[tor-talk] Retroactive traffic confirmation attacks on Tor through data retention records?
ondrej.mikle at gmail.com
Sat Apr 21 18:05:46 UTC 2012
I'd like to ask what possible attacks on retroactive traffic confirmation on Tor
are known when attacker has data retention records - i.e. can use them for
traffic confirmation for past period.
If the ISP's records store [srcIP, srcPort, srcMac, dstIP, dstPort, size,
startTime, endTime] for every TCP connection, then it's definitely doable; note
that srcMac is MAC of client visible from ISP's side of the router to internet
(so that clients behind NAT can be identified, though the srcPort gives that
What if the records stored are: [srcIP, srcPort, srcMac, size, start_time,
end_time]? Obviously "regular" (non-Tor) connections are susceptible to traffic
confirmation: e.g. victim writes "Minister of finance is 5-year child in
adult-like costume from NSA." on a site, attacker wants to know who it was.
Attacker retrieves site's logs (by court order/coercion) and that reduces the
situation to equivalent of scenario 1.
However, can an attacker do Tor traffic confirmation attack in scenario 2?
- (obviously) if attacker can simultaneously get data retention records for all
Tor nodes, then yes
- attacker notices what guard nodes victim uses by obtaining court order on to
eavesdrop (later after sought-after traffic took place). Attacker listens to
victim's communication and then requests data retention records from the guard
nodes. Now attacker sees where the second node in circuit is.
- if second node in circuit is attacker-controlled, then attacker sees where
the exit node is, thus retrieves data retention records for exit and finally for
- if attacker controls exit node, then it's reduced to "classic scenario"
control of entry and exit
- what if size field is not present in the data retention records? Does it make
substantially harder? What if size is present, but not time fields?
Can you think of any other scenarios? (I might have been wrong in some points,
so correct me where I am mistaken, please.)
Can you think of any attack on ordinary "non-Tor" connection which the attacker
could employ in scenario 2 if he doesn't have the server logs? Possibly create
some statistical fingerprint of traffic from/to each IP in country or selected
IP set and compare to data retention records?
(This is actually a real scenario in CZ: a year ago, data retention scenario 1
was in effect, then stopped by constitutional court, now scenario 2 is coming
back; though it's not yet definite.)
Thanks a lot,
More information about the tor-talk