Hello, As the recent (and not so recent) research shows [1, 2], it is quite possible for a low-bandwidth adversary controlling the exit node or destination server to identify all the nodes in a circuit. If the victim is unlucky, the further deanonymization may use a malicious entry node. Otherwise, the attacker can measure the RTT distance between the victim and entry node and benefit from that somehow [3].
One of the obvious methods (of yet unclear efficiency) to mitigate the issue is introducing of high variance random delays at the routers. As I can understand, however, the Developers want to keep net delays low. They have their reasons (the lower the delays, the larger the net and the stronger anonymity). Nevertheless, a user is able to randomly delay her traffic before the first router of a circuit. Does this make any sense? PROS: a. the user tries to decrease the reliability of the attack from [2]; she hopes that there will be more false positives and all the measurements become less significant or take more time. CONS: b. using the attack from [2], the adversary can make a chosen router delay some cells for quite a long time (tens of seconds). Since such delay variances are hardly tolerable, e.g. for web surfing, the user is very limited in her ability to simulate a false positive. c. the user will have an unusual delay pattern, which could suffice for pseudonymity requirements only. [1] Murdoch, Danezis. Low-cost traffic analysis of Tor. [2] Evans, Dingledine, Grothoff. A practical congestion attack on Tor using long paths. [3] Hopper, Vasserman, Chan-Tin. How much anonymity does network latency leak? Thanks in advance. -- http://www.fastmail.fm - A no graphics, no pop-ups email service *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
