[liberationtech] The missing component: Mobile to Web interoperability (in Internet Freedom Technologies)

Mon Oct 7 02:57:56 PDT 2013

On Wed, Sep 25, 2013 at 9:32 PM, coderman <coderman@gmail.com> wrote:
>   [... re: NSA has found a way to break Tor... ]
> i suspect it is the latter that is more concerning. of course NSA has
> the ability; but do they share it?

the recent releases[0] have shown this to be more complicated than expected.

in terms of sharing: other domestic agencies and some of the FVEY
partners appear to be partially looped in? likely to find out more
over the years,...

in terms of breaking Tor:

the core Tor protocol and network is described repeatedly as difficult
to compromise. attacking the client, opportunistic de-anonymization,
selective denial of service, and mallory-in-the-middle attacks, all
appear extremely effective when they are pointed at Tor users of
interest. Tor's dependencies are failing in practice, rather than the
network or protocol itself.

Roger says the limited number of users targeted is reassuring, “If
those documents actually represent what they can do, they are not as
big an adversary as I thought,”[1]

the lack of widespread de-anonymization of Tor users is an interesting
situation.  i do not agree that they don't have the ability. other
sources clearly show their privileged positioning in the IP core for
active attacks as well as the global passive DPI tapping
infrastructure technically capable of linking large numbers of Tor
users.[2]

instead this implies that the other routes to identifying users,
particularly taking advantage of the endpoint and operational risks
above, are cheaper and more effective.
for less effort and resources locate them via side channel tricks,
infect them with spyware, and observe what they do
pre-encryption-and-pre-proxy directly.  it's clear to see why they've
been using this approach. [here is where i plug Qubes Tor VM, Tails,
Whonix]

so after addressing the client side weaknesses, perhaps the elligator
datagram based effort[3] will be making progress in time to thwart
this new adversary model as the low hanging fruit of Tor client
cracking dries up...
  ;)

best regards,

0. NSA Tor dox:
http://www.washingtonpost.com/world/national-security/secret-nsa-documents-show-campaign-against-tor-encrypted-network/2013/10/04/610f08b6-2d05-11e3-8ade-a1f23cda135e_print.html
http://cryptome.org/2013/10/nsa-iat-tor.pdf
http://cryptome.org/2013/10/nsa-tor.pdf
http://cryptome.org/2013/10/gchq-mullenize.pdf
http://cryptome.org/2013/10/nsa-egotisticalgiraffe.pdf
http://cryptome.org/2013/10/nsa-tor-stinks.pdf
http://cryptome.org/2013/10/packet-stain/packet-staining.htm

1. "Secret NSA documents show campaign against Tor encrypted network"
  http://www.washingtonpost.com/world/national-security/secret-nsa-documents-show-campaign-against-tor-encrypted-network/2013/10/04/610f08b6-2d05-11e3-8ade-a1f23cda135e_print.html

2. passing the buck on the math; the details you need:
 https://metrics.torproject.org/index.html /
https://trac.torproject.org/projects/tor/ticket/6443 ,
answer for the question: what is the probability of picking a guard
and exit relay using any of five-eyes-and-their-friendlies AS'es, or
that travels transoceanic cables at these points, or uses guard and
exit relays hosted at an IX under legally compelled (FVEY) or unaware
collaboration (e.g. Belgacom)?

3. sorry, no; there is no Tor datagram protocol in the works yet,
however initial considerations are in progress:
"Implement and experiment with one or more datagram-based designs"
  https://trac.torproject.org/projects/tor/ticket/4684
  http://www.cl.cam.ac.uk/~sjm217/papers/tor11datagramcomparison.pdf
this is summarized as picking from multiple hard to very hard options.
i'm fond of even more difficulty, and combining these techniques and
others (multi-path SCTP in userspace, client-side traffic
shaping/prioritization, stochastic fair queuing and packet reordering,
etc) for better protection against traffic analysis and active
attacks.... might take a while to code up *grin*