[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [tor-relays] clockskewer attack



On Thu, 2012-10-04 at 05:07 +0300, Sampo Syreeni wrote:
> On 2012-10-03, Ted Smith wrote:
> 
> > So it actually assumes that the targeted hidden service is running a 
> > Tor relay _and_ an open HTTP server.
> 
> The basic attack pattern is extensible to a relay and any service which 
> can be correlated with each other, through any sufficiently selective 
> metadata divulged by both services. It ain't a new one, either; I seem 
> to remember this sort of stuff being done from at least 2008, which 
> prolly makes the idea older since I'm not exactly a pro in the field.
> 
> The general statistical attack pattern is correlate, accumulate and 
> intersect. The research behind Tor talks about this stuff already, and 
> notes it cannot be stopped if we presume the relay operator leaks such 
> correlated information. So yes, you ought to be worried -- as the 
> operator of a hidden service.

This particular script that is currently being hyped up on Reddit as
"de-anonymizing most Tor hidden servers" simply makes too many
assumptions to be feasible.

Yes, this sort of attack is feasible in principle, and this script will
probably work if you find a hidden service that is also a relay and is
also a publicly reachable HTTP server, but saying it can be carried out
against most hidden services is simply false as a matter of fact.

Hidden services don't need to be reachable from the Internet. They don't
need to have accurate clocks. And as a result, a lot of them aren't
vulnerable to a program on the Internet that is being marketed as
reliably de-anonymizing hidden services.

To summarize:

      * This is not a novel attack
      * This particular variant of the attack ("clockskewer") is not
        effective against many if not most hidden services
      * The people claiming it does on Reddit are scare-mongering Tor
        for karma, and that irritates me as someone who likes Tor and
        wants people who need more-secure systems to research Tor and
        see the stable, well-tested tool that it is, rather than hype
        from Reddit.




-- 
Sent from Ubuntu

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk