Re: same first hops

To: or-talk@xxxxxxxxxxxxx

Subject: Re: same first hops

From: M <moeedsalam@xxxxxxxxx>

Date: Thu, 9 Oct 2008 06:50:49 +0300

Delivered-to: archiver@xxxxxxxx

Delivered-to: or-talk-outgoing@xxxxxxxx

Delivered-to: or-talk@xxxxxxxx

Delivery-date: Wed, 08 Oct 2008 23:50:54 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=YhOhcZnOsSKDqAKAo399FZ21rLMct1DVXRwncw7Y5I0=; b=OGz7PLNHCUufe7YQTcMJhsvkYP/7efAwYHzuqIrdMIV5j3AyVMBJQBj/Lr7lTe4J1k 5nSUe9C0E6dWwJuqh4qObaChYvpOVrU7gt6yhntkzHfN+hz1Wif/Mix7cZ9SZbxywGE2 gHzIoQVoM3nsc4xJY8WPiyHtVhhV5E19yureQ=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=NbD7T9zd4NuaC2z0rpVAyqlBMIGYB4sQu4rHtAlDt4lzeWcquktxWM7T6GgGFJuRf2 nevXZK7FJ2ogjjjpTqYFJnW0QVcDbj9VWvZHAj4gwqCVBJyu4ytLqDH03xcKiMFgPAGG 90CvAVnC4KnV5KSi1a+n8pHAI4SIKB8QFFEdQ=

In-reply-to: <e692861c0810082041h15c13220qed65b7562eaad2f6@xxxxxxxxxxxxxx>

References: <e51d72d90810081350j739c97denbbb993a6f6384908@xxxxxxxxxxxxxx> <48ED2305.5080001@xxxxxxxxx> <e51d72d90810082023h498a70cep91543f04776595f1@xxxxxxxxxxxxxx> <e692861c0810082031l14b18567na37728014d0f0b60@xxxxxxxxxxxxxx> <e51d72d90810082034w43d8c6c7gccd50490ea44078b@xxxxxxxxxxxxxx> <e692861c0810082041h15c13220qed65b7562eaad2f6@xxxxxxxxxxxxxx>

Reply-to: or-talk@xxxxxxxxxxxxx

Sender: owner-or-talk@xxxxxxxxxxxxx

ok understood, so in actuality he would have to be observing 3 things:

1) The user' s computer (timing and size)

2) the first hop ((timing and size)

3) the last hop ((timing, size and anythign else)

He would have to be observing the user computer, as there would be no other way to correlate the first hop with the user, since the IP is hidden at the first hop, correct?

On Thu, Oct 9, 2008 at 6:41 AM, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote:

On Wed, Oct 8, 2008 at 11:34 PM, M <moeedsalam@xxxxxxxxx> wrote:
> On Thu, Oct 9, 2008 at 6:31 AM, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote:
>>
>> On Wed, Oct 8, 2008 at 11:23 PM, M <moeedsalam@xxxxxxxxx> wrote:
>> > Thanx Gregory and F.Fox...understood the concept. Just one note though:
>> >
>> > "Tor (like all current practical low-latency anonymity designs) fails
>> > when
>> > the attacker can see both ends of the communications channel. For
>> > example,
>> > suppose the attacker is watching the Tor relay you choose to enter the
>> > network, and is also watching the website you visit."
>> >
>> > When it says "watching" does it mean? I thought the info was encrypted
>> > (except the last hop) and the IP invisible? Does it mean timing attacks?
>>
>> Yes. A Timing/Sizing attack. He sees the last hop exit.
> but it says "first hop"

Sorry, I accidentally hit send.

Consider: Nothing prevents you from running multiple tor nodes. A well
funded party might run dozens or hundreds. If the attacker controls
both the entry and the exit that you are using he can look at the
unencrypted traffic leaving the exit and correlate it with the timing
and sizes of the data on the the entrances he controls. He could also
do things like intercept your TCP connections leaving the exit and
stuff them with megabytes of junk data and then watch for the traffic
spike on any of the entrances he controls.

If you think about it for a bit you'll realize why changing entrances
all the time would maximize your exposure to this attack. Eventually
you would land on the bad guy's entrance and he could track you down.

Follow-Ups:

Re: same first hops
- From: Gregory Maxwell