[tor-dev] Whitepaper draft: Towards Side Channel Analysis of Datagram Tor vs Current Tor (traffic fingerprinting)

Nick Mathewson nickm at alum.mit.edu
Tue Nov 27 19:32:30 UTC 2018

On Tue, Nov 27, 2018 at 12:13 PM David Fifield <david at bamsoftware.com> wrote:
> On Tue, Nov 27, 2018 at 08:23:21AM -0500, Nick Mathewson wrote:
> > ### Traffic Fingerprinting of TCP-like systems
> > This class of attacks is solvable, especially if the exact same
> > TCP-like implementation is used by all clients, but it also requires
> > careful consideration and additional constraints to be placed on the
> > TCP stack(s) in use that are not usually considered by TCP
> > implementations -- particularly to ensure that they do not depend on
> > OS-specific features or try to learn things about their environment
> > over time, across different connections.
> Thanks, this is nice and thoughtful analysis.
> Does the word "clients" in the last paragraph meant to exclude servers?
> Or should I understand something like "peers" that includes clients and
> servers? I'm trying to think of how fingerprinting a server could be
> useful to an attacker. An onion service doesn't count as a server--at
> the layer of the TCP-like protocol, it's a client, with the RP as
> server.

Right.  I *think* that only parties that need anonymity need to avoid
TCP fingerprinting.


More information about the tor-dev mailing list