Re: a serious TOR adversary?
On Wed, May 21, 2008 at 05:47:41PM -0500, Eugene Y. Vasserman wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Thus spake Bernardo Bacic, on 5/21/08 6:45 AM: > | This link http://web.crypto.cs.sunysb.edu/spday/ contains a summary > | description of a possible TOR threat. > | > | Does anyone have more details? opinions? > | > | > | (apologies if this has been discussed before, i read the list only as > | much as time permits) > > "Although timing-based attacks have been demonstrated against > non-timing-preserving anonymity networks, they have depended either on a > global passive adversary or on the compromise of a substantial number of > Tor nodes." > > Incorrect: Steven J. Murdoch. "Hot or Not: Revealing Hidden Services by > their Clock Skew"; Nicholas Hopper, Eugene Y. Vasserman, and Eric > Chan-Tin. "How much anonymity does network latency leak?". > (Full disclosure: I'm one of the authors of the second paper). See also Locating Hidden Servers by Lasse O/velier and Paul Syverson, which motivated Tor's guard node design. yrs -- Nick
Re: a serious TOR adversary?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Eugene Y. Vasserman wrote: (snip) > "Furthermore, we show that a well-provisioned adversary, using a > topological map of the network, can trace-back the path of an anonymous > user in under 20 minutes." > > Most Tor circuits only live a maximum of 10 minutes, no? I never figured > out just how much of hard limit this is. Can an application ask to keep > the circuit longer? Can someone in the know clue me in? > > Eugene > If I remember right, a circuit will accept new streams (usually meaning new connections to servers) for a maximum of 10 minutes. However, once a connection has been established, the circuit it's using will remain open until: 1.) The application closes the connection (if it reconnects, it'll use a new circuit); 2.) The circuit "dies," like from a node or a link going down. - -- F. Fox AAS, CompTIA A+/Network+/Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSDS2Kuj8TXmm2ggwAQju9BAAv1O/LxqT2YRDm++U/CpQtAtD0Qj5Cij4 zGAr6q3jsqkT6ntj6a970k/aVhcgo2R0+lc7/UPqDGcPQhy4Z1FTUjyDE2cmnQzM 50fMQS5dps+g2kmVMRz6mYufcdlkhcgFfZnceyoNE7WQjvGRTPYYZO6KoVaKRPox grerSE7huGOpkYcL2aBWl4PP8+4+Eb1dF5Sz+4GfCuJLj+rYNyyNmvKf1mt3jxvE IWUZ28dJtGrDe0nyTjGBZ/cTkHyrgEZqYe3b5LGBmMr57ONvSi3f40YCJrL/FKj3 P2QHU665uhgN+z5u6ijd9UkohYXxoGnYDrO9Px9I3CXWsgaI9zaJBG4SFMp70e6T eAPA9Dxkp9IY3U+tbjitaAu84Xg4lFE5/i9H1nxQe4UPSoyRFNxDNfCsYobml6ex nJ+SurnrKTuqivLRPSG5rdRIrj9ENabXpl+OwoEwm6LA3z23bQf4M+IHgW99BaR0 1Jpnndse+2DtYVMA6jjXnqkLLuZso+Bffp3v8XcVYJq0axN3u2isxgh/UR6sYo8A hQSdkdA2ioLgvaC+6x5OfSdmmEWq5kl3y9oDRdfljqCESngKZ8S1zYIbebhyZC8q oti6inatBBx/x8Jxn0hOhWdtWywSRdbdMrpG6IEULT1tmsSP+QlL9P7eNDfKR2yJ 0tmJ2W5wNuM= =76Q3 -END PGP SIGNATURE-
Re: a serious TOR adversary?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thus spake Bernardo Bacic, on 5/21/08 6:45 AM: | This link http://web.crypto.cs.sunysb.edu/spday/ contains a summary | description of a possible TOR threat. | | Does anyone have more details? opinions? | | | (apologies if this has been discussed before, i read the list only as | much as time permits) "Although timing-based attacks have been demonstrated against non-timing-preserving anonymity networks, they have depended either on a global passive adversary or on the compromise of a substantial number of Tor nodes." Incorrect: Steven J. Murdoch. "Hot or Not: Revealing Hidden Services by their Clock Skew"; Nicholas Hopper, Eugene Y. Vasserman, and Eric Chan-Tin. "How much anonymity does network latency leak?". (Full disclosure: I'm one of the authors of the second paper). "Furthermore, we show that a well-provisioned adversary, using a topological map of the network, can trace-back the path of an anonymous user in under 20 minutes." Most Tor circuits only live a maximum of 10 minutes, no? I never figured out just how much of hard limit this is. Can an application ask to keep the circuit longer? Can someone in the know clue me in? Eugene - -- Eugene Y. Vasserman Ph.D. Candidate, University of Minnesota http://www.cs.umn.edu/~eyv/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iFcDBQFINKaNb9W6r3tKSVIRCM/tAQCRNkxdA6p11nA1l8m0ttai5hy/pGSVskEw wo+gU3YLZQD/SwAFV3st15ef8sSMzVo6DzvreorCchgioceDewg/7Yo= =mzDl -END PGP SIGNATURE-
Re: a serious TOR adversary?
On Wed, May 21, 2008 at 09:45:41PM +1000, [EMAIL PROTECTED] wrote 0.2K bytes in 8 lines about: : This link http://web.crypto.cs.sunysb.edu/spday/ contains a summary : description of a possible TOR threat. : : Does anyone have more details? opinions? A published paper on the topic would be a great first step in order to understand the attack. -- Andrew
Re: a serious TOR adversary?
Bernardo Bacic wrote: > This link http://web.crypto.cs.sunysb.edu/spday/ contains a summary > description of a possible TOR threat. > > Does anyone have more details? opinions? > > > (apologies if this has been discussed before, i read the list only as > much as time permits) This appears to be a variation on the work by Bauer et al. at U. [EMAIL PROTECTED] in which they exploit the tension between anonymity and low latency. Basically, an adversary that is able to watch traffic on a certain percentage of entrance and exit nodes can correlated connections in and out of the tor-cloud (based on the timing) and deduce the source, thus compromising anonymity. It reminds us that " This is experimental software. Do not rely on it for strong anonymity." See http://www.cs.colorado.edu/department/publications/reports/docs/CU-CS-1025-07.pdf
a serious TOR adversary?
This link http://web.crypto.cs.sunysb.edu/spday/ contains a summary description of a possible TOR threat. Does anyone have more details? opinions? (apologies if this has been discussed before, i read the list only as much as time permits)