The cheap low risk node majority attack, pki, geoip, etc

Zenaan Harkness zen at freedbms.net
Wed Jun 8 03:38:25 PDT 2016


On Wed, Jun 08, 2016 at 12:30:31AM -0300, juan wrote:
> Users Get Routed:
> Traffic Correlation on Tor by Realistic Adversaries
> 
> http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf
> 
> 
> Our results show that Tor users are  FAR MORE SUSCEPTIBLE to compromise
> than indicated by prior work. 
> 
> 
> QUITE SIMPLE AND EFFICIENT TECHNIQUES CAN CORRELATE TRAFFIC
> at these separate locations by taking advantage of identifying traf-
> fic patterns [29]. As a result, the user and his destination may be
> identified, completely subverting the protocol’s security goals.
> 
> 
> Given the SEVERITY OF THE TRAFFIC CORRELATION PROBLEM and its se-
> curity implications, we develop an analysis framework for evaluat-
> ing the security of various user behaviors on the live
> 
> 
> OUR ANALYSIS SHOWS THAT 80% OF ALL TYPES OF USERS MAY BE DE-
> ANONYMIZED BY A RELATIVELY MODERATE TOR-RELAY ADVERSARY WITHIN SIX
> MONTHS.
> 
> 
> OUR RESULTS ALSO SHOW THAT AGAINST A SINGLE AS ADVERSARY
> ROUGHLY 100% OF USERS IN SOME COMMON LOCATIONS ARE DEANONYMIZED
> WITHIN THREE MONTHS (95% IN THREE MONTHS FOR A SINGLE IXP)
> 
> 
> signed paul FUCKING syverson
> 
> 
> Now, all the RETARDS who parrot that 'tor stinks' perhaps should try to
> update their mental databases.

This needs to be +1'ed, noted well, remembered, reminded and generally
proclaimed loudly.

The use cases of "benefit" are looking slim indeed, and in fact "you have
at most one month and even then a ~30% chance of being specifically
identified.

The metaphorical hit and run is the remaining use case, assuming you don't
make any mistake at all whilst hitting the tor network and running for
your hope to be not detected arse.

Fill traffic overlay net, and hardware based "new mesh network" seem to be
the only sane approaches for sane future work named thus far...

Juan, you've been so fucking right it's, it's, it's ... I ...



More information about the cypherpunks mailing list