[tor-talk] A possible solution to traffic correlation attacks,

notfriendly at riseup.net notfriendly at riseup.net
Sun Jun 5 21:13:41 UTC 2016


On 2016-06-05 14:34, grarpamp wrote:
> On 6/5/16, Not Friendly <notfriendly at riseup.net> wrote:
>> After about an hour of brain storming I may of found a way to stop 
>> traffic
>> correlation attacks. The idea is to add an artificial delay of a few
>> randomized ms (two separate delays, one to the tor exit and another 
>> deal on
>> traffic exiting the network) and add an extra chunk of randomized data 
>> (just
>> a small random amount of KB that never exits the network). It would 
>> make
>> traffic harder to correlate. What are your thoughts on this?
> 
> Doesn't work.
> "never exits" - GPA's don't necessarily need to correlate any internal
> flows. They can look only at the endpoints. The minute you insert
> traffic that lights up some other endpoint, in an otherwise 
> sufficiently
> quiet network, or distinguishable way (bytes / latency [pump], which is
> made even easier for them if they reign over an endpoint), you're done.
> You need fulltime regulated fill traffic, within which, your traffic 
> resides.

So randomizing the times that traffic enters the network and exits the 
network wouldn't work? Like it enters a note and 30 ms after received or 
another random delay couldn't it exit. It would be harder to correlate 
the traffic right?


More information about the tor-talk mailing list