mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2025-02-23 14:40:51 +01:00
edits on passive attacks (sec7)
svn:r770
This commit is contained in:
Roger Dingledine
parent
3fd2a03563
commit
b85e6fd08d
1 changed files with 21 additions and 30 deletions
|
|
@ -1391,17 +1391,17 @@ Below we summarize a variety of attacks, and discuss how well our
|
|||
design withstands them.\\
|
||||
|
||||
\noindent{\large\bf Passive attacks}\\
|
||||
\emph{Observing user traffic patterns.} Observing the connection
|
||||
from the user will not reveal her destination or data, but it will
|
||||
\emph{Observing user traffic patterns.} Observing a user's connection
|
||||
will not reveal her destination or data, but it will
|
||||
reveal traffic patterns (both sent and received). Profiling via user
|
||||
connection patterns is hampered because multiple application streams may
|
||||
be operating simultaneously or in series over a single circuit. Thus,
|
||||
further processing is necessary to discern even these usage patterns.
|
||||
connection patterns requires further processing, because multiple
|
||||
application streams may be operating simultaneously or in series over
|
||||
a single circuit.
|
||||
|
||||
\emph{Observing user content.} While content at the user end is encrypted,
|
||||
connections to responders may not be (further, the responding website
|
||||
itself may be hostile). Filtering content is not a primary goal of Onion
|
||||
Routing; nonetheless, Tor can directly use Privoxy and related
|
||||
connections to responders may not be (indeed, the responding website
|
||||
itself may be hostile). While filtering content is not a primary goal
|
||||
of Onion Routing, Tor can directly use Privoxy and related
|
||||
filtering services to anonymize application data streams.
|
||||
|
||||
\emph{Option distinguishability.} We allow clients to choose local
|
||||
|
|
@ -1413,19 +1413,18 @@ in the minority may lose more anonymity by appearing distinct than they
|
|||
gain by optimizing their behavior \cite{econymics}.
|
||||
|
||||
\emph{End-to-end timing correlation.} Tor only minimally hides
|
||||
end-to-end timing correlations. An attacker watching patterns of
|
||||
such correlations. An attacker watching patterns of
|
||||
traffic at the initiator and the responder will be
|
||||
able to confirm the correspondence with high probability. The
|
||||
greatest protection currently available against such confirmation is to hide
|
||||
the connection between the onion proxy and the first Tor node,
|
||||
by running the onion proxy locally or
|
||||
behind a firewall. This approach
|
||||
by running the OP on the Tor node or behind a firewall. This approach
|
||||
requires an observer to separate traffic originating at the onion
|
||||
router from traffic passing through it: a global observer can do this,
|
||||
but it might be beyond a limited observer's capabilities.
|
||||
|
||||
\emph{End-to-end size correlation.} Simple packet counting
|
||||
without timing correlation will also be effective in confirming
|
||||
will also be effective in confirming
|
||||
endpoints of a stream. However, even without padding, we have some
|
||||
limited protection: the leaky pipe topology means different numbers
|
||||
of packets may enter one end of a circuit than exit at the other.
|
||||
|
|
@ -1440,26 +1439,18 @@ correlations, the adversary may build up a database of
|
|||
targeted websites. He can later confirm a user's connection to a given
|
||||
site simply by consulting the database. This attack has
|
||||
been shown to be effective against SafeWeb \cite{hintz-pet02}.
|
||||
% But
|
||||
%Tor is not as vulnerable as SafeWeb to this attack: there is the
|
||||
%possibility that multiple streams are exiting the circuit at
|
||||
%different places concurrently.
|
||||
% XXX How does that help? Roger and I don't know. -NM
|
||||
It may be less effective against Tor, since
|
||||
streams are multiplexed within the same circuit, and
|
||||
fingerprinting will be limited to
|
||||
the granularity of cells, currently 256 bytes. Further potential
|
||||
defenses include
|
||||
larger cell sizes and/or padding schemes to group websites
|
||||
into large sets. But this remains an open problem. Link
|
||||
padding or long-range dummies may also make fingerprints harder to
|
||||
detect.\footnote{Note that
|
||||
this fingerprintin attack should not be confused with the latency attacks
|
||||
of \cite{back01}. Those require a fingerprint of the latencies of
|
||||
all circuits through the network, combined with those from the
|
||||
network edges to the targeted user and the responder website. While
|
||||
these are in principle feasible and surprises are always possible,
|
||||
they constitute a much more complicated attack, and there is no
|
||||
current evidence of their practicality.}\\
|
||||
the granularity of cells (currently 256 bytes). Additional
|
||||
defenses could include
|
||||
larger cell sizes, padding schemes to group websites
|
||||
into large sets, and link
|
||||
padding or long-range dummies.\footnote{Note that this fingerprinting
|
||||
attack should not be confused with the much more complicated latency
|
||||
attacks of \cite{back01}, which require a fingerprint of the latencies
|
||||
of all circuits through the network, combined with those from the
|
||||
network edges to the target user and the responder website.}\\
|
||||
|
||||
\noindent{\large\bf Active attacks}\\
|
||||
\emph{Compromise keys.} An attacker who learns the TLS session key can
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue