I guess the approach will not be quite useful.<br><br>1. Delay is a big enemy of Tor. Read <a href="http://www.cs.uml.edu/%7Exinwenfu/paper/IPDPS08_Fu.pdf">http://www.cs.uml.edu/%7Exinwenfu/paper/IPDPS08_Fu.pdf</a>. How much delay is a problem too.<br>
<br>2. An attack can be dynamic against your mechanism by varying the parameters of the attack. We already tested the impact of using various batching and reordering on attacks. Read <a href="http://www.cs.uml.edu/%7Exinwenfu/paper/SP07_Fu.pdf">http://www.cs.uml.edu/%7Exinwenfu/paper/SP07_Fu.pdf</a>. Basically, it is of not much use.<br>
<br>3. Many people still talk about reordering. Reordering cannot be used for TCP at all. It kills the performance. Read <a href="http://www.cs.uml.edu/%7Exinwenfu/paper/MixPerf_Fu.pdf">http://www.cs.uml.edu/%7Exinwenfu/paper/MixPerf_Fu.pdf</a>.<br>
<br>Cheers,<br><br>Xinwen Fu<br><br><br><br><div class="gmail_quote">On Wed, Nov 25, 2009 at 3:54 PM, Just A. User <span dir="ltr"><<a href="mailto:just_a_user@justemail.net">just_a_user@justemail.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hello,<br>
<br>
As the recent (and not so recent) research shows [1, 2], it is quite<br>
possible for a low-bandwidth adversary controlling the exit node or<br>
destination server to identify all the nodes in a circuit. If the victim<br>
is unlucky, the further deanonymization may use a malicious entry node.<br>
Otherwise, the attacker can measure the RTT distance between the victim<br>
and entry node and benefit from that somehow [3].<br>
<br>
One of the obvious methods (of yet unclear efficiency) to mitigate the<br>
issue is introducing of high variance random delays at the routers. As I<br>
can understand, however, the Developers want to keep net delays low.<br>
They have their reasons (the lower the delays, the larger the net and<br>
the stronger anonymity). Nevertheless, a user is able to randomly delay<br>
her traffic before the first router of a circuit. Does this make any<br>
sense?<br>
<br>
PROS:<br>
a. the user tries to decrease the reliability of the attack from [2];<br>
she hopes that there will be more false positives and all the<br>
measurements become less significant or take more time.<br>
<br>
CONS:<br>
b. using the attack from [2], the adversary can make a chosen router<br>
delay some cells for quite a long time (tens of seconds). Since such<br>
delay variances are hardly tolerable, e.g. for web surfing, the user is<br>
very limited in her ability to simulate a false positive.<br>
<br>
c. the user will have an unusual delay pattern, which could suffice for<br>
pseudonymity requirements only.<br>
<br>
[1] Murdoch, Danezis. Low-cost traffic analysis of Tor.<br>
[2] Evans, Dingledine, Grothoff. A practical congestion attack on Tor<br>
using long paths.<br>
[3] Hopper, Vasserman, Chan-Tin. How much anonymity does network latency<br>
leak?<br>
<br>
Thanks in advance.<br>
<font color="#888888"><br>
--<br>
<a href="http://www.fastmail.fm" target="_blank">http://www.fastmail.fm</a> - A no graphics, no pop-ups email service<br>
<br>
***********************************************************************<br>
To unsubscribe, send an e-mail to <a href="mailto:majordomo@torproject.org">majordomo@torproject.org</a> with<br>
unsubscribe or-talk in the body. <a href="http://archives.seul.org/or/talk/" target="_blank">http://archives.seul.org/or/talk/</a><br>
</font></blockquote></div><br>