From just_a_user@justemail.net Fri Jul 6 02:38:08 2018 From: "Just A. User" To: cypherpunks-legacy@lists.cpunks.org Subject: Timing attacks from a user's point of view Date: Fri, 06 Jul 2018 02:38:08 +0000 Message-ID: <172289262731.3881296.5075124697350812880.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2448853870897762914==" --===============2448853870897762914== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hello, As the recent (and not so recent) research shows [1, 2], it is quite possible for a low-bandwidth adversary controlling the exit node or destination server to identify all the nodes in a circuit. If the victim is unlucky, the further deanonymization may use a malicious entry node. Otherwise, the attacker can measure the RTT distance between the victim and entry node and benefit from that somehow [3]. One of the obvious methods (of yet unclear efficiency) to mitigate the issue is introducing of high variance random delays at the routers. As I can understand, however, the Developers want to keep net delays low. They have their reasons (the lower the delays, the larger the net and the stronger anonymity). Nevertheless, a user is able to randomly delay her traffic before the first router of a circuit. Does this make any sense? PROS: a. the user tries to decrease the reliability of the attack from [2]; she hopes that there will be more false positives and all the measurements become less significant or take more time. CONS: b. using the attack from [2], the adversary can make a chosen router delay some cells for quite a long time (tens of seconds). Since such delay variances are hardly tolerable, e.g. for web surfing, the user is very limited in her ability to simulate a false positive. c. the user will have an unusual delay pattern, which could suffice for pseudonymity requirements only. [1] Murdoch, Danezis. Low-cost traffic analysis of Tor. [2] Evans, Dingledine, Grothoff. A practical congestion attack on Tor using long paths. [3] Hopper, Vasserman, Chan-Tin. How much anonymity does network latency leak? Thanks in advance. -- http://www.fastmail.fm - A no graphics, no pop-ups email service *********************************************************************** To unsubscribe, send an e-mail to majordomo(a)torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --===============2448853870897762914==--