[tor-talk] Traffic shaping attack
o.wendel at wp.pl
Fri Mar 18 23:48:04 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Let's assume that a global adversary sets up (or seizes) a hidden service
with illegal content and wants to deanonymize users who download this
content from this service.
Users are educated, use only trusted, newest software and have all plugins
We all know about traffic correlation attacks. But let's take it further.
Let's set up a service in a way that it will modulate the traffic, so the
download would look like:
Few seconds - maximum traffic speed
Few seconds - download completely stopped
Few seconds - again, maximum traffic speed
Few seconds - again, download completely stopped
Then, we monitor traffic flowing into various entry nodes (remember we're
a global adversary, having direct access to infrastructure around the
globe) and spot the traffic that matches our pattern.
Traffic fluctuations are normal and common, but fixed sequence of
interrupts in proper times is absolutely unique.
Seems possible? Seems probable?
Oskar Wendel, o.wendel at wp.pl.REMOVE.THIS
Fingerprint: C8C4 B75C BB72 36FB 94B4 925C 6690 CC52 318D B84C
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the tor-talk