possible security hole(unsure)(really minor)
syverson at itd.nrl.navy.mil
Wed Apr 12 19:26:38 UTC 2006
On Wed, Apr 12, 2006 at 03:06:24PM -0400, Watson Ladd wrote:
> Its possible that a client picks two servers that don't currently have a
> connection or have a connection with no other traffic between them to form a
> hop. This results in complete lossage as only one client is sending data
> through the connection, eliminating the security of that hop against timing
> attacks. Do I have this wrong or is this a real issue?
Both. Tor does not get security from mixing of traffic at a node but
from the low probability that there is no attacker observing both
endpoints of a Tor connection. While some trivial attacks are thwarted
by the presence of other traffic through the same node, for the most
part timing attacks can easily separate it. This was expected and
described in the Tor design paper, and indicated in simulation
elsewhere. It has now been empirically shown for at least for hidden-server
connections on the Tor network, cf.,
Note that the latest versions of Tor are not vulnerable to the described
attacks because of countermeasures implemented earlier this year.
Relatedly, see last year's "Low-Cost Traffic Analysis of Tor"
available at http://freehaven.net/anonbib/
The attacks in that paper only identify the Tor node endpoints not the
client, and only when a client visits a hostile web site. And the
attacks were conducted when the network was less than a tenth its
current size; it is an open question if they would scale to the
current network. Nonetheless, these two papers illustrate that one
should not be thinking of Tor as a sort of mixnet, as it is often
described, because that conveys an impression of mix-based security
that Tor does not provide.
More information about the tor-talk