CCC: traffic analysis

the amazing steven murdoch did some traffic analysis on tor, trying to detect machines behind the annonymizing network. tor itself seems as secure as it had ever been, see comment below.
“by requesting timestamps from a computer, a remote adversary can find out the precise speed of its system clock. as each clock crystal is slightly different, and varies with temperature, this can act as a fingerprint ofthe computer and its location.”

ftp://ftp.fortunaty.net/video/23c3/wmv/timeskew2-t2s1.wmv
http://events.ccc.de/congress/2006/fahrplan/events/1513.en.html

anyone remember caida’s study on the crystals for detecting machines through nats?
http://www.caida.org/publications/papers/2005/fingerprinting/kohnobroidoclaffy05-devicefingerprinting.pdf

another good lecture on traffic analysis at ccc, which was an introduction by george danezis:
http://events.ccc.de/congress/2006/fahrplan/attachments/1185-danezistaintro.pdf

gadi evron,
ge@beyondsecurity.com.

Share
  • http://tor.eff.org/ Shava Nerad

    Just as a note, Steven’s attack targets the “hidden services” facility in Tor. This is the method by which people hide a server (web server, chat server) behind the Tor network. This represents probably considerably less than 1% of the Tor network traffic, and has never been a focus of development — we know it has a number of vulnerabilities.

    This facility would be used, for example, by the military to conceal the location of command and control facilities on the open Internet (perhaps one of the initial uses planned for onion routing by the US Naval Research Lab, who created the *original* onion routing spec).

    As people assess their risks in using the Tor client, they should be aware that this attack is not a threat to them. They might want to make sure they are not using plug-ins that run code on their computer (Flash, ActiveX,…) which are far more likely to casually betray your anonymity.

    Thanks!
    Shava Nerad
    Executive Director
    The Tor Project
    http://tor.eff.org/