[tor-relays] questions about attacks involving single-end measurements of available bandwidth

Mirimir mirimir at riseup.net
Fri Oct 10 04:37:09 UTC 2014

In planning how to configure Tor relays, I've been considering various
known attacks. Most involve systemic issues about design and
implementation, and so aren't relevant to relay configuration. But there
is one that seems relevant, and addressable.

I've been reading the work of Sambuddho Chakravarty and coworkers, in
particular his thesis and a technical report on LinkWidth.[0],[1] What
seems relevant here are deanonymization attacks on clients and hidden
services that rely on traffic watermarking in conjunction with
single-end measurements of available relay bandwidth. I am somewhat
dubious about real-world workability. Fast relays simultaneously handle
numerous connections, and so it's arguable that no single connection
substantially perturbs available bandwidth. But on the other hand, it
takes months for traffic through new relays to ramp up, and perhaps they
are easier to scope while relatively idle.

Regardless, Tor relays are very specialized. And so it should be trivial
to craft iptables rules that prevent responses to LinkWidth and other
tools for single-end bandwidth measurement, but don't interfere with
anything essential. However, I haven't come across anything that seems
relevant. Has this threat been addressed? Or am I missing something that
complicates the response? Or conversely, is it not something to worry about?

[0] Chakravarty (2014) Traffic Analysis Attacks and Defenses in Low
Latency Anonymous Communication (PhD thesis)
[1] Chakravarty et al. (2008) LinkWidth: A Method to Measure Link
Capacity and Available Bandwidth using Single-End Probes

More information about the tor-relays mailing list