Strong Flow Correlation Attacks on Tor Using Deep Learning
On 9/21/18, procmem <procmem@riseup.net> wrote:
https://arxiv.org/pdf/1808.07285.pdf
DeepCorr can correlate Tor connections (and therefore break its anonymity) DeepCorr provides a flow correlation accuracy of 96% compared to 4% by the state-of-the-art system of RAPTOR using the same exact setting.
We hope that our work demonstrates the escalating threat of flow correlation attacks on [overlay networks] given recent advances in learning algorithms,
The two main suggested countermeasures are
padding, [ie: tor may be working on this]
Tor has some work towards added padding, but it might be insufficient against GPA's and GAA's on the wire, which are ultimately the more general form of these analysis. And it might not be network wide yet, nor regulated, accounted for under negotiated parameters, depeered upon unexpected behaviour, saturated, reclocked, jittered, etc. Sprinkling a little noise around might not hide the greater elephant crashing about the room that is your traffic. Today, if an analyst can pick any node, and characterize / learn / AI its traffic, even generate and be its traffic... all they have to do to discover the other end is to search any other node with the same parameters in their traffic DB. That's doable, and fatal. The only defense seems to be having random / rigorous traffic that users ride within, and are mutually interested in maintaining and enforcing that traffic layer for their own defense, accepting that they'll need to supply and dedicate a portion of their network link to it, etc.
AS-aware path selection.
This seems more suited to somewhat reducing ease / odds of analysis by Sybil, aka: Trust in Nodes, Good:Bad Node Ratio / Odds, etc. Both GPA / GAA and Sybil can use similar analysis and attacks, as well as their own unique ones. However, if Sybil has knowledge and access to internal layers, which is the case with most networks that try to be more smart / efficient than broadcast, Node Trust won't likely be solved by inband solutions like GPA / GAA above might, you'll have to jump out to human solutions for that... Know Your Nodes... ... who and hardware, where physically / logically including jurisdiction, funding, OS, public inspection verification, subscriptions to node sets that meet whatever desired parameters, or exclude / include unknowns, realworld P2P PKI structures, anal probing, etc. For example, while a 1000 node, just download launch and play, network might easily be secured against external traffic analysis, it would miserably fail at Sybil resistance without Know Your Nodes. There's also combination of Know Your Nodes with node count odds, or just node count odds alone, such that adversaries deployment count of Sybil costs so much that they can't reach but say 10-100 per 100M users. Regarding those concepts of protection from Sybil, no network today comes anywhere close to KYN or, and or with, those node count odds.
calling for the timely deployment of effective countermeasures by the Tor community.
The *entire space* of Overlay / Messaging / P2P networks needs to seriously consider anew the conceivable and operational correlation, timing, statistical, etc attacks up to and including complete GPA analysis, even GAA and Sybil, being deployed by Agencies and Entities against them. And the space needs to make clear to [prospective] end users what classes of attacks they're aware of, and what they're claiming to mitigate or not. In part because, unlike being just those in the space before, post-Snowden, a world's worth of average users are becoming more aware and seeking solutions. And older tech and thinking that doesn't really address today needs cannibalized to allow for new efforts. We're not in 1999 with CARNIVORE and Napster P2P anymore. We're in 2025 with the All Seeing All Acting Eye... and without much in the way of networks going toe to toe with that. Those have yet to be created and widely deployed... happy hacking :)
participants (1)
-
grarpamp