On Feb 29, 2012, at 11:17 AM, grarpamp wrote: >> The main problem, besides the overhead, is that padding doesn't work >> if an adversary can do something as trivial as very briefly delaying >> It is too easy for an adversary to put a traffic signature on a >> circuit in one place, and look for it elsewhere. If he owns, e.g., the >> first node and any of the last node, the link to the destination, or >> the destination it won't matter what kind of padding is done. There's >> lots of published work showing this in various ways. Some already >> alluded to in this thread. If nothing else the adversary can just kill >> the connection at the first node and see which connection exiting the >> network dies. > > Doesn't this mean bad news for users of hidden services, and to a > lesser extent clearnet services (since they're not as 'illegal' and thus > maybe lesser hot targets for snagging users). IE: > > Sting runs a HS and an entry. Thus Sting has full packets, timing, > cleartext and logs of anyone that builds: clientA <> entry <---> HS > > There may even be these additional structures to the left of clientA's > entry, for which the role of entry may switch to relay or exit, but for > which entry may be still able to discriminate among on its left... > clientB > clientC <> relay > clientD [...] <> relay <> relay [...] > > It may take a while for a clientA to use said entry but when they do it seems > it would be quite easy to time/count correlate or munge the HS traffic of > clientA. And only require two nodes (hs, entry) and no GPA taps to do so.
That's why guards were introduced: They will not completely eliminate the above class of attacks, but at least make it statistically much less likely; since you will only use 3 out of 800 or so guard nodes per month. Cheers, Ralf _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
