[tor-talk] Matryoshka: Are TOR holes intentional?
Roger Dingledine
arma at mit.edu
Thu Jun 18 04:51:08 UTC 2015
On Thu, Jun 18, 2015 at 12:02:45AM -0400, grarpamp wrote:
> We also need to take a serious look at TOR, and
> without emotional bias, consider if a serious flaw was designed in.
"Traffic analysis is the first hole plugged by Matryoshka, but ignored
by TOR."
I couldn't figure out how to actually fetch this "Matryoshka" software,
but it sure looks like another case of somebody not understanding the
research field, and thinking that solving the traffic confirmation
attack is easy, without actually thinking through the engineering side,
the scaling side, or the statistics side.
For background see e.g.
http://freehaven.net/anonbib/#danezis:pet2004
It makes sense that if you think solving the problem is easy, you
wonder why Tor hasn't solved it.
But even full scale padding, ignoring the practical side of how to get a
Tor network that can afford to waste so much bandwidth, doesn't provide
protection in the face of active attacks where you induce a gap on one
side and then observe the gap on the other side. And it might even be
the case that these gaps happen naturally by themselves, due to network
congestion and so on, so maybe passive observers will be winners even
against a design that does full padding.
Also, to make it really work in practice, all users are going to need
to pad not just while fetching their web page or iso or whatever, but
sufficiently before and after that too, else an attacker can match up
start times and end times:
http://freehaven.net/anonbib/#murdoch-pet2007
This is a great area for further research:
http://freehaven.net/anonbib/#ShWa-Timing06
http://freehaven.net/anonbib/#active-pet2010
tl;dr the whole premise of this person's blog post is flawed, since
their design likely does not work as they think it does.
--Roger
More information about the tor-talk
mailing list