[tor-dev] Proposal xyz : Count Unique IP addresses in an anonymous way

[Jaskaran Singh]

Hi,

So here's the updated part of the proposal.

------------

§ Threat model & Security Considerations

Consider the adversary with the following powers:

 - Has sufficient computational and storage power to brute force any
   method that can be brute forced.

 - Can get the recurrent control of the concerned guard-node/bridge.

 - Can interact with the concerned data structure that stores unique-IP-
   addresses/hash-values/bloom-filter/bitmaps etc.

 - Can also log incoming connections and IP addresses outside the realm
   of Tor(i.e at the system level or at gateways etc.)

 - Can manipulate the incoming connection with some made up IP address
   as to observe the working of our proposed solution.

 - As a consequence of previous power, adversary can also inject pattern
   of IP addresses to observe any pattern in the stored data structure.

An ideal solution would not involve hashing or even if it does, it would
manipulate that hash to before storing in such a way that adversary
cannot learn about IP addresses even with brute force attack.

An ideal solution would not help the adversary observe any pattern in
the stored data structure. This could be accomplished by incorporating
salted hash or variations of it into the proposed solution. And the salt
would be changed every time we start tracking unique IP addresses.

There is a fundamental limitation to what we can do and that is that we
cannot stop an adversary from gaining knowledge of IP addresses at the
system level or a gateways etc. But, the thing to cheer about is that
in this way, the adversary cannot learn about the users retrospectively.

------------

Regards,
Jaskaran

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170321/383b5218/attachment.sig>