[tor-talk] End-to-end correlation for fun and profit

Roger Dingledine arma at mit.edu
Tue Aug 21 23:11:07 UTC 2012


On Mon, Aug 20, 2012 at 10:33:29AM +0300, Maxim Kammerer wrote:
> As you can see, sniffing just 25 Class-C networks (or 42 individual
> nodes) lets an adversary correlate ~25% of (non-.onion) circuits.

I think your numbers may not be right (there are a lot of other subtleties
to the calculation), but your point is still generally correct. The Tor
network doesn't have enough diversity relative to an ideal Tor network we
could imagine. Worse, the Internet itself doesn't have as much diversity
as we'd like either.

http://freehaven.net/anonbib/#feamster:wpes2004
http://freehaven.net/anonbib/#DBLP:conf:ccs:EdmanS09
http://freehaven.net/anonbib/#oakland2012-lastor
all examine AS-level path diversity.

See also http://freehaven.net/anonbib/#murdoch-pet2007
for another worrying concern about bottlenecks besides ASes. I also
worry about the bottleneck created by trans-ocean cables.

For more details calculating diversity, see
https://blog.torproject.org/blog/research-problem-measuring-safety-tor-network
https://trac.torproject.org/projects/tor/ticket/6232
https://trac.torproject.org/projects/tor/ticket/6443
https://trac.torproject.org/projects/tor/attachment/ticket/6443/exit-probability-cdf-a.png
https://trac.torproject.org/projects/tor/ticket/6460

Help appreciated on those tickets!

> All of these servers are in US/CA or EU jurisdiction, so even an
> unsophisticated LE operation can issue ~20 wiretapping orders at ISP
> level

Really? Across jurisdictions? And for 'all traffic of those relays'?
I don't want to downplay the risk too far, but I think you overestimate
"unsophisticated law enforcement operations".

> (many of these networks are operated by same hosting providers),
> and immediately deanonymize ~25% of Tor traffic. So far for anonymity!

Well, do you have an alternative design that scales adequately to 6 or
7 figures of users, provides roughly-real-time browsing and other TCP
connections, works on the Internet that we have, and has better traffic
confirmation resistance?

Or said another way, how well do other usable low-latency anonymity
systems hold up to ongoing wiretaps at 25 arbitrary network locations? I
believe the answer is 'mostly less well than Tor'.

tagnaq pointed to my response to a similar question on the tor-relays
list:
https://lists.torproject.org/pipermail/tor-relays/2012-July/001436.html
talking about the tradeoff between "make it faster but more concentrated"
vs "make it less fast but less concentrated".
https://metrics.torproject.org/performance.html?graph=torperf&start=2009-06-01&end=2012-08-21&filesize=1mb#torperf

It would be interesting to see your stats on as AS level rather than
a /24 netblock level. But the challenge really is that we need to know
what networks the traffic flows traverse upstream -- e.g. how pervasive
a surveiller of Tor traffic could Deutsch Telekom be? This topic goes
back to my earlier blog post:
https://blog.torproject.org/blog/research-problem-measuring-safety-tor-network

I think we still do a pretty good job explaining the risks and limitations
of using a system like Tor, e.g. in each Tor talk.

Tor used to print a warning message on start, to explain that it isn't
perfect. But a) no Windows users saw it, and b) it backfired in surprising
ways, like having journalists write "Tor recommends that you use something
else for now, since they're not ready yet":
https://trac.torproject.org/projects/tor/ticket/2474

> [1] http://pastebin.com/hgtXMSyx

Thanks for presenting the code too!

--Roger



More information about the tor-talk mailing list