---------- Forwarded message ----------
From: Steven Murdoch
Date: May 28, 2007 3:00 AM
Subject: Sampled Traffic Analysis by Internet-Exchange-Level Adversaries
To: or-talk@freehaven.net
Some of you might remember my email to this list in February, where I
asked for help from operators of Tor nodes in the UK [1]. This was for
an experiment to establish how diverse the topology of the Tor network
is -- an important component of how secure it is against traffic
analysis. Thanks to all those who responded to my request; I had a
great response and very interesting results.
I've now finished the draft version of the resulting paper, which is
to be presented at the PET Workshop (Ottawa, Canada, June 20--22 2007)
[2]. The latest version of the paper can be found at this URL:
http://www.cl.cam.ac.uk/~sjm217/papers/pet07ixanalysis.pdf
There is also an introduction to the area, and a summary of the paper
on my research group's blog "Light Blue Touchpaper":
http://www.lightbluetouchpaper.org/?p=212
My paper, co-authored with Piotr Zielinksi, is a follow-up to Nick
Feamster and Roger Dingledine's paper, "Location Diversity in
Anonymity Networks" [3]. In it, they point out that bouncing anonymity
network traffic around lots of countries might not be as good as it
seems because there are a small number of ISPs which show up on many
of the links to, from and between Tor nodes.
What our paper explores is that even if you deal with this problem,
and choose paths with a diverse collection of ISPs, there are still
Internet exchanges on many of the paths. These do not appear in the
BGP data that Feamster and Dingledine use, which is why I had to
resort to a more limited-scale traceroute-based study.
So not only are Internet Exchanges good places to put traffic analysis
equipment, but some (including LINX [4] and AMS-IX [5]) collect the
necessary data anyway, for performance measurement purposes. They only
record the headers of one in every few thousand packets, but our paper
also shows that, even with such low-quality data, traffic analysis
still works.
There's certainly no reason to panic about these results, as there is
still much more work to be done in this area. For example, the picture
in the US, where Internet exchanges are less popular, will likely be
different. I do hope that the paper will encourage future work on both
establishing more accurate estimates of attack costs and developing
defences.
Thanks,
Steven.
[1] http://archives.seul.org/or/talk/Feb-2007/msg00138.html
[2] http://petworkshop.org/2007/
[3] http://freehaven.net/doc/routing-zones/routing-zones.ps
[4] http://www.linx.net/
[5] http://www.ams-ix.net/
--
w: http://www.cl.cam.ac.uk/users/sjm217/
[demime 1.01d removed an attachment of type application/pgp-signature]
