HardKor: > Hello, > > Let's say Alice is a political opponent in a repressive regime. Alice hosts > his blog as a tor hidden service hosted at home. > > The government knows about the blog and monitor it. It also monitor the > internet at a nation scale. > > Case 1 : the government dosen't suspect any individual of being behind the > blog > > At 3 AM, the government start periodic flooding the hidden service, with > an unique pattern (e.g. flood 5 minutes, wait 6 minutes, flood 13 minutes, > wait 2 minutes, flood 7 minutes ect.). > > The government should be abe to get a very short list of suspects from a > bandwidth usage analysis. Go to case 2.
This is very similar to case 2 and (somewhat?) similar to end to end correlation attack. Tor does not defend against such things by design. http://www.mail-archive.com/[email protected]/msg00022.html "I haven't given up hope on end-to-end correlation resistance for low-latency flow-based designs like Tor (but papers like [4] don't make me optimistic for a quick fix). It's hard to see how we could end up with a large enough and diverse enough population of Mixminion users to let it fulfill its potential. Stay tuned to PETS [5] and related conferences, but be patient." Right now there are no low latency networks (like Tor) defending against this attack. Not even theoretically. Mixminion (high latency) could theoretically defeat it. Practically not due to unsolvable usability issues noted in the mail linked above. Is in my opinion also an open research question: https://trac.torproject.org/projects/tor/ticket/6473 > Case 2 : Alice is on a short list of suspects. > > The government cut the Alice's internet access (or the electricity or her > house) and see what happen with the hidden service. > > Looks easy no ? Easy, yes. https://blog.torproject.org/blog/one-cell-enough http://www.mail-archive.com/[email protected]/msg00022.html "The way we generally explain it is that Tor tries to protect against traffic analysis, where an attacker tries to learn whom to investigate, but Tor can't protect against traffic confirmation (also known as end-to-end correlation), where an attacker tries to confirm a hypothesis by monitoring the right locations in the network and then doing the math." > Any way for Alice to mitigate such attacks ? Without workarounds: no one has come up with end to end correlation attack defenses. Workarounds: already mentioned by tom. > Two nodes hosting the same .onion in diffrent locations ? > Something else ? _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
