Building a new Tor that can resist next-generation state surveillance

Sun Feb 19 08:18:48 PST 2017

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/19/2017 08:04 AM, Georgi Guninski wrote:
> On Sun, Feb 19, 2017 at 12:59:24AM -0500, grarpamp wrote:
>> Reviewing designs... designing against threats... tracking
>> proof... three areas. Do it, get funding, make yourself a star.
> 
> Does theory allow anonymity in the presence of sufficiently
> powerful network adversary?

I think that depends on the performance of the anonymous networking
tool in question.  Generally speaking, higher speed and capacity
equates to lower security.  High bandwidth, low latency connected
protocols present the worst case scenario; low bandwidth, high latency
unconnected protocols present the best case scenario.

As an example, providing "normal" http performance on an anonymous
overlay network (the TOR scenario) presents a huge attack surface.  An
adversary who can observe the majority of the physical network
infrastructure all at once can use traffic analysis to trace
connections from end to end; a lesser adversary could stand up enough
routing nodes to be the majority owner of the overlay network and both
passively observe and actively manipulate traffic to achieve the same
goals as a global observer at a tiny fraction of the cost. (VPN
connections from a cloud server farm to numerous remote hosts solves
the problem of running centrally controlling nodes that /appear/ to be
independently operated.)

At the opposite end of the scale, imagine a network of NNTP servers
that carry only PKI encrypted posts, distributing everything posted to
all users.  The users' local installations would try their owner's
keys against /all/ the messages, writing those that decrypt to an
inbox folder.  Here, traffic analysis and/or majority ownership of
nodes would be more or less useless; one good attack would be to
overwhelm the network with flood of bogus message traffic.
Countermeasures to this attack could include a web of trust
arrangement, and configuring the nodes to only store and forward
messages signed by "trusted" users; at least this would force an
adversary to do some work to flood the network with garbage.

> What are the disadvantages for better anonymity? (using one time
> device isn't cheap and requires to find device)

I believe it is reasonable to expect better anonymity to /always/
involve performance hits in latency, bandwidth, and local resource
usage, relative to "normal" routing protocols.

In practical terms, today's anonymizing technology /probably/ imposes
sufficient delays on the identification of users and who is talking to
whom that physical anonymity - i.e. making only brief connections to
open wireless routers at locations where one is not seen coming and
going - should provide "really good" anonymity.  Of course one must
prevent the hardware from leaking identifiers via RF or TCP/IP vectors.

Conversely, repeatedly using anonymizing network protocols from one
location provides cover against low powered adversaries, while top
tier adversaries who by definition will know "who you are and who you
communicate with" may be restrained from hostile action by their
reluctance to disclose the existence of "sensitive sources and
methods."  That is, until or unless they find your activities /really/
annoying, and spend a little money / take a little risk setting you up
for a series of unfortunate events that won't be attributed to them.

:o/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJYqcVoAAoJEECU6c5XzmuqJPEIALZ4u2wDz8rY9f+xP+vlGxLs
+tLwmeQsmT7kdiD0yKlzItyeWk58O0yeeptdihvs/nxGMrlI3MPjeVspzKCQL+03
S3ynjScVtSVv2W96v0HIMOCIBcVMyaOaSsUD89F9yB+RNotg16nze3WvF80HtULp
xiz3E9okFIwN7eQ4+7q0n0tyc+y5HEwArczfDU1hZDj8j4anMxVWhHEzJ6Bwtavg
pePdqh/+d10ocoYXxiE1k0aSahhXWa27xn8dQ9ynBW3oS+tE+Z4eA/XrwZ8oAKez
+3NyGeEAEVNNngeK06mgH1ewdn5AHVMBA86l56kA5t5LUos6yqUhJa2+MQ4EhQk=
=0gju
-----END PGP SIGNATURE-----