On Tue, Dec 28, 2010 at 08:51:30PM -0500, Nick Mathewson wrote: > From the wired.com article, this sounds _exactly_ like the old website > fingerprinting attack, which has been known since 2002: > http://freehaven.net/anonbib/#hintz02 > > It would be neat if somebody could send a pointer to the authors' > actual results.
See also point 3 at https://www.torproject.org/getinvolved/research.html.en#Ideas It's been sitting on our "this is important to learn more about" research list for years. It's also listed in the talk I did at 25c3: http://events.ccc.de/congress/2008/Fahrplan/events/2977.en.html http://freehaven.net/~arma/slides-25c3.pdf (slide 30) So I'm glad to see more attention to the attack, but a bit frustrated that we (the research community) are not farther along at understanding it. Two other things to note: The website fingerprinting attack works against other anonymity systems too, in most cases even more straightforwardly than against Tor. We've got 8+ years in the literature of applying it to other systems (most thoroughly just attacking SSL streams to learn what web page is being fetched despite the encryption), and in the past few years people have improved the attack to get it to work against Tor also. As I understand it, even now it only works consistently when they assume laboratory conditions. That isn't to say that it won't work in real-world conditions -- just that it's a real hassle to get all the details right so most researchers don't put in the required engineering work. What I'm really looking forward to is learning what modifications to Tor might slow down the attack. For example, what happens if we move to a 1024 byte cell by default, or if we randomly add some extra cells periodically, or if we ask the entry node to add padding cells so the responses we get are multiples of 10KB? It would seem that there is a tradeoff between bandwidth overhead (wasted bytes) and protection against this attack, but I hope there are smart points in the tradeoff space. Alas, we're still not really to that point yet -- we don't know how well it actually works in practice against vanilla Tor, so it doesn't make sense to ask how well it would work in practice against a modified Tor design. --Roger *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
