On Wed, Jan 15, 2014 at 7:16 PM, Jim Rucker <mrjim...@gmail.com> wrote: > [snip] > > From my understanding (please correct me if I'm wrong) Tor has a weakness in > that if someone can monitor data going into the relays and going out of the > exit nodes then they can defeat the anonymity of tor by correlating the size > and number of packets being sent to relays and comparing those that the > packets leaving the exit nodes. > > Are there any projects in Tor being worked in to combat data correlation? > For instance, relays the send/recv constant data rates continuously - > capping data rates and padding partial or non-packets with random data to > maintain the data rates
What you are referring to is a traffic confirmation attack. It's a deceptively hard problem --- even if the naive strategy of sending data at a constant rate "worked" (for some definition) it would be prohibitively expense in practice. It is also worth reiterating that even if such a countermeasure is in place, it wouldn't conceal that fact that a specific user is connecting to the Tor network. If you are interested in recent academic works on traffic analysis, you should have a look at [1] and [2]. They explore the related setting of website fingerprinting attacks and defenses (including the one you suggest.) -Kevin [1] https://kpdyer.com/publications/oakland2012-peekaboo.pdf [2] http://cacr.uwaterloo.ca/techreports/2013/cacr2013-30.pdf _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
