Possible attack method?? Question..

Paul Syverson syverson at itd.nrl.navy.mil
Fri Jan 11 22:36:18 UTC 2008

On Fri, Jan 11, 2008 at 04:02:28PM -0600, Jon McLachlan wrote:
> (please correct me if I'm incorrect but...)
> if the adversary controls your entry-guard (which is nearly impossible 
> to detect and considered a 'strong' adversary)
> if the adversary controls input to your tunnel (like text in an email, 
> which is easy)
> and, if you do not use end to end encryption,
> Then, the adversary can perform traffic analysis on the exit node, and 
> the adversary can easily discover your true ip.

The mantra statement I've been using since '96 is: Onion routing
protects against traffic analysis not traffic confirmation.  Roughly,
if the adversary controls both ends of the connection (entry and exit
node, entry ISP and exit node, entry node and destination web page, or
any variant of these or similar combinations) they will be able to
pretty trivially confirm by packet counting and timing that a stream
at both ends is linked and "discover your true ip".  If they only
control one of those ends, they cannot do such linking. There are
caveats and subtleties, e.g., website fingerprinting can have some
limited statistical success for Tor circuits if only the entry side is
known. And there are other subtleties.  But it remains rough
approximation of the true picture.


More information about the tor-talk mailing list