-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I know someone else mentioned this, but I misplaced the email:
******** - From : http://web.crypto.cs.sunysb.edu/spday/ "Simulating a Global Passive Adversary for Attacking Tor-like Anonymity Systems We present a novel, practical, and effective mechanism for identifying the IP address of Tor clients. We approximate an almost-global passive adversary (GPA) capable of eavesdropping anywhere in the network by using LinkWidth, a novel bandwidth-estimation technique. LinkWidth allows network edge-attached entities to estimate the available bandwidth in an arbitrary Internet link without a cooperating peer host, router, or ISP. By modulating the bandwidth of an anonymous connection (e.g., when the destination server or its router is under our control), we can observe these fluctuations as they propagate through the Tor network and the Internet to the end-user's IP address. Our technique exploits one of the design criteria for Tor (trading off GPA-resistance for improved latency/bandwidth over MIXes) by allowing well-provisioned (in terms of bandwidth) adversaries to effectively become GPAs. Although timing-based attacks have been demonstrated against non-timing-preserving anonymity networks, they have depended either on a global passive adversary or on the compromise of a substantial number of Tor nodes. Our technique does not require compromise of any Tor nodes or collaboration of the end-server (for some scenarios). We demonstrate the effectiveness of our approach in tracking the IP address of Tor users in a series of experiments. Even for an under-provisioned adversary with only two network vantage points, we can accurately identify the end user (IP address) in many cases. Furthermore, we show that a well-provisioned adversary, using a topological map of the network, can trace-back the path of an anonymous user in under 20 minutes. Finally, we can trace an anonymous Location Hidden Service in approximately 120 minutes." ********* I wonder if this could be true, and what exactly this all means; if it means that pretty much anyone can jump into the role of a GPA, we're screwed. - -- F. Fox AAS, CompTIA A+/Network+/Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSDR1e+j8TXmm2ggwAQhYSBAAjd86xH3G1b4zauY9V5txc59n+VAZtD3I dih3M1LI/AthXGymIsTn7GfQIhsw9wIlBMxxs8Se0Azgdm2QIB2sQkJSwsQB8JrJ 45PV2tYOhThfZayvPNq3RLZ70rlWum654IYbh5VYh1ODOENqmcg5/YLYeLORc/NE zEkvRo2PGxKY/7V0icVyN7Q/+vwpu61Wm3Yt/D3mrHvLddh2ft3MiTqifAMRpjaj ZbyKzcDwsMsltCKnJiz9ECNDja2FTj0x6pyQGHDO8DSnY9KXus95Brt9cjKW5yF0 Ix7wGt5V87MYFpEoWEErbHHCKU9N4zFgu4dBj8dTJFqe09eXe/FZGrKHPS7pnnNE 02FKNiafuyf7+jUQYrQFZMxi8TnjveHDcjc1w1OTx355bu3xZzVEmHR9PnG5oDWr HpfsA13649j+vGfm+Afjvd0Yw0Db3yeYo9uDG/mJDcvyl2qI30tFwI4YggbWHgVL 6UTEk5SwPI6k1A+9IAUObrHtqqb/qQJOZy3tHx9slogI6qPJSYIUTQWgBjNZ1yJ9 C2l7t5y5JqMXQHQzZwdNRboaeIEMunedevN/zweLK5Lt308FP7JAJJHLz/f7MDLK WN4oZEyL0LWuIlqbEPBNODgIXyicHNf2Hd+lMDOasCIc63mCaa7hlk+j73gQjH/B lQIwdbevNBU= =CKp7 -----END PGP SIGNATURE-----
