[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Anonymity easily thwarted by flooding network with relays?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Anonymity easily thwarted by flooding network with relays?
From: Michael Cozzi <cozzi@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 19 Nov 2010 03:25:01 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 19 Nov 2010 03:52:59 -0500
In-reply-to: <20101119040341.GL3145@xxxxxxxxxxxxxx>
References: <1290133143.24284.1406074767@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <20101119040341.GL3145@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6

On 11/18/2010 11:03 PM, Roger Dingledine wrote:

attack, which doesn't care how many hops your path has (as long
as it's at least two). You can read more about it from the various
freehaven.net/anonbib/ links in this blog post about a related topic:
https://blog.torproject.org/blog/one-cell-enough

--Roger

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/


    Roger,

I'm not sure as a career sys admin that I am qualified to reallycomment on this. But in order for this attack to work, you have tocorrelate the input data to the entry node to the output data to theexit node (as you have said). That can be done by measuring timing andsize of the data.

Getting around this seems to me to be easy. All that has to happenis the addition of garbage data from the client which is then strippedout on the exit node. That way the data going into the network has afalse size, always larger than what is actually being transported, thishappens in the first layer of the "onion". So the data in, never equalsthe data out and vice versa.

At that point *timing* is the only correlating factor. And with thelatency of the tor network, that would be very hard to track, with theperceived security going up on busier guard and exit nodes. Also, someslight random latency could be introduced (smallish factor, 1 to 10 ms)for all middle nodes, muddying the waters even more.

Like I mentioned before, I'm not really qualified to comment onthis. I use tor as an IT tool for security and offsite testing.


--
Michael Cozzi
cozzi@xxxxxxxxxxxxxxxxxxx
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Re: Anonymity easily thwarted by flooding network with relays?
  - From: Paul Syverson

References:
- Anonymity easily thwarted by flooding network with relays?
  - From: Theodore Bagwell
- Re: Anonymity easily thwarted by flooding network with relays?
  - From: Roger Dingledine

Prev by Author: Re: Tor 0.2.2.19-alpha is out
Next by Author: Re: Onion url's
Previous by thread: Re: Anonymity easily thwarted by flooding network with relays?
Next by thread: Re: Anonymity easily thwarted by flooding network with relays?
Index(es):
- Author
- Thread