ATTN: MiTH attack against SkyPE, defeates ""

Watson Ladd watsonbladd at
Tue May 16 16:26:14 UTC 2006

The probem is the low latency VOIP requires. There is a tradeoff between
latency and privacy, and it cannot be avoided.

On 5/16/06, Anothony Georgeo <anogeorgeo at> wrote:
> Hello,
> Here is a quoted section from an article about the US
> FBI and the next generation of "Carnivore" which will
> focus on VoIP.
> The qutoed section deals with a MiTH attack (I think)
> that has been discussed here before.  The attacker
> adds a packet timing delay and invisable 'tag' to
> packets of the P2P VoIP software "SkyPE".
> This MiTH attack defeated the anonymity offered by
> and as such everyone should
> concider all other web-based, single-hop and weak [eg.
> non-Tor ;-) ] anonymizing services to be broken.
> I don't think this MiTH attack can effect the Tor
> network but I'm not sure.  I think Tor's DH key
> authentication of nodes and TLS tunnels precludes this
> attack but I'm not positive.
> Can an Onion Route II/Tor expert offer assurance this
> MiTH attack does not effect Tor?
> -Quoted section-
> The FBI or any other government agency that's
> eavesdropping on both ends of the link would see that
> each person was connected to the anonymizing
> server--but couldn't know for sure who was talking to
> whom. The more customers who use the service at once,
> the more difficult it would be for investigators to
> connect the dots.
> Wang discovered he could embed a unique, undetectable
> signature in Skype packets and then identify that
> signature when they reached their destination. The
> technique works in much the same way as a radioactive
> marker that a patient swallows, permitting doctors to
> monitor its progress through the digestive system.
> "It's based on the flow itself," Wang said. "I embed a
> watermark into the flow itself, the timing of the
> packets. By adjusting the timing of select packets
> slightly, it's transparent. There's no overhead in the
> bandwidth, and it's very subtle. It's mingled with the
> background noise." (The anonymizing service tested was
>, which did not immediately respond to a
> request for comment on Tuesday.)
> A paper co-authored by Wang and fellow George Mason
> researchers Shiping Chen and Sushil Jajodia describing
> their results is scheduled to be presented at a
> computer security conference in November. An early
> draft concludes that "tracking anonymous, peer-to-peer
> VoIP calls on the Internet is feasible" with only
> 3-millisecond timing alterations as long as the calls
> are at least 90 seconds long.
> -End quoted section-
> Options, comments?
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around

"Those who would give up Essential Liberty to purchase a little Temporary
Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the tor-talk mailing list