ATTN: MiTH attack against SkyPE, defeates "Findnot.com"
anogeorgeo at yahoo.com
Tue May 16 14:42:58 UTC 2006
Here is a quoted section from an article about the US
FBI and the next generation of "Carnivore" which will
focus on VoIP.
The qutoed section deals with a MiTH attack (I think)
that has been discussed here before. The attacker
adds a packet timing delay and invisable 'tag' to
packets of the P2P VoIP software "SkyPE".
This MiTH attack defeated the anonymity offered by
http://www.findnot.com and as such everyone should
concider all other web-based, single-hop and weak [eg.
non-Tor ;-) ] anonymizing services to be broken.
I don't think this MiTH attack can effect the Tor
network but I'm not sure. I think Tor's DH key
authentication of nodes and TLS tunnels precludes this
attack but I'm not positive.
Can an Onion Route II/Tor expert offer assurance this
MiTH attack does not effect Tor?
The FBI or any other government agency that's
eavesdropping on both ends of the link would see that
each person was connected to the anonymizing
server--but couldn't know for sure who was talking to
whom. The more customers who use the service at once,
the more difficult it would be for investigators to
connect the dots.
Wang discovered he could embed a unique, undetectable
signature in Skype packets and then identify that
signature when they reached their destination. The
technique works in much the same way as a radioactive
marker that a patient swallows, permitting doctors to
monitor its progress through the digestive system.
"It's based on the flow itself," Wang said. "I embed a
watermark into the flow itself, the timing of the
packets. By adjusting the timing of select packets
slightly, it's transparent. There's no overhead in the
bandwidth, and it's very subtle. It's mingled with the
background noise." (The anonymizing service tested was
Findnot.com, which did not immediately respond to a
request for comment on Tuesday.)
A paper co-authored by Wang and fellow George Mason
researchers Shiping Chen and Sushil Jajodia describing
their results is scheduled to be presented at a
computer security conference in November. An early
draft concludes that "tracking anonymous, peer-to-peer
VoIP calls on the Internet is feasible" with only
3-millisecond timing alterations as long as the calls
are at least 90 seconds long.
-End quoted section-
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
More information about the tor-talk