[tor-dev] Support for mix integration research

Aaron Johnson aaron.m.johnson at nrl.navy.mil
Tue Feb 23 16:03:16 UTC 2016

Hello Katharina,

Sounds like a great project. I have a couple of suggestions:
  1. Consider how to use mixing to anonymize Tor’s name resolution system. Currently, clients connect to onion service by first resolving the onion address (e.g. xyzblah.onion) to a descriptor using a distributed hash table. That hash table can easily be infiltrated by an adversary running relays, and if the adversary also controls a client’s guard they can deanonymize the client during the lookup. This is the attack that the CMU/CERT researchers performed [0] as well as Biryukov et al. [1]. Onion-service descriptors are very small, and so it seems to me that mixing could be applied here to defeat deanonymization.
  2. Read the alpha-mixing paper [2], which first described how high-latency and low-latency traffic might be mixed together.

Good luck!


[0] <https://freedom-to-tinker.com/blog/felten/why-were-cert-researchers-attacking-tor/ <https://freedom-to-tinker.com/blog/felten/why-were-cert-researchers-attacking-tor/>>
[1] Alex Biryukov, Ivan Pustogarov, Fabrice Thill, Ralf-Philipp Weinmann; "Content and popularity analysis of Tor hidden services”; IEEE 34th International Conference on Distributed Computing Systems Workshops; 2014; <http://arxiv.org/abs/1308.6768 <http://arxiv.org/abs/1308.6768>>.
[2] Roger Dingledine, Andrei Serjantov, and Paul Syverson; "Blending Different Latency Traffic with Alpha-Mixing”; In the Proceedings of the Sixth Workshop on Privacy Enhancing Technologies (PET 2006); 2006; <http://freehaven.net/doc/alpha-mixing/alpha-mixing.pdf <http://freehaven.net/doc/alpha-mixing/alpha-mixing.pdf>>.

> On Feb 22, 2016, at 9:11 AM, Katharina Kohls <katharina.kohls at rub.de> wrote:
> Hi everyone,
> we are a team of 4 PHD students in the field of IT security, working at
> the Ruhr-University Bochum at the chair for systems security and the
> information security group.
> Currently we work on a research project with the goal to leverage the
> security of Tor against timing attacks by integrating mixes in Tor
> nodes. The general idea is to differentiate high-latency and low-latency
> traffic among the network for applying additional delays to the former
> type of packets. Based on this the success of traffic analysis attacks
> should be decreased without restricting the low latency assurance of Tor.
> We plan to integrate the mix into Tor version and analyze its
> performance along with the Shadow simulator.
> As there are a lot of details to consider, both regarding the technical
> aspects of the integration as well as practical assumptions, e.g., "how
> do we get DiffServ-like nodes?", we would be pleased to receive some
> feedback on the idea and support for the implementation of the mix.
> Further details on the mix and stuff will sure be provided if needed!
> Cheers,
> Katharina
> -- 
> M.Sc. Katharina Kohls
> Ruhr-University Bochum
> Research Group Information Security
> Uni­ver­si­täts­stras­se 150
> ID 2/123
> 44780 Bochum / Germany
> Phone: +49 234 / 32 - 26991
> Web: www.infsec.rub.de
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160223/6364bdb0/attachment.html>

More information about the tor-dev mailing list