[tor-dev] Projects to combat/defeat data correlation

Kevin P Dyer kpdyer at gmail.com
Thu Jan 16 19:29:35 UTC 2014

On Wed, Jan 15, 2014 at 7:16 PM, Jim Rucker <mrjimorg at gmail.com> wrote:
> [snip]
> From my understanding (please correct me if I'm wrong) Tor has a weakness in
> that if someone can monitor data going into the relays and going out of the
> exit nodes then they can defeat the anonymity of tor by correlating the size
> and number of packets being sent to relays and comparing those that the
> packets leaving the exit nodes.
> Are there any projects in Tor being worked in to combat data correlation?
> For instance, relays the send/recv constant data rates continuously -
> capping data rates and padding partial or non-packets with random data to
> maintain the data rates

What you are referring to is a traffic confirmation attack. It's a
deceptively hard problem --- even if the naive strategy of sending
data at a constant rate "worked" (for some definition) it would be
prohibitively expense in practice. It is also worth reiterating that
even if such a countermeasure is in place, it wouldn't conceal that
fact that a specific user is connecting to the Tor network.

If you are interested in recent academic works on traffic analysis,
you should have a look at [1] and [2]. They explore the related
setting of website fingerprinting attacks and defenses (including the
one you suggest.)


[1] https://kpdyer.com/publications/oakland2012-peekaboo.pdf
[2] http://cacr.uwaterloo.ca/techreports/2013/cacr2013-30.pdf

More information about the tor-dev mailing list