Mid-Latency [Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)]

Ringo Kamens 2600denver at gmail.com
Fri Apr 28 22:05:44 UTC 2006

Here's an example where cover traffic is good. If somebody has access to
servers and is trying to correlate users to traffic, and some users have
cover traffic then those users will ALWAYS show up as the users who are
using traffic at the same time and thus it is harder to track them down.

On 4/28/06, Nick Mathewson <nickm at freehaven.net> wrote:
> On Fri, Apr 28, 2006 at 02:14:20PM -0400, Geoffrey Lewis Goodell wrote:
> [...]
> > Timing attacks are always possible in low-latency anonymity systems.
> > This is a theoretical limit; without increasing additional latency
> > (substantially degrading usability and thus the size of the anonymity
> > set) or adding cover traffic near the source (requiring sources to stay
> > connected for long periods of time, saturate their upstream link, starve
> > their other applications, and break the business model of their ISPs),
> > it is literally impossible to prevent an attacker from correlating the
> > timing of traffic close to the source with the timing of traffic close
> > to the destination.
> I'd like to register a small objection: while (absent countermeasures)
> correlation attacks work, it remains to be proven whether or not you
> can improve security significantly while adding only a small,
> tolerable, amount of padding and delay.  Research on high-latency
> mix-nets seems to show that you can delay intersection attacks by
> increasing latency variability and decreasing sender-frequency
> variability; but nobody has done the numbers (yet, AFAIK) to tell
> whether these techniques are useful on the low end of the latency
> scale
> There are smart researchers with strong intuitions in either direction
> on this; my intuition tells me that when so many clever people
> disagree, more experimental results are needed.
> Of course, nothing like this will go into Tor in the forseeable
> future.  We have a strong design policy: "No Voodoo."  In other words,
> we try not to add "security" features unless someone can demonstrate
> that they actually improve security.
> (Anybody interested in doing something like this as a research
> project: first, check out the papers about traffic analysis on
> http://freehaven.net/anonbib .  Many of the most 'obvious' ideas don't
> work as well as you'd think they would; many of the recent
> traffic-analysis techniques work better.)
> --
> Nick Mathewson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060428/8b9be55f/attachment.htm>

More information about the tor-talk mailing list