[tor-talk] New paper : Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries

Eugen Leitl eugen at leitl.org
Thu Oct 17 03:58:00 PDT 2013


----- Forwarded message from Paul Syverson <paul.syverson at nrl.navy.mil> -----

Date: Thu, 17 Oct 2013 06:56:41 -0400
From: Paul Syverson <paul.syverson at nrl.navy.mil>
To: tor-talk at lists.torproject.org
Subject: Re: [tor-talk] New paper : Users Get Routed: Traffic Correlation	on Tor by Realistic Adversaries
Message-ID: <20131017105641.GE83425 at buridan.fw5540.net>
User-Agent: Mutt/1.5.17 (2007-11-01)
Reply-To: tor-talk at lists.torproject.org

On Thu, Oct 17, 2013 at 10:46:57AM +0200, Andreas Krey wrote:
> On Wed, 16 Oct 2013 19:42:41 +0000, Joe Btfsplk wrote:
> ...
> > One thing jumps out, Tor doesn't know for sure who's running Guard or 
> > exit nodes - & can't unless they start doing (regular, repeated) 
> > extensive personal interviews, background checks, giving polygraph 
> > tests, injecting sodium pentathol  to those wanting to run nodes.
> 
> I think you slightly disregard who is actually interested in a
> trustworthy tor network. What you describe makes the tor operators
> a cabal, and the problem is that the ones who actually want to
> trust tor (the users) are outside that.
> 
> Besides, many attacks don't require to *run* the nodes, just to
> monitor its traffic. And a TLA can do that without the honest
> operator even suspecting.
> 

Actually the work we did on this paper was as part of a larger program
that has been our primary focus for the last several years: how can
you secure communication over Tor against an adversary that can, e.g.,
own 30% of the nodes (or big chunk of guard and exit bandwidth) or
large parts of the AS or other underlying network infrastructure.  

Our candidate is to leverage trust diversity in different parts of the
network (e.g. trust based on who is running nodes on what hardware and
what OS from what physical and network location, etc.) But this is
tricky. One can't just use the most trusted parts of the network
because this will probably indicate that this is statistically more
likely to be communication from/to people that trust this part of the
network. You need to get away from the idea of a single set of trust
values for all users for the whole network.  Different kinds of people
will have different adversaries, which is just one factor to the
diversity of trust. We've already got a few publications on this "More
Anonymous Onion Routing Through Trust" by myself and Aaron Johnson and
"Trust-based Anonymous Communication: Adversary Models and Routing
Algorithms" by the two of us, plus Roger Dingledine and Nick
Mathewson. You can find both on my homepage (syverson.org)

The current paper under discussion came from the realization that we
needed to have a much better handle on network models, tools and
appropriate adversary models for the existing Tor network and usage in
order to properly incorporate trust into routing for improved future
design. 

HTH,
Paul
-- 
tor-talk mailing list - tor-talk at lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5



More information about the cypherpunks mailing list