much greater true positive rate, adversaries in places
that don't have restrictions on such errormaking will simply round
everyone up. In that sense, they are valid messages too.

Speaking of what stinks and what can be used, where, and against

Tor does a lot of research, it should put up a simple checklist
matrix page for that... attacks and uses it's good for, and those
it isn't. Link it to relevant sets of papers. And include in the
matrix comparisons to other projects like Freenet, I2P, Retroshare,
mailmixes, etc. The anonbib's of the various projects are good for
developers, but users need to see a much simpler one page matrix
on a wiki. No reason other projects can't contribute there as well.
Giving and taking comparisons is part of doing it better.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to