This attack looks especially bad for situations where both ends of the connection are controlled by the attacker, so it seems really bad for onionshare, ricochet refresh, Briar, and Quiet, at least when users are communicating with others in the same country. 96% correlation after 900k of data sent! That's just a few images or files.
It probably would work again cwtch too at least if it was trained for that, since while users might be connected to a server outside the attacker's region of control, but the data flows would correlate since the cwtch server is also just relaying data.
Should all of these apps be using obs4 with IAT mode on? (The mitigation recommended by the paper?)
How meaningful is Tor's metadata protection for an app like Quiet, Briar, or OnionShare given this attack, assuming most users are communicating with others within a country that can mount such an attack?
Hi,
I was just reading a paper on traffic confirmation attacks over here
https://arxiv.org/pdf/1808.07285v1.pdf. This attack runs with the help of
deep learning algorithm called DeepCorr. This attack can be run in a Five
Eyes country or an authoritarian regime like Russia where companies are
compelled to cooperate with the government making this attack plausible.
The ISP and the website operators are the two endpoints for this attack.
This attack was able to achieve a success rate of over 96% which
represents a serious threat to Tor users in these regions. The paper also
includes some countermeasures on how to defeat this method of traffic
confirmation.
Thanks.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev