-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Now that I've gotten the alarm bells to quiet a bit, I started thinking about the statement provided about this attack - and I think I may know where some holes in it are, when used against the real Tor network.
Point-by-point follows: > > From : http://web.crypto.cs.sunysb.edu/spday/ > > "Simulating a Global Passive Adversary for Attacking Tor-like Anonymity > Systems > We present a novel, practical, and effective mechanism for identifying > the IP address of Tor clients. We approximate an almost-global passive > adversary (GPA) capable of eavesdropping anywhere in the network by > using LinkWidth, a novel bandwidth-estimation technique. LinkWidth > allows network edge-attached entities to estimate the available > bandwidth in an arbitrary Internet link without a cooperating peer host, > router, or ISP. By modulating the bandwidth of an anonymous connection > (e.g., when the destination server or its router is under our control), > we can observe these fluctuations as they propagate through the Tor > network and the Internet to the end-user's IP address. Two problems here: 1.) Sure, stream-modulation can be done. This is nothing new. However, the global distribution of Tor may be its saving grace here - it'd be incredibly difficult for most attackers to observe such a huge chunk of the Internet. 2.) This technique wouldn't work against hidden services; although, in theory, a hidden service could be the mentioned destination server. Our technique > exploits one of the design criteria for Tor (trading off GPA-resistance > for improved latency/bandwidth over MIXes) by allowing well-provisioned > (in terms of bandwidth) adversaries to effectively become GPAs. A GPA is an *observer*, not someone with a buttload of bandwidth. It's all about the view. > Although > timing-based attacks have been demonstrated against > non-timing-preserving anonymity networks, they have depended either on a > global passive adversary or on the compromise of a substantial number of > Tor nodes. The second mentioned method is the "lottery method;" if you wait long enough, you may get both the Guard and Exit for a circuit. Old news - in fact, entry guards were implemented to reduce the probability of this happening. > Our technique does not require compromise of any Tor nodes or > collaboration of the end-server (for some scenarios). We demonstrate the > effectiveness of our approach in tracking the IP address of Tor users in > a series of experiments. Even for an under-provisioned adversary with > only two network vantage points, we can accurately identify the end user > (IP address) in many cases. Furthermore, we show that a well-provisioned > adversary, using a topological map of the network, can trace-back the > path of an anonymous user in under 20 minutes. Finally, we can trace an > anonymous Location Hidden Service in approximately 120 minutes." > Given what I mentioned above, I'll believe it when I see it. - -- F. Fox AAS, CompTIA A+/Network+/Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSDSGTuj8TXmm2ggwAQjrFQ/+I5KAPPOIbyrKYMLaum1nw8CvOBv2zP+N i77RRyqBeTfOSNpA+JbbvbnON/bjbi8x6k639AgwLV6QhmIJK2yGgCCJpfayXgaK YAb8mKcR9Q0yjyfMMt3ZuDI75pMGE+1zpyqdggbUlFbJ6RDnrad51rLuRgtu6+ip rPa99gu6DxCZdYhbTL5y5jGLsBjkEh2zfMvSrHDenN2Ujw63doJM4cibopL+i8oP YRissmbPNaGJsBH+juuOr3S0YkZMuOAxiXfST4NnGp3i16kEMPMVCCYM1WEKbti5 I5YHzMdwTmr4B+yo5VTwhRrCR21G13s7EfuJEAjiHJ/unQQ/p4O/KwFEnvNy6VYA Ia53bJAK9MS5RhXGsIeY1bxYkRPi2ieaFMibyXrK8d5BaMM9ms1T1ClmxlCTDu+J n+Fq8WV4xr+c9ZE71Nkpo0/xV88YLhG52fxjGvJWYFc8+tuE2as1wCF7GhSUBiuX gvh47eB1mHJg2qU91Pa+d5drkQboKYMG8Gcjmh4W8WmLBtpTxqe1sP3qsx1v3JoE lb0XaYwr6hm6J4sPmyrrhFx6QksLwpqWGRI2Zot0sd6a/CJqR3J7YwAOzjccP+l7 U22DYky9IfKYFrLFFnyXXq+O18qwKr7xvlc2h14/b2o2XWh6z/+5lyua03f4fXvW /Xy2/hk4ju4= =EWyn -----END PGP SIGNATURE-----
