ATTN: MiTH attack against SkyPE, defeates "Findnot.com"

Watson Ladd watsonbladd at gmail.com
Tue May 16 16:26:14 UTC 2006 

The probem is the low latency VOIP requires. There is a tradeoff between
latency and privacy, and it cannot be avoided.

On 5/16/06, Anothony Georgeo <anogeorgeo at yahoo.com> wrote:
>
> Hello,
>
> Here is a quoted section from an article about the US
> FBI and the next generation of "Carnivore" which will
> focus on VoIP.
>
> The qutoed section deals with a MiTH attack (I think)
> that has been discussed here before.  The attacker
> adds a packet timing delay and invisable 'tag' to
> packets of the P2P VoIP software "SkyPE".
>
> This MiTH attack defeated the anonymity offered by
> http://www.findnot.com and as such everyone should
> concider all other web-based, single-hop and weak [eg.
> non-Tor ;-) ] anonymizing services to be broken.
>
> I don't think this MiTH attack can effect the Tor
> network but I'm not sure.  I think Tor's DH key
> authentication of nodes and TLS tunnels precludes this
> attack but I'm not positive.
>
> Can an Onion Route II/Tor expert offer assurance this
> MiTH attack does not effect Tor?
>
> -Quoted section-
>
> http://news.com.com/Feds+fund+VoIP+tapping+research/2100-7348_3-5825932.html?part=rss&tag=5825932&subj=news
>
> The FBI or any other government agency that's
> eavesdropping on both ends of the link would see that
> each person was connected to the anonymizing
> server--but couldn't know for sure who was talking to
> whom. The more customers who use the service at once,
> the more difficult it would be for investigators to
> connect the dots.
>
> Wang discovered he could embed a unique, undetectable
> signature in Skype packets and then identify that
> signature when they reached their destination. The
> technique works in much the same way as a radioactive
> marker that a patient swallows, permitting doctors to
> monitor its progress through the digestive system.
>
> "It's based on the flow itself," Wang said. "I embed a
> watermark into the flow itself, the timing of the
> packets. By adjusting the timing of select packets
> slightly, it's transparent. There's no overhead in the
> bandwidth, and it's very subtle. It's mingled with the
> background noise." (The anonymizing service tested was
> Findnot.com, which did not immediately respond to a
> request for comment on Tuesday.)
>
> A paper co-authored by Wang and fellow George Mason
> researchers Shiping Chen and Sushil Jajodia describing
> their results is scheduled to be presented at a
> computer security conference in November. An early
> draft concludes that "tracking anonymous, peer-to-peer
> VoIP calls on the Internet is feasible" with only
> 3-millisecond timing alterations as long as the calls
> are at least 90 seconds long.
>
> -End quoted section-
>
> Options, comments?
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>



-- 
"Those who would give up Essential Liberty to purchase a little Temporary
Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060516/2474b79c/attachment.htm>

More information about the tor-talk mailing list