On Thu, 13 Aug 2015 at 01:34 Tom Ritter <[email protected]> wrote: > On 8 August 2015 at 12:25, Bryan Ford <[email protected]> wrote: > > [Many good things] > > Okay. If I simplify unfairly I think I agree with many of the root > points of your email. > > 1) Yes, more logs plus even a weeks worth of STHs probably affords too > much ability for tracking. Releasing a STH will have some sort of > probability attached to it, but again 'statistics'[0]. I've open a > ticket to make sure we don't lose this. >
I've been thinking about this for a while now, and I'd like to know how this attack works. When a client communicates with a log, assuming it manages to do so completely anonymously, it reveals at most two STHs it knows (i.e. if it asks for an STH consistency proof). A week's worth of STHs gives me ~10,000 pairs. Assuming, say, 1B people who visit sites using CT in that week, that puts each person into an anonymity set of size 100,000, assuming the attacker has full control over STHs the user caches. Which he doesn't. Also, once the attacker has narrowed the user to this set, what has he learnt? Nothing, since he already knew the 2 STHs the user had cached (he supplied them). Those two STHs are correlated with nothing else. What's more, one of them is now going to be removed from the cache (the older one), moving the user into a really large anonymity set. In practice, the user will soon replace that STH with a more recent one, and different users will replace with different STHs, causing the set to become even larger over time. Anyway, now you can determine that one of at least 10M people visited some particular website. I find it hard to get excited about that. In order to further narrow the user down, or to learn anything correlated with the smaller (two STH) anonymity set, the attacker needs some other persistent marker so he can correlate other requests. But if he has that persistent marker, what is the STH marker for? In short: I am not seeing how this represents a privacy problem. Perhaps I'm missing something?
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
