[tor-talk] Hidden services home hosting

adrelanos adrelanos at riseup.net
Mon Nov 12 14:58:00 UTC 2012 

HardKor:
> Hello,
> 
> Let's say Alice is a political opponent in a repressive regime. Alice hosts
> his blog as a tor hidden service hosted at home.
> 
> The government knows about the blog and monitor it. It also monitor the
> internet at a nation scale.
> 
> Case 1 : the government dosen't suspect any individual of being behind the
> blog
> 
> At 3 AM, the government start periodic flooding  the hidden service, with
> an unique pattern (e.g. flood 5  minutes, wait 6 minutes, flood 13 minutes,
> wait 2 minutes, flood 7 minutes ect.).
> 
> The government should be abe to get a very short list of suspects from a
> bandwidth usage analysis. Go to case 2.

This is very similar to case 2 and (somewhat?) similar to end to end
correlation attack. Tor does not defend against such things by design.

http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg00022.html

"I haven't given up hope on end-to-end correlation resistance for
low-latency flow-based designs like Tor (but papers like [4] don't make me
optimistic for a quick fix). It's hard to see how we could end up with a
large enough and diverse enough population of Mixminion users to let it
fulfill its potential. Stay tuned to PETS [5] and related conferences,
but be patient."

Right now there are no low latency networks (like Tor) defending against
this attack. Not even theoretically. Mixminion (high latency) could
theoretically defeat it. Practically not due to unsolvable usability
issues noted in the mail linked above.

Is in my opinion also an open research question:
https://trac.torproject.org/projects/tor/ticket/6473

> Case 2 : Alice is on a short list of suspects.
> 
> The government cut the Alice's internet access (or the electricity or her
> house) and see what happen with the hidden service.
> 
> Looks easy no ?

Easy, yes.

https://blog.torproject.org/blog/one-cell-enough

http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg00022.html

"The way we generally explain it is that Tor tries to protect against
traffic analysis, where an attacker tries to learn whom to investigate,
but Tor can't protect against traffic confirmation (also known as
end-to-end correlation), where an attacker tries to confirm a hypothesis
by monitoring the right locations in the network and then doing the math."

> Any way for Alice to mitigate such attacks ?

Without workarounds: no one has come up with end to end correlation
attack defenses.

Workarounds: already mentioned by tom.

> Two nodes hosting the same .onion in diffrent locations ?
> Something else ?

More information about the tor-talk mailing list