[tor-talk] New paper : Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries

Paul Syverson paul.syverson at nrl.navy.mil
Thu Oct 17 10:56:41 UTC 2013

On Thu, Oct 17, 2013 at 10:46:57AM +0200, Andreas Krey wrote:
> On Wed, 16 Oct 2013 19:42:41 +0000, Joe Btfsplk wrote:
> ...
> > One thing jumps out, Tor doesn't know for sure who's running Guard or 
> > exit nodes - & can't unless they start doing (regular, repeated) 
> > extensive personal interviews, background checks, giving polygraph 
> > tests, injecting sodium pentathol  to those wanting to run nodes.
> I think you slightly disregard who is actually interested in a
> trustworthy tor network. What you describe makes the tor operators
> a cabal, and the problem is that the ones who actually want to
> trust tor (the users) are outside that.
> Besides, many attacks don't require to *run* the nodes, just to
> monitor its traffic. And a TLA can do that without the honest
> operator even suspecting.

Actually the work we did on this paper was as part of a larger program
that has been our primary focus for the last several years: how can
you secure communication over Tor against an adversary that can, e.g.,
own 30% of the nodes (or big chunk of guard and exit bandwidth) or
large parts of the AS or other underlying network infrastructure.  

Our candidate is to leverage trust diversity in different parts of the
network (e.g. trust based on who is running nodes on what hardware and
what OS from what physical and network location, etc.) But this is
tricky. One can't just use the most trusted parts of the network
because this will probably indicate that this is statistically more
likely to be communication from/to people that trust this part of the
network. You need to get away from the idea of a single set of trust
values for all users for the whole network.  Different kinds of people
will have different adversaries, which is just one factor to the
diversity of trust. We've already got a few publications on this "More
Anonymous Onion Routing Through Trust" by myself and Aaron Johnson and
"Trust-based Anonymous Communication: Adversary Models and Routing
Algorithms" by the two of us, plus Roger Dingledine and Nick
Mathewson. You can find both on my homepage (syverson.org)

The current paper under discussion came from the realization that we
needed to have a much better handle on network models, tools and
appropriate adversary models for the existing Tor network and usage in
order to properly incorporate trust into routing for improved future


More information about the tor-talk mailing list