-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Hmmm. Well the idea I was trying to get across above was tied to "new > data flows", but basically, on each node, it must be plausible that a > packet going to a given node came from the local node or is forwarded > from any of several connected nodes which sent us data recently.
Right, and there's got to be reason to associate multiple packets with a single flow. This is something inherent in any low latency comm - if you are sending me X bytes of data in time period Y, there is a sequence of packets from you to me through some intermediaries with oX bytes. An adversary with the resources to gather all of that data and run the analysis has a pretty strong case, though there are mechanisms available to deal with it (e.g. Tarzan mimics or other chaff techniques). > > Tunnel creation itself doesn't require us to be very lucky, the > > attack P = (c/n)^h is negligible. Tunnel operation against global > > passive adversaries, however, is a bitch. > > It's a different c than in most of the other attacks though. If h is 3 > and c is say all the nodes in the USA (via CALEA), then you have a > problem. The c here is the number of peers both being monitored AND who are exposing insufficient traffic. The probability of the later depends upon that router's activity, as well as the activity within the tunnel. For example, a tunnel used for irc would have much higher anonymity than a tunnel used for large file downloads. The adversary who actually enables all CALEA backdoors at once, throws all the monitored data into a warehouse, and mines it is pretty powerful. =jr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDYRnjWYfZ3rPnHH0RApwvAJ4k3XD853Ylqfe4oVhzMHH1FREoZgCdGqQj UtEYWObSuEsOsmX38UJgUqQ= =ijLB -----END PGP SIGNATURE----- _______________________________________________ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
