Anonymity easily thwarted by flooding network with relays?
Andrew Lewman
andrew at torproject.org
Fri Nov 19 03:07:34 UTC 2010
On Thu, 18 Nov 2010 18:19:03 -0800
"Theodore Bagwell" <toruser1 at imap.cc> wrote:
> Some of you may be aware of the paper,"Cyber Crime Scene
> Investigations (C2SI) through Cloud Computing"
> (http://www.cs.uml.edu/~xinwenfu/paper/SPCC10_Fu.pdf) which
> illustrates a feasible method of invalidating the anonymity afforded
> by Tor.
The quick answer is that this is a known active attack, and has been
documented for many years. See the Tor design paper from 2004,
https://svn.torproject.org/svn/projects/design-paper/tor-design.html#sec:attacks.
Specifically,
"Run a hostile OR. In addition to being a local observer, an isolated
hostile node can create circuits through itself, or alter traffic
patterns to affect traffic at other nodes. Nonetheless, a hostile node
must be immediately adjacent to both endpoints to compromise the
anonymity of a circuit. If an adversary can run multiple ORs, and can
persuade the directory servers that those ORs are trustworthy and
independent, then occasionally some user will choose one of those ORs
for the start and another as the end of a circuit. If an adversary
controls m > 1 of N nodes, he can correlate at most ([m/N])2 of the
traffic — although an adversary could still attract a
disproportionately large amount of traffic by running an OR with a
permissive exit policy, or by degrading the reliability of other
routers."
Perhaps Roger, Nick, or Paul have a more in-depth answer.
--
Andrew
pgp 0x31B0974B
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list