[tor-dev] Proposal xyz : Count Unique IP addresses in an anonymous way
jvsg1303 at gmail.com
Tue Mar 21 17:38:56 UTC 2017
So here's the updated part of the proposal.
§ Threat model & Security Considerations
Consider the adversary with the following powers:
- Has sufficient computational and storage power to brute force any
method that can be brute forced.
- Can get the recurrent control of the concerned guard-node/bridge.
- Can interact with the concerned data structure that stores unique-IP-
- Can also log incoming connections and IP addresses outside the realm
of Tor(i.e at the system level or at gateways etc.)
- Can manipulate the incoming connection with some made up IP address
as to observe the working of our proposed solution.
- As a consequence of previous power, adversary can also inject pattern
of IP addresses to observe any pattern in the stored data structure.
An ideal solution would not involve hashing or even if it does, it would
manipulate that hash to before storing in such a way that adversary
cannot learn about IP addresses even with brute force attack.
An ideal solution would not help the adversary observe any pattern in
the stored data structure. This could be accomplished by incorporating
salted hash or variations of it into the proposed solution. And the salt
would be changed every time we start tracking unique IP addresses.
There is a fundamental limitation to what we can do and that is that we
cannot stop an adversary from gaining knowledge of IP addresses at the
system level or a gateways etc. But, the thing to cheer about is that
in this way, the adversary cannot learn about the users retrospectively.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: OpenPGP digital signature
More information about the tor-dev