[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Timing attacks from a user's point of view
- To: or-talk@xxxxxxxxxxxxx
- Subject: Timing attacks from a user's point of view
- From: "Just A. User" <just_a_user@xxxxxxxxxxxxx>
- Date: Wed, 25 Nov 2009 12:54:42 -0800
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Wed, 25 Nov 2009 16:00:35 -0500
- Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:from:to:mime-version:content-transfer-encoding:content-type:subject:date; s=smtpout; bh=Tp5mi6t/BdS5pfDoyy0lWx34p6o=; b=q3YSDJmZHXyfei3wVjsk8R2cW/5NOdVykPcw5ApljMvVAIgyV/EmG4a4UuAs6su/v3wWWfQ+zYIpEw27symagVsa6ZqFl1YLI6MCJLGLqvErlPrCT4YvBjq273pCR0pUAmgFidaIa6c072E0XuA1FspdxZSLQlkTaRY1C2R2gcg=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
Hello,
As the recent (and not so recent) research shows [1, 2], it is quite
possible for a low-bandwidth adversary controlling the exit node or
destination server to identify all the nodes in a circuit. If the victim
is unlucky, the further deanonymization may use a malicious entry node.
Otherwise, the attacker can measure the RTT distance between the victim
and entry node and benefit from that somehow [3].
One of the obvious methods (of yet unclear efficiency) to mitigate the
issue is introducing of high variance random delays at the routers. As I
can understand, however, the Developers want to keep net delays low.
They have their reasons (the lower the delays, the larger the net and
the stronger anonymity). Nevertheless, a user is able to randomly delay
her traffic before the first router of a circuit. Does this make any
sense?
PROS:
a. the user tries to decrease the reliability of the attack from [2];
she hopes that there will be more false positives and all the
measurements become less significant or take more time.
CONS:
b. using the attack from [2], the adversary can make a chosen router
delay some cells for quite a long time (tens of seconds). Since such
delay variances are hardly tolerable, e.g. for web surfing, the user is
very limited in her ability to simulate a false positive.
c. the user will have an unusual delay pattern, which could suffice for
pseudonymity requirements only.
[1] Murdoch, Danezis. Low-cost traffic analysis of Tor.
[2] Evans, Dingledine, Grothoff. A practical congestion attack on Tor
using long paths.
[3] Hopper, Vasserman, Chan-Tin. How much anonymity does network latency
leak?
Thanks in advance.
--
http://www.fastmail.fm - A no graphics, no pop-ups email service
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/