[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Whitepaper draft: Towards Side Channel Analysis of Datagram Tor vs Current Tor (traffic fingerprinting)

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Whitepaper draft: Towards Side Channel Analysis of Datagram Tor vs Current Tor (traffic fingerprinting)
From: Nick Mathewson <nickm@xxxxxxxxxxxx>
Date: Tue, 27 Nov 2018 14:32:30 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 27 Nov 2018 14:32:56 -0500
In-reply-to: <20181127171250.7u6trdhpnx3ds5mw@bamsoftware.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuyCO-HY_tBOCWJ3X+j=3z7_Q+X7jPBVh8aTFUjf-Lx3bw@mail.gmail.com> <20181127171250.7u6trdhpnx3ds5mw@bamsoftware.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On Tue, Nov 27, 2018 at 12:13 PM David Fifield <david@xxxxxxxxxxxxxxx> wrote:
>
> On Tue, Nov 27, 2018 at 08:23:21AM -0500, Nick Mathewson wrote:
> > ### Traffic Fingerprinting of TCP-like systems
 [...]
> > This class of attacks is solvable, especially if the exact same
> > TCP-like implementation is used by all clients, but it also requires
> > careful consideration and additional constraints to be placed on the
> > TCP stack(s) in use that are not usually considered by TCP
> > implementations -- particularly to ensure that they do not depend on
> > OS-specific features or try to learn things about their environment
> > over time, across different connections.
>
> Thanks, this is nice and thoughtful analysis.
>
> Does the word "clients" in the last paragraph meant to exclude servers?
> Or should I understand something like "peers" that includes clients and
> servers? I'm trying to think of how fingerprinting a server could be
> useful to an attacker. An onion service doesn't count as a server--at
> the layer of the TCP-like protocol, it's a client, with the RP as
> server.

Right.  I *think* that only parties that need anonymity need to avoid
TCP fingerprinting.

cheers,
-- 
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] Whitepaper draft: Towards Side Channel Analysis of Datagram Tor vs Current Tor
  - From: Nick Mathewson
- Re: [tor-dev] Whitepaper draft: Towards Side Channel Analysis of Datagram Tor vs Current Tor (traffic fingerprinting)
  - From: David Fifield

Prev by Author: Re: [tor-dev] Dealing with frequent suspends on Android
Next by Author: Re: [tor-dev] A few wtf-pad/prop254 questions
Previous by thread: Re: [tor-dev] Whitepaper draft: Towards Side Channel Analysis of Datagram Tor vs Current Tor (traffic fingerprinting)
Next by thread: [tor-dev] New sbws milestones on trac
Index(es):
- Author
- Thread