Roger Dingledine: > On Sun, Jul 14, 2013 at 11:28:25AM -0700, Mike Perry wrote: > > > Supposing it is applied does it help to prevent website fingerprinting > > > to a high extend? (high extend = being costly to circumvent by adversaries) > > > > This was my estimation, too. Against passive adversaries, it should do > > quite well, especially since they should have no information (or at best > > incomplete information) about the Conflux path load balancing ratio for > > each circuit in the Conflux path, and which bridges are participating in > > which Conflux paths. > > Good point -- I agree that it should help a lot against relay-level > (or in this case bridge-level) adversaries doing website fingerprinting > against the flows they see. > > But it's far from clear to me that it will help much against an adversary > watching the user's network connection: in that case they get everything > they got before, if they just ignore which relay/bridge it's coming > through. > > To phrase that as a research question: what part of successful website > fingerprinting comes from looking at the sizes of the objects fetched, > and what part comes from looking at timing? If you can do an adequate job > at website fingerprinting just from how many bytes flow in each direction, > then Conflux won't change things much. > > And I bet you *can* do an adequate job right now just with size. But I > also bet that it's easier to make changes to Tor to foil an attack that > uses just size. More research required, as they say. I doubt very much that size is enough, actually. All the studies so far that claim success with low-resolution features like size classify only somewhere between 20 and 100 pages. I think we're seeing clear evidence of publication bias in favor of attack papers, and people gaming the peer review system by dressing up their attack papers to look more impressive than they are, at least on this topic. After all, how many web pages are there these days? A few trillion? It's quite clear that there will be tremendous overlap in the cell counts on anything even remotely realistic in scale. I still agree we should defend against both size and timing, because I believe that defenses that succeed against small-scale/rigged website traffic fingerprinting attack papers will also make end-to-end correlation more difficult. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk