Re: [liberationtech] Breaking Tor for $3K
On Tue, Jul 8, 2014 at 12:20 AM, Maxim Kammerer m...@dee.su wrote: Well, if we estimate total guard node bandwidth at 4GB/s, several controlled guard nodes with two gigabit links allow control of ~6% of Tor traffic, enabling a fair share of opportunistic deanonymization attacks on hidden services and their clients. “Then the second class of attack they used, in conjunction with their traffic confirmation attack, was a standard Sybil attack — they signed up around 115 fast non-exit relays, all running on 50.7.0.0/16 or 204.45.0.0/16. Together these relays summed to about 6.4% of the Guard capacity in the network.” [1] Simultaneously, I would inject arbitrary delays into all client connections to controlled guard nodes, and watch for similar delays on suspected hidden service nodes. “The particular confirmation attack they used was an active attack where the relay on one end injects a signal into the Tor protocol headers, and then the relay on the other end reads the signal. These attacking relays were stable enough to get the HSDir (suitable for hidden service directory) and Guard (suitable for being an entry guard) consensus flags. Then they injected the signal whenever they were used as a hidden service directory, and looked for an injected signal whenever they were used as an entry guard.” [1] So they apparently found a more efficient and reliable way to transmit the signal, at the cost of getting detected after half a year. Too bad the talk was retracted, I was looking towards some actual non-propaganda Tor hidden service statistics. [1] https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Breaking Tor for $3K
Maxim Kammerer wrote: Too bad the talk was retracted, I was looking towards some actual non-propaganda Tor hidden service statistics. Wait. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Breaking Tor for $3K
See: https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget Sounds like hype to me. Anyone else have an opinion? -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Breaking Tor for $3K
On Mon, Jul 7, 2014 at 11:13 PM, Richard Brooks r...@g.clemson.edu wrote: https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget Sounds like hype to me. Anyone else have an opinion? Well, if we estimate total guard node bandwidth at 4GB/s [1], several controlled guard nodes with two gigabit links allow control of ~6% of Tor traffic, enabling a fair share of opportunistic deanonymization attacks on hidden services and their clients. I would approach this by constantly connecting to all known hidden services using a distinct per-service traffic pattern, and this way determine location of hidden services that eventually pick a controlled guard node. Simultaneously, I would inject arbitrary delays into all client connections to controlled guard nodes, and watch for similar delays on suspected hidden service nodes. All in all, sounds feasible to me, and I can't wait for some actual Tor hidden services statistics that are not some boring wishful thinking from “Users of Tor” page [2], but actual data. [1] https://metrics.torproject.org/bandwidth.html [2] https://www.torproject.org/about/torusers.html -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
