[tor-bugs] #16861 [Tor]: Pad Tor connections to collapse netflow records

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Aug 20 03:01:11 UTC 2015 

#16861: Pad Tor connections to collapse netflow records
-----------------------------+--------------------------
     Reporter:  mikeperry    |      Owner:  mikeperry
         Type:  enhancement  |     Status:  needs_review
     Priority:  normal       |  Milestone:
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------

Comment (by arma):

 Nick asked me to opine on the urgency of this patch. I haven't looked at
 the design or patch in detail yet. Here's a slightly-cleaned-up paste of
 my answer to him.

 Big picture answer: yes, I think we should experiment with padding
 approaches, with the goal of stymying some of the potential traffic
 analysis attacks out there -- website fingerprinting, end-to-end
 correlation, and the things in between. Padding between the guard and the
 client is especially appealing because a) it looks like it can provide
 pretty good mileage, and also b) I expect that we'd have an easier time
 raising more capacity at guards (compared to exits) if we publicize the
 reason why we need it.

 I think this is a huge research area where we need to get the whole PETS
 community thinking about it. We partly contributed to some potential
 misunderstandings about the efficacy of end-to-end correlation attacks at
 scale, by saying "Assume the correlation attack works perfectly and
 instantaneously, I don't know if it does, but it might" and having that
 turn into "Everybody knows the correlation attack works perfectly ad
 instantaneously".

 I've been envisioning even like a grand challenge: "Hey everybody, here
 are five attacks, they sure seem hard to resolve, especially all at once,
 but let's think about ways to increase the false positives at scale." For
 some of them even a small bump in false positive rate would be huge in
 practice. It would be neat to get two different designs and then have
 people analyze the heck out of them. Ideally even more than two.

 I think picking the first one Mike ran across is a fine thing to deploy in
 the mean time, but we shouldn't rush to deploy it, or put too much stock
 in its being right.

 For a little while I was thinking "man, this is just going to cause some
 research group to write a paper about how we're morons because look, this
 padding thing doesn't help here and here." But then I realized, that's
 great! Whatever it takes to get them to write the paper.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16861#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list