[tor-talk] Tor and HTTPS graphic

The23rd Raccoon the.raccoon23 at gmail.com
Thu Mar 8 06:41:25 UTC 2012


On Thu, Mar 8, 2012 at 1:39 AM, Mansour Moufid <mansourmoufid at gmail.com> wrote:
> On Tue, Mar 6, 2012 at 11:55 PM, The23rd Raccoon
> <the.raccoon23 at gmail.com> wrote:
>> Now bear in mind that I'm just a Raccoon, but some time ago I scrawled
>> a proof out that showed that the correlation accuracy of a "dragnet
>> GPA" goes down in proportion to the square of the number of concurrent
>> users using an anonymization service:
>> http://archives.seul.org/or/dev/Sep-2008/msg00016.html
>
> Are we so sure there are no methods of correlation with zero false
> positive rate [P(C|~M) = 0]?

For passive correlation attacks, I have not seen any in
dumpster-accessible research literature.

For active attacks, there are varying classes that can achieve 0
error. In general, 0-error success depends upon how much information
you are able to encode into the stream, how quickly you are able to do
it, and how reliably you are able to extract it.

In fact, I think the research community's insistence that passive
correlation can always succeed has blinded the tor devs to a very
serious type of active attack that actually will: the crypo-tagging
attack.

The crypto-tagging attack performs an operation on a cell at the entry
to the network that will cause an error upon exit of the network,
*unless* a party at the exit of the network is able to undo it. It
ensures a node will only carry compromised traffic.

In 2009, the devs dismissed a version of the crypto-tagging attack
presented by Xinwen Fu as being equivalent to correlation back when
the "One Cell is Enough to Break Tor's Anonymity" attack came out[1].

They dismissed Fu's comments about false positives by quoting
researchers claiming that a false positive rate of 0.0006 "is just a
nonissue". But if you do the math in my Example 1, a 0.0006 false
positive rate is more than enough to prevent dragnet analysis of a
heavily used network.

In [1], the devs offered to work towards fixing the issue if someone
could show that it was indeed worse than passive correlation. I
believe I have done so. Is there anything that can be done? I'm not
sure at the moment. Probably a conversation for another thread.


[1]. https://blog.torproject.org/blog/one-cell-enough


More information about the tor-talk mailing list