---------- Forwarded message ---------- From: Steven Murdoch <tortalk+Steven.Murdoch@cl.cam.ac.uk> Date: May 28, 2007 3:00 AM Subject: Sampled Traffic Analysis by Internet-Exchange-Level Adversaries To: or-talk@freehaven.net Some of you might remember my email to this list in February, where I asked for help from operators of Tor nodes in the UK [1]. This was for an experiment to establish how diverse the topology of the Tor network is -- an important component of how secure it is against traffic analysis. Thanks to all those who responded to my request; I had a great response and very interesting results. I've now finished the draft version of the resulting paper, which is to be presented at the PET Workshop (Ottawa, Canada, June 20--22 2007) [2]. The latest version of the paper can be found at this URL: http://www.cl.cam.ac.uk/~sjm217/papers/pet07ixanalysis.pdf There is also an introduction to the area, and a summary of the paper on my research group's blog "Light Blue Touchpaper": http://www.lightbluetouchpaper.org/?p=212 My paper, co-authored with Piotr Zielinksi, is a follow-up to Nick Feamster and Roger Dingledine's paper, "Location Diversity in Anonymity Networks" [3]. In it, they point out that bouncing anonymity network traffic around lots of countries might not be as good as it seems because there are a small number of ISPs which show up on many of the links to, from and between Tor nodes. What our paper explores is that even if you deal with this problem, and choose paths with a diverse collection of ISPs, there are still Internet exchanges on many of the paths. These do not appear in the BGP data that Feamster and Dingledine use, which is why I had to resort to a more limited-scale traceroute-based study. So not only are Internet Exchanges good places to put traffic analysis equipment, but some (including LINX [4] and AMS-IX [5]) collect the necessary data anyway, for performance measurement purposes. They only record the headers of one in every few thousand packets, but our paper also shows that, even with such low-quality data, traffic analysis still works. There's certainly no reason to panic about these results, as there is still much more work to be done in this area. For example, the picture in the US, where Internet exchanges are less popular, will likely be different. I do hope that the paper will encourage future work on both establishing more accurate estimates of attack costs and developing defences. Thanks, Steven. [1] http://archives.seul.org/or/talk/Feb-2007/msg00138.html [2] http://petworkshop.org/2007/ [3] http://freehaven.net/doc/routing-zones/routing-zones.ps [4] http://www.linx.net/ [5] http://www.ams-ix.net/ -- w: http://www.cl.cam.ac.uk/users/sjm217/ [demime 1.01d removed an attachment of type application/pgp-signature]