27C3 on Tor

Roger Dingledine arma at mit.edu
Wed Dec 29 04:45:00 UTC 2010


On Tue, Dec 28, 2010 at 08:51:30PM -0500, Nick Mathewson wrote:
> It would be neat if somebody could send a pointer to the authors'
> actual results.

Based on
http://www-wiwi.uni-regensburg.de/Forschung/Publikationen/Dominik-Herrmann.html.en
I'm guessing they're basing the talk on their CCSW 2009 paper:
http://epub.uni-regensburg.de/11919/

I was a reviewer on that paper. But alas I was in Hong Kong doing a Tor
training so I couldn't attend their presentation last November. It's the
best paper there is on the topic currently, but I feel that the attack
could become much much stronger against Tor than it was in the paper --
that paper's focus on size and frequency of IP packets was what made me
write on the Tor research page:

"The problem with all the previous attack papers is that they look at
timing and counting of IP packets on the wire. But OpenSSL's TLS records,
plus Tor's use of TCP pushback to do rate limiting, means that tracing by
IP packets produces very poor results. The right approach is to realize
that Tor uses OpenSSL, look inside the TLS record at the TLS headers,
and figure out how many 512-byte cells are being sent or received."

As a final note, on my reading list (which alas is growing rather than
shrinking) is
http://freehaven.net/anonbib/#morphing09

--Roger

***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list