[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Collaboration question & challenge use case

From: Jörg Bornschein
Subject: Re: Collaboration question & challenge use case
Date: Tue, 15 Aug 2006 18:13:13 +0200
User-agent: Thunderbird (X11/20060728)

Christian, Hello,

> Another application, currently an (open) master thesis, is to develop a P2P 
> filesharing client that uses DAA to connect to other clients. The motivation 
> is to prevent modified clients that allow the platform owner to see the 
> connection table (and thus to uncover the anonymity of clients). But this 
> only makes sense if the platform owner cannot access the internal state of 
> applications... 

Some time ago I had a discussion (with Joern Bratzke btw) about the
feasibility of a TC protected tor node.

That discussion made me write a small ruby script[1], which tries to
correlate incoming and outgoing traffic (by reading a tcpdump-pcap file)
to identify the circuits this given tor node relays. That script worked
really well, althrough i never tuned the parameters.

To prevent this kind of attac one has to introduce a lot of decoy dummy
traffic. Never tried to prove it information-theoretically, but i have
the strong feeling, that doing so will be much more resource intensive
(speaking of total bandwith, not latency!) than to add a whole lot of
additional relay nodes.

I suspect my statement is correct, as long as one tries to implement a
low latency network -- if the task given is a high latency
store-and-forward problem the situation changes. (eg mail-anonymity with

Do you think I'm mistaken?


[1] http://www.capsec.org/joerg/zeuch/tor-fun/detorify.rb

reply via email to

[Prev in Thread] Current Thread [Next in Thread]