Hi everyone,
I have taken some time and considered my topic for the Master's Thesis. I have finally decided to write it on integrating high-latency traffic with the Tor low-latency network (see also my initial mail and George's response[1]).
My primary research goal is to determine the impact of a mix network inside Tor, especially on low-latency users of the network. For this, I plan to use shadow [2] with scallion to simulate the Tor network. I then want to integrate Mix features into the network and see how the network reacts to certain attacks, attacking the mix users as well as the non-mix users. A crucial part in this evaluation will be to determine whether the anonymity of regular Tor users might be reduced (for example just by drawing away users from low- to high-latency traffic) or whether it might actually be improved (it could attract more users into the same network).
However, for this evaluation/simulation to work, I need to attack my simulation, i.e. become the adversary and measure the effectiveness of my attacks. And for this, I need the actual implementation. So if anyone has access or can direct me to implementations that I can use, I would be glad for your help.
It would also help me a lot if you can direct me to papers or articles that have shown specific attacks that are known to work on the current network.
Finally, I am currently considering using Mixminion as my basis for a mix network as it seems well designed and addresses a lot of known attacks. I currently do not plan to evaluate its security but instead only the effect its usage has on attacks that work on regular Tor users. However, if anyone can propose a better mix network to base my work on, please let me know.
Thanks to everyone for your support.
Regards, Florian Rüchel
[1] https://lists.torproject.org/pipermail/tor-dev/2014-December/007913.html
Certificates for HS: I find this topic particularly interesting and have followed the discussion. The general concept seems like a great thing to achieve and it could actually outperform the regular SSL/CA infrastructure stuff as it could remove the need for CAs. Unfortunately, this seems something that is not extensive enough to warrant a whole thesis. If you guys think otherwise, please let me know.
Tor with mix features: Tor has the explicit goal of being a low-latency network. However, there are several protocols where high-latency would be acceptable. I liked the idea of high latency HSes (https://lists.torproject.org/pipermail/tor-dev/2014-November/007818.html). I'd like to know what you think about this idea being viable. It would have the advantage of being very flexible from just a theoretic evaluation down to a real implementation so I could adjust this to my time. But only if this is actually desired so it does not need to stay theoretic. I think it would be very interesting to evaluate whether this can improve or hurt anonymity of low-latency users, as well.
I agree. Very interesting area. I'm hoping for Tor to move the area forward during the next one year. We will see.
Parallel research would be good. Some ideas to move forward: https://lists.torproject.org/pipermail/tor-dev/2014-November/007859.html