[tor-talk] Strong Flow Correlation Attacks on Tor Using Deep Learning

[grarpamp]

On 9/21/18, procmem <procmem at riseup.net> wrote:
> https://arxiv.org/pdf/1808.07285.pdf
>
>>     DeepCorr can correlate Tor connections (and therefore break its anonymity)
>> DeepCorr provides a flow correlation accuracy of 96% compared to 4% by the
>> state-of-the-art system of RAPTOR using the same exact setting.
>>
>>     We hope that our work demonstrates the escalating threat of flow
>> correlation attacks on [overlay networks] given recent advances in
>> learning algorithms,

> The two main suggested countermeasures are

> padding, [ie: tor may be working on this]

Tor has some work towards added padding, but it might be insufficient
against GPA's and GAA's on the wire, which are ultimately the
more general form of these analysis.

And it might not be network wide yet,
nor regulated, accounted for under negotiated parameters, depeered
upon unexpected behaviour, saturated, reclocked, jittered, etc.

Sprinkling a little noise around might not hide the greater
elephant crashing about the room that is your traffic.

Today, if an analyst can pick any node, and characterize / learn / AI
its traffic, even generate and be its traffic... all they have to do to
discover the other end is to search any other node with the same
parameters in their traffic DB. That's doable, and fatal.

The only defense seems to be having random / rigorous traffic
that users ride within, and are mutually interested in maintaining
and enforcing that traffic layer for their own defense, accepting
that they'll need to supply and dedicate a portion of their network
link to it, etc.

> AS-aware path selection.

This seems more suited to somewhat reducing ease / odds
of analysis by Sybil, aka: Trust in Nodes, Good:Bad Node
Ratio / Odds, etc.

Both GPA / GAA and Sybil can use similar analysis and attacks,
as well as their own unique ones.

However, if Sybil has knowledge and access to internal layers,
which is the case with most networks that try to be more
smart / efficient than broadcast, Node Trust won't likely be solved
by inband solutions like GPA / GAA above might, you'll have to
jump out to human solutions for that... Know Your Nodes...

... who and hardware, where physically / logically including jurisdiction,
funding, OS, public inspection verification, subscriptions to node sets
that meet whatever desired parameters, or exclude / include unknowns,
realworld P2P PKI structures, anal probing, etc.

For example, while a 1000 node, just download launch and play,
network might easily be secured against external traffic analysis,
it would miserably fail at Sybil resistance without Know Your Nodes.

There's also combination of Know Your Nodes with node count odds,
or just node count odds alone, such that adversaries deployment count
of Sybil costs so much that they can't reach but say 10-100 per 100M users.

Regarding those concepts of protection from Sybil, no network today
comes anywhere close to KYN or, and or with, those node count odds.


>> calling for the timely deployment of effective countermeasures by the Tor
>> community.

The *entire space* of Overlay / Messaging / P2P networks needs
to seriously consider anew the conceivable and operational correlation,
timing, statistical, etc attacks up to and including complete GPA
analysis, even GAA and Sybil, being deployed by Agencies and
Entities against them. And the space needs to make clear to
[prospective] end users what classes of attacks they're aware of,
and what they're claiming to mitigate or not. In part because, unlike
being just those in the space before, post-Snowden, a world's worth
of average users are becoming more aware and seeking solutions.
And older tech and thinking that doesn't really address today needs
cannibalized to allow for new efforts.

We're not in 1999 with CARNIVORE and Napster P2P anymore.
We're in 2025 with the All Seeing All Acting Eye...
and without much in the way of networks going toe to toe with that.
Those have yet to be created and widely deployed... happy hacking :)