ATTN: MiTH attack against SkyPE, defeates "Findnot.com"

Anothony Georgeo anogeorgeo at yahoo.com
Tue May 16 07:42:58 PDT 2006


Hello,

Here is a quoted section from an article about the US
FBI and the next generation of "Carnivore" which will
focus on VoIP.

The qutoed section deals with a MiTH attack (I think)
that has been discussed here before.  The attacker
adds a packet timing delay and invisable 'tag' to
packets of the P2P VoIP software "SkyPE".

This MiTH attack defeated the anonymity offered by
http://www.findnot.com and as such everyone should
concider all other web-based, single-hop and weak [eg.
non-Tor ;-) ] anonymizing services to be broken.

I don't think this MiTH attack can effect the Tor
network but I'm not sure.  I think Tor's DH key
authentication of nodes and TLS tunnels precludes this
attack but I'm not positive.

Can an Onion Route II/Tor expert offer assurance this
MiTH attack does not effect Tor?

-Quoted section-
http://news.com.com/Feds+fund+VoIP+tapping+research/2100-7348_3-5825932.html?
part=rss&tag=5825932&subj=news

The FBI or any other government agency that's
eavesdropping on both ends of the link would see that
each person was connected to the anonymizing
server--but couldn't know for sure who was talking to
whom. The more customers who use the service at once,
the more difficult it would be for investigators to
connect the dots.

Wang discovered he could embed a unique, undetectable
signature in Skype packets and then identify that
signature when they reached their destination. The
technique works in much the same way as a radioactive
marker that a patient swallows, permitting doctors to
monitor its progress through the digestive system.

"It's based on the flow itself," Wang said. "I embed a
watermark into the flow itself, the timing of the
packets. By adjusting the timing of select packets
slightly, it's transparent. There's no overhead in the
bandwidth, and it's very subtle. It's mingled with the
background noise." (The anonymizing service tested was
Findnot.com, which did not immediately respond to a
request for comment on Tuesday.)

A paper co-authored by Wang and fellow George Mason
researchers Shiping Chen and Sushil Jajodia describing
their results is scheduled to be presented at a
computer security conference in November. An early
draft concludes that "tracking anonymous, peer-to-peer
VoIP calls on the Internet is feasible" with only
3-millisecond timing alterations as long as the calls
are at least 90 seconds long.

-End quoted section-

Options, comments?

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]





More information about the cypherpunks-legacy mailing list