On Mon, May 28, 2007 at 03:36:05AM -0700, coderman wrote:
you state "an assumption that the global passive adversary is unrealistic". is this really true in anonymity research circles?
The convention in anonymity research is to assume a global passive adversary, since then any system shown to be secure under that model is probably secure in the real world. The problem with this approach is it eliminates all practical low-latency designs, hence the weaker threat model adopted by Tor. I do think that a global passive adversary is stronger than the real world situation. For example, such an adversary could read traffic between two computers in my office, which I suspect is outside of the NSA's capabilities, unless I were targeted for special attention. The actual capabilities will probably lie somewhere between the two extremes. Sometimes your connections through Tor will go via enough monitored nodes to be tracked, sometimes they won't. The interesting question is the relative proportion between the two quantities, and how to change it for the better.
i am also curious if you had considered lower layer propinquity of physical paths.
I had thought about that aspect, but given the shortage of space didn't include it. Perhaps I should for the final version. Traceroute gives a more accurate picture of topology the BGP data (in that it shows up IXes), but it is still not "true". For example, it only discovers devices which reduce the IP TTL, and so will not find MPLS links or long-haul layer-2 VLANs. Then, as you point out, it could be that seemingly disparate traffic is going through the same cable-tunnel, if not the same fibre. On Mon, May 28, 2007 at 03:47:22AM -0700, coderman wrote:
one more comment that ties into your mention PCIe bus limitations. previous research on monitoring high speeds links has shown FPGA devices well suited for header and deep packet inspect at line rates up to 10GigE for hundreds of snort style filter rules. this approach scales in a linear fashion.
The point behind that section was to dispel the myth that traffic analysis is easy, because you can just run tcpdump on off-the-shelf hardware. Actually, on high-speed links it requires serious engineering effort to even capture the data, let alone store it. That said, there is demand for such capabilities and given enough hardware it is possible. Thanks, Steven. -- w: http://www.cl.cam.ac.uk/users/sjm217/ ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE