On Sun, Jun 21, 2015 at 05:27:56AM +0000, n...@cock.li wrote: > grarpamp: > > http://shofarnexus.com/Blog-2015-01-13 > > Under "The hole in TOR": > > If you see a 456 byte message sent from computer A and a moment later > > the same or similar size message arrive at computer B you could draw > > an obvious conclusion. > > But, Tor cells are a fixed-size of 512 bytes: > https://www.torproject.org/docs/faq#CellSize > > Regarding timing attacks: doesn't the "natural" deviation in latency > over the internet, and the size of the tor network, make correlation a > bit more difficult (for short-lived connections at least)?
On a practical level no. In our 2006 results we ran experiments seeing if one could use correlation to find Tor onion services (that we had set up, not other people's) with a single compromised relay on the live network. Matches were trivial to identify and we had zero false positives on many thousands of runs. [0] In 2007, Bauer et al. extended our work to allow owning of multiple relays, which would permit correlation on ordinary destinations (not just onionsites). They generally could identify with a very tiny false positive rate based just on circuit setup, before any application traffic had even been sent. [1] Uniform cell size does reduce the effectiveness of destination fingerprinting. And it's conceivable that with the growth of the network and its use, correlation based on datasets of wholesale network-wide collected timing information could be made nontrivially more expensive. I have suggested to Roger and others for a while now that it would be worth exploring synchronous building of circuits for this reason to see if that is true, and discussed some of the factors for exploration. But as far as I know neither ourselves nor anyone else has found time to do this research. In any case, if one observes entry and exit of a circuit and wants to know if they are correlated, it takes almost no traffic on the connection to do so. This was first described in the mentioned papers, but it has also been born out by several later results as the network and its use have grown. [0] Locating Hidden Servers. Overlier and Syverson available at http://freehaven.net/anonbib/ [1] Low-Resource Routing Attacks Against Tor. Bauer et al. available at http://freehaven.net/anonbib/ aloha, Paul -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk