On Thu, Jan 05, 2017 at 12:25:20PM +1030,
windows95@national.shitposting.agency wrote:
I'm tasked with doing a short report on the ways in which Tor can be
attacked.
I've brainstormed and done research for few hours and this is the
list I've come up with.
Is there anything big that I've missed?
I feel I might be a bit light on more technical attacks.
Your list is pretty good, though it could do with some sorting and
some categories. :)
For another interesting set of attacks, see
https://media.torproject.org/video/Defcon16-Roger_Dingledine-Sec_Anonymity_Vulns_in_Tor.m4v
and
https://media.torproject.org/video/2008-12-29-25c3-2977-en-security_and_anonymity_vulnerabilities_in_tor.mp4
These talks are some years old now, but many of the issues the talks
describe are hard to fix well so they remain an issue in some form.
If I were doing your 'short report', I would try to prioritize the
various
attacks in terms of how hard they are to perform, and how damaging they
are if performed. You could imagine a two-dimensional graph where
various
attacks correspond to a point on the graph.
I would also want to include a short section on how having a big list
of
possible attacks does not indicate that it's a weaker system or weaker
design compared to a system or design that has a shorter but scarier
list
of attacks. For example, centralized architectures don't need to think
about the more esoteric attacks, because they have the whole dataset of
what users went to which website right in front of them:
https://svn.torproject.org/svn/projects/articles/circumvention-features.html#5
Let us know what you come up with,
--Roger