Mostly off-topic, but: Tor will also fail to start if it thinks that the system
time/date are dramatically wrong. I've had to set the system date before for
tor to be able to create a circuit at all (though it was wrong by days, not
minutes). So, do people fetch network time before bootstrapping? That's
probably a much worse situation to be in than just looking at a calendar or
asking some bloke what time it is.
But to your point, local system time doesn't/shouldn't impact correlation
attacks at all. Every network hop between the user and destination has a set
system time that is far better to determine sequence. Correlation attacks are
nice on paper, but seem to fall apart quite quickly. Even in a lab environment,
I can't imagine they are easily replicated.
Imagine that you are a global adversary, and someone downloads 1mb of something
bad from x:443. There is basically no chance that the person using tor or i2p
will be found - even less if the tor user changes routes while downloading.
There's simply too much noise for a global passive adversary to make any kind
of realistic correlation to find the downloader. And while the risk increases
with the size of the download, so does the chance that it won't complete during
that 10-minute window (assuming it doesn't fail outright or wasn't already
broken into pieces).
There seems like a slightly larger risk if the downloader is already under
suspicion and assuming they have a monitored connection (no longer passive
surveillance) and that they aren't generating cover traffic (with normal
browsing or porn or Netflix) and if the correct sequence of atypical download
sizes is seen. And even then it might all fall apart if lots of people are
downloading things of that size from that source. (Episode sequences, for
example). Or if the sizes are extremely common. Lots of classified documents
are about 50kb, but that would be virtually impossible to correlate.
Anyway, I don't think correlation attacks in onion routing are much more than
an interesting research problem. With a sufficient number of hops, it's solved.
best,
Griffin
On September 27, 2014 4:04:32 AM EDT, Patrick Schleizer
<patrick-mailingli...@whonix.org> wrote:
>Hi,
>
>you might be interested in this:
>https://twitter.com/ioerror/status/509159304323416064
>
>Why could it be relevant?
>
>Tor Browser (and other applications?) leak the system clock in default
>settings [1]. At the same time, the system clock leaks to ISP level
>observers through TCP sequence numbers. This opens up to "quite simple"
>end-to-end correlation attacks, I think.
>
>Cheers,
>Patrick
>
>[1] https://trac.torproject.org/projects/tor/ticket/3059
>_______________________________________________
>Tails-dev mailing list
>Tails-dev@boum.org
>https://mailman.boum.org/listinfo/tails-dev
>To unsubscribe from this list, send an empty email to
>tails-dev-unsubscr...@boum.org.
--
"Hackers are not rockstars. You know who are rockstars? ROCKSTARS."
~Dan Kaminsky
_______________________________________________
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
tails-dev-unsubscr...@boum.org.
