[tor-talk] Traffic shaping attack

Oskar Wendel o.wendel at wp.pl
Fri Mar 18 23:48:04 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Let's assume that a global adversary sets up (or seizes) a hidden service 
with illegal content and wants to deanonymize users who download this 
content from this service.

Users are educated, use only trusted, newest software and have all plugins 
disabled.

We all know about traffic correlation attacks. But let's take it further.

Let's set up a service in a way that it will modulate the traffic, so the 
download would look like:

Few seconds - maximum traffic speed
Few seconds - download completely stopped
Few seconds - again, maximum traffic speed
Few seconds - again, download completely stopped

Then, we monitor traffic flowing into various entry nodes (remember we're 
a global adversary, having direct access to infrastructure around the 
globe) and spot the traffic that matches our pattern.

Traffic fluctuations are normal and common, but fixed sequence of 
interrupts in proper times is absolutely unique.

Seems possible? Seems probable?

- -- 
Oskar Wendel, o.wendel at wp.pl.REMOVE.THIS
Pubkey: https://pgp.mit.edu/pks/lookup?search=0x6690CC52318DB84C
Fingerprint: C8C4 B75C BB72 36FB 94B4 925C 6690 CC52 318D B84C
-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJW7JOxAAoJEGaQzFIxjbhMOKwIALCNpacHME11xF7o3CycaYHv
+agBNRmhmsSWlwb5gMs/IIUEOINYD2j5MfK1/SsfKcTqa6UQZsEtwvMRqGbJWO77
hMRaZ3fLSMrvB8fWUSWDTG40rViqNNd5e+hC+aCVpI6FAbHBXmZbIPIgrRo6BXWj
AhHb19IvHokYKnDnV02W0UDD6pCXRztEiEDB3cUVzj/MAnPizufxa/lHNH1QsW+C
z8ZoifT7Sn6fNDi7qA9B76XcQPbQdQHz+mK8QutgRB9IhN98LAfAzoNM1cUmYLbJ
JiO9Hgf6aliwsevX4kDSCGxuhd5nXKw2+VdpjZzIkMzxOY6a7St/CUYSdWrKIQI=
=XlNO
-----END PGP SIGNATURE-----



More information about the tor-talk mailing list