[tor-dev] [CRITICAL] DeepCorr Traffic Confirmation Attack
Holmes Wilson
h at zbay.llc
Tue Feb 28 12:59:00 UTC 2023
This attack looks especially bad for situations where both ends of the
connection are controlled by the attacker, so it seems really bad for
onionshare, ricochet refresh, Briar, and Quiet, at least when users are
communicating with others in the same country. 96% correlation after 900k
of data sent! That's just a few images or files.
It probably would work again cwtch too at least if it was trained for that,
since while users might be connected to a server outside the attacker's
region of control, but the data flows would correlate since the cwtch
server is also just relaying data.
Should all of these apps be using obs4 with IAT mode on? (The mitigation
recommended by the paper?)
How meaningful is Tor's metadata protection for an app like Quiet, Briar,
or OnionShare given this attack, assuming most users are communicating with
others within a country that can mount such an attack?
On Tue, Feb 28, 2023, 8:23 AM Guard via tor-dev <
tor-dev at lists.torproject.org> wrote:
> Hi,
>
> I was just reading a paper on traffic confirmation attacks over here
> https://arxiv.org/pdf/1808.07285v1.pdf. This attack runs with the help of
> deep learning algorithm called DeepCorr. This attack can be run in a Five
> Eyes country or an authoritarian regime like Russia where companies are
> compelled to cooperate with the government making this attack plausible.
> The ISP and the website operators are the two endpoints for this attack.
> This attack was able to achieve a success rate of over 96% which
> represents a serious threat to Tor users in these regions. The paper also
> includes some countermeasures on how to defeat this method of traffic
> confirmation.
>
> Thanks.
>
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20230228/812422a0/attachment.htm>
More information about the tor-dev
mailing list