On Wed, Nov 25, 2009 at 3:54 PM, Just A. User
<just_a_user@xxxxxxxxxxxxx> wrote:
Hello,
As the recent (and not so recent) research shows [1, 2], it is quite
possible for a low-bandwidth adversary controlling the exit node or
destination server to identify all the nodes in a circuit. If the victim
is unlucky, the further deanonymization may use a malicious entry node.
Otherwise, the attacker can measure the RTT distance between the victim
and entry node and benefit from that somehow [3].
One of the obvious methods (of yet unclear efficiency) to mitigate the
issue is introducing of high variance random delays at the routers. As I
can understand, however, the Developers want to keep net delays low.
They have their reasons (the lower the delays, the larger the net and
the stronger anonymity). Nevertheless, a user is able to randomly delay
her traffic before the first router of a circuit. Does this make any
sense?
PROS:
a. the user tries to decrease the reliability of the attack from [2];
she hopes that there will be more false positives and all the
measurements become less significant or take more time.
CONS:
b. using the attack from [2], the adversary can make a chosen router
delay some cells for quite a long time (tens of seconds). Since such
delay variances are hardly tolerable, e.g. for web surfing, the user is
very limited in her ability to simulate a false positive.
c. the user will have an unusual delay pattern, which could suffice for
pseudonymity requirements only.
[1] Murdoch, Danezis. Low-cost traffic analysis of Tor.
[2] Evans, Dingledine, Grothoff. A practical congestion attack on Tor
using long paths.
[3] Hopper, Vasserman, Chan-Tin. How much anonymity does network latency
leak?
Thanks in advance.
--
http://www.fastmail.fm - A no graphics, no pop-ups email service
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/