[tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity

Mark McCarron mark.mccarron at live.co.uk
Tue Jul 1 19:31:00 UTC 2014 

Paul,

I was doing anonymous  socks proxy chaining long before Tor was around, so I am well versed in the issues.  I agree that it has been stated from the very outset that Tor was vulnerable to a global view.  With respect to hidden services, the key problem is that hidden services' and end user's traffic whilst encrypted can be correlated.  Thus, discovering the location of a hidden service becomes rather trivial as well as discovering an end user.  

My main issue is that you guys know this.  Not only that, but you are well aware that this global view exists thanks to Snowden.  Further, it would have been incredibly stupid not to assume that intelligence agencies with billion dollar budgets, very little ethics and Internal security agreements (i.e NATO, UN, etc) would have such an infrastructure.  You need to see the networks in these nations not as being independent, but an interwoven system that all reports back to the US.

Eliminating this correlation attack is trivial.  The attack is dependent on having visibility at both ends.  One at the users end (perhaps ISP) and one near the hidden service (perhaps exchange).  It doesn't take much to match these two together (like multiple nations sharing intelligence data).  One simple attack is just to flood the hidden service with connections and note where traffic spikes.

So, the simple solution is to distribute hidden services within Tor, so that class of attack will fail.  There are no servers in a data center to expose because it is everywhere and no one can tell, just by examining the flow of encrypted packets, who was looking at what.

Now, I know there are a wide range of additional methods to expose users and the majority are beyond your direct control, but this type of attack is something within your control.

I hope you can see where the suspicion arises that this is a deliberate weakness and that being funded by the US military does not inspire confidence that your claims of ignorance are any more than US government propaganda.  Especially, when key aspects of your reply are little more than Fud.

Regards,

Mark McCarron

> Date: Tue, 1 Jul 2014 14:36:08 -0400
> From: paul.syverson at nrl.navy.mil
> To: tor-talk at lists.torproject.org
> Subject: Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
> 
> On Tue, Jul 01, 2014 at 06:32:27PM +0100, Mark McCarron wrote:
> > Alex,
> > 
> > You must be living in a fantasy land.  The problem still remains,
> > Tor is vulnerable to a global view and that global view exists
> > according to Snowden.  Further, it would appear that Tor was
> > designed to fit into that global view and provide US intelligence
> > with the locations of both users and hidden services, whilst
> > pretending to provide anonymity.
> > 
> > I don't see anyone denying it.  Do you?
> > 
> 
> As with most of this discussion, many of your statements have been
> vague and provocative.  Not sure which of the three, or possibly for
> things asserted above are the "it" that you don't see anyone
> denying. I'll take yet another stab.
> 
> Yes Tor is vulnerable (for some but not all appropriate understandings
> of "vulnerable") to global observers (for some but not all appropriate
> understandings of "global"). This has been a documented and analyzed
> aspect to onion routing since before we designed
> Tor. Cf. e.g. "Towards an Analysis of Onion Routing Security" from
> 2000. As to the extent and nature of global observers that Tor is and
> is not vulnerable to cf. e.g. "Users Get Routed: Traffic Correlation
> on Tor by Realistic Adversaries" 2013. Nobody's denying it because
> everyone has been stating over and over to you the quantified specific
> ways in which it is true and ways in which it is not. There's plenty
> more work to be done in this space, and I hope others will make
> helpful contributions to it.
> 
> You have elsewhere in this thread noted that resistance to traffic
> confirmation is not rocket science. I would agree that it's not merely
> rocket science; it's much harder. (OK that's probably not fair to
> rocket science, but there is no indication that it's any easier
> despite your repeated unsubstantiated allegations to the contrary.)
> People have already alluded to DISSENT, which is a great approach and
> accomplishment that makes things stronger in some ways but weaker in
> others.  Another attempt to improve resistance to traffic confirmation
> including active attackers is described in "Preventing Active Timing
> Attacks in Low-Latency Anonymous Communication" 2010.
> 
> People have denied over and over your allegations that Tor was somehow
> designed to be intentionally vulnerable in some way. They have already
> cited various aspects to the openness of the design, the extensive
> scientific scrutiny to which it has been subject, etc. as evidence of
> this. It's hard to imagine what would satisfy you at this point but
> perhaps this will help: I designed Tor with Roger and Nick. At all
> times we designed it to be as secure as we could given usability,
> performance, and other practicality goals (which are themselves
> security goals we considered, as has also been widely documented). At
> no point did we intentionally do anything to make the design less
> secure than we could think how to do while still making it as usable
> and practical as possible. Nor did anyone ask any of us to do so, as
> far as I know. My opinion (subject to reasoned _scientific_ debate)
> about why the Tor design is more secure for practical attacks than
> those designed to be putatively more secure against a widescale
> attacker (such as those mentioned above) is sketched in "Why I'm not
> an entropist" 2009. That paper could use some updating and expansion,
> but the basic points hold up I believe.
> 
> > Its been 6 days already.
> 
> People have day jobs trying to design, build, and analyze systems to
> protect people. I often take way longer than that to respond to
> substantive well-reasoned questions, as do many people with jobs
> and/or lives. Such people also typically expect response times
> proportional to the importance, urgency, and reasonableness of the
> questions. To such people I say please do not infer too much to the
> fact that I have responded to all this in a mere 6 days.
> 
> aloha,
> Paul
> 
> > 
> > Regards,
> > 
> > Mark McCarron
> > 
> > > From: fuerschpiu at gmail.com
> > > Date: Tue, 1 Jul 2014 18:39:13 +0200
> > > To: tor-talk at lists.torproject.org
> > > Subject: Re: [tor-talk] Illegal Activity As A Metric of Tor Security and	Anonymity
> > > 
> > > Please Mccarron, 
> > > 
> > > The discussion is dead. You killed it yourself by not adding anything meaningful as far as I have seen. You just repeat yourself again and again as if it's a mantra. You got statistics to back up your claims? Good - show them! 
> > > You got the script you used to track the onions? Awesome! Show it so we can see for ourselves and use it too! 
> > > 
> > > As others pointed out already: give us something to work with, else you can just pack up and troll another list as far as I am concerned. 
> > > 
> > > -- 
> > > tor-talk mailing list - tor-talk at lists.torproject.org
> > > To unsubscribe or change other settings go to
> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >  		 	   		  
> > -- 
> > tor-talk mailing list - tor-talk at lists.torproject.org
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> -- 
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

More information about the tor-talk mailing list