On Thu, 18 Nov 2010 18:19:03 -0800 "Theodore Bagwell" <[email protected]> wrote:
> Some of you may be aware of the paper,"Cyber Crime Scene > Investigations (C2SI) through Cloud Computing" > (http://www.cs.uml.edu/~xinwenfu/paper/SPCC10_Fu.pdf) which > illustrates a feasible method of invalidating the anonymity afforded > by Tor. The quick answer is that this is a known active attack, and has been documented for many years. See the Tor design paper from 2004, https://svn.torproject.org/svn/projects/design-paper/tor-design.html#sec:attacks. Specifically, "Run a hostile OR. In addition to being a local observer, an isolated hostile node can create circuits through itself, or alter traffic patterns to affect traffic at other nodes. Nonetheless, a hostile node must be immediately adjacent to both endpoints to compromise the anonymity of a circuit. If an adversary can run multiple ORs, and can persuade the directory servers that those ORs are trustworthy and independent, then occasionally some user will choose one of those ORs for the start and another as the end of a circuit. If an adversary controls m > 1 of N nodes, he can correlate at most ([m/N])2 of the traffic — although an adversary could still attract a disproportionately large amount of traffic by running an OR with a permissive exit policy, or by degrading the reliability of other routers." Perhaps Roger, Nick, or Paul have a more in-depth answer. -- Andrew pgp 0x31B0974B *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
