Tor Stinks: Stealthy Traffic Analysis

grarpamp grarpamp at
Fri Aug 13 02:03:14 PDT 2021

Speaking of all that...

The fact that "Tor Stinks  -- NSA"...
the need to start fresh investigation, code, develop, and deploy
additional new alternative proof-of-concept networks, besides
the old 25 year legacy and vacuum that is Tor Project, utilizing
full-time base of chaff fill, and other old and new methods that
have not hardly well considered and operationally proof tested
since yet... including a fresh investigation of mix based networks,
is obvious, and is slowly being corroborated, and has been attested
by both info-theory and classified operations of the past 70 years...

Emphasis * quotes added...
During World War II and into the 1950s, the U.S. made extensive use of
one-time tape systems. In addition to providing confidentiality,
*****circuits secured by one-time tape ran continually, *even when
there was no traffic*, thus protecting against traffic analysis.*****
In 1955, NSA produced some 1,660,000 rolls of one time tape. Each roll
was 8 inches in diameter, contained 100,000 characters, lasted 166
minutes and cost $4.55 to produce.
It was developed in the 1950s by the National Security Agency (NSA) to
secure fixed teleprinter circuits that **operated 24 hours a day.**
Because the KW-26 sent **a continuous stream of bits, it offered
traffic-flow security**. Someone intercepting the ciphertext stream
**had no way to judge how many real messages were being sent, making
traffic analysis impossible.**
In computer security

Traffic analysis is also a concern in computer security. An attacker
can gain important information by monitoring the frequency and timing
of network packets. **A timing attack on the SSH protocol can use
timing information to deduce information** about passwords since,
during interactive session, SSH transmits each keystroke as a
message.[8] **The time between keystroke messages can be studied**
using hidden Markov models. Song, et al. claim that it can recover the
password fifty times faster than a brute force attack.

Onion routing systems are used to gain anonymity. *****Traffic
analysis can be used to attack anonymous communication systems like
the Tor anonymity network.***** Adam Back, Ulf Möeller and Anton
Stiglic present traffic analysis attacks against anonymity providing
systems .[9] Steven J. Murdoch and George Danezis from University of
Cambridge presented [10] research showing that ***traffic-analysis
allows adversaries to infer which nodes relay the anonymous
streams.*** This reduces the anonymity provided by Tor. They have
shown that otherwise unrelated streams can be linked back to the same

Remailer systems can also be attacked via traffic analysis. **If a
message is observed going to a remailing server, and an
identical-length (if now anonymized) message is seen exiting the
server soon after, a traffic analyst may be able to (automatically)
connect the sender with the ultimate receiver.** Variations of
remailer operations exist that can make traffic analysis less


It is difficult to defeat traffic analysis without both encrypting
messages and masking the channel. ***When no actual messages are being
sent, the channel can be masked [11] *by sending dummy traffic*,
similar to the encrypted traffic, thereby keeping bandwidth usage
constant*** .[12] "It is very hard to hide information about the size
or timing of messages. ***The known solutions require Alice to send a
*continuous stream* of messages at the maximum bandwidth she will ever

Song, Dawn Xiaodong; Wagner, David; Tian, Xuqing (2001). "Timing
Analysis of Keystrokes and Timing Attacks on SSH". 10th USENIX
Security Symposium.

Tor's new "netflow analysis resistance" is limited
applicability, not really a general case attempt at
diminishing the global/p2p/e2e/n2n Traffic Analysis
problem by at least say a worthwhile factor of 10.

At least one outline of how to consider doing a base
of full time dynamically yielding chaff fill has already been
posted at times to these lists. And there are plenty more
academic papers on the subject proffering other methods to
consider as well. Plus new ones that will come from that process.

The user experience under a dynamic chaff and allocated
bandwidth system is not likely to be as scarily unusable
as some legacy entrenched project$ often like to claim.

Timed buckets carrying stuff between nodes worked for ATM
networks in the telcos, so for one investigation, see what
kind of performance you can get emulating with today's
sw, cpu's, and nic's over the net.

"Tor Stinks  -- NSA"

More information about the cypherpunks mailing list