Delivery-Date: Mon, 09 Jun 2014 15:11:13 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by moria.seul.org (Postfix) with ESMTPS id D68221E0A16
	for <archiver@seul.org>; Mon,  9 Jun 2014 15:11:11 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 70D8F2C085;
	Mon,  9 Jun 2014 19:11:10 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id EAF362DE65
 for <tor-talk@lists.torproject.org>; Mon,  9 Jun 2014 19:07:43 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 1eZgqxRl7c39 for <tor-talk@lists.torproject.org>;
 Mon,  9 Jun 2014 19:07:43 +0000 (UTC)
X-Greylist: delayed 501 seconds by postgrey-1.34 at eugeni;
 Mon, 09 Jun 2014 19:07:43 UTC
Received: from thejh.net (thejh.net [IPv6:2a03:4000:2:1b9::1])
 by eugeni.torproject.org (Postfix) with ESMTP id 956B92C085
 for <tor-talk@lists.torproject.org>; Mon,  9 Jun 2014 19:07:43 +0000 (UTC)
Received: from debjann.fritz.box (thejh.net [37.221.195.125])
 by thejh.net (Postfix) with ESMTPA id 4F55718002C;
 Mon,  9 Jun 2014 20:58:53 +0200 (CEST)
Date: Mon, 9 Jun 2014 20:58:51 +0200
From: Jann Horn <jann@thejh.net>
To: tor-talk@lists.torproject.org
Message-ID: <20140609185851.GA9520@debjann.fritz.box>
References: <5395CE2B.200@posteo.de>
MIME-Version: 1.0
In-Reply-To: <5395CE2B.200@posteo.de>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [tor-talk] Thoughts on Guards
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============3562371630751295909=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============3562371630751295909==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="IJpNTDwzlM2Ie8A6"
Content-Disposition: inline


--IJpNTDwzlM2Ie8A6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jun 09, 2014 at 05:09:31PM +0200, Martin Kepplinger wrote:
> So assuming that people here
> https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa=
-to-break-tor-deanonymizing-users-on-a-budget
> are serious and do a "straight-forward", yet clever passive-observer
> attack on Users; Given that they are listening *really* well and
> knowingly manage to become Guard + Exit of Users in order to deanonymize
> them:

I really don't think you need to be Guard+Exit for that. They talk about
"successful real-world de-anonymization case studies, ranging from attribut=
ion
of botnet command and control servers, to drug-trading sites, to users of
kiddie porn places". Those are cases in which they should be able to get law
enforcement assistance, even more so given that they work for CERT. And with
law enforcement assistance, you can do lots of fancy attacks.

As far as I can see, you don't need to be the guard to deanonymize
someone, it's enough to find out who the guard is, get a court order and sn=
iff
the guard's traffic. And finding out who the guard is doesn't sound
terrifyingly hard to me - you could flood Tor relays with traffic and measu=
re
whether there is any impact on the user's connection speed, you could measu=
re
IP ID increses for all the windows boxes that send out globally monotonic IP
IDs and are still allowed on the Tor network (see these posts on tor-relays=
 by
me: https://lists.torproject.org/pipermail/tor-relays/2014-March/004199.htm=
l=20
https://lists.torproject.org/pipermail/tor-relays/2014-April/004205.html
https://lists.torproject.org/pipermail/tor-relays/2014-April/004208.html ),
heck, maybe you'd even be able to use the bandwidth stats that relays publi=
sh
to trace stuff to the guard.

So I think that being a malicious exit might well be sufficient to trace
a user. Of course, all this stuff should work even better against hidden
services because it shouldn't matter if your attack takes a month to comple=
te
as long as the entry guards stay the same.


> 2. Would some kind of "web-noise" generation in Torbrowser help? like so
> https://addons.mozilla.org/en-US/firefox/addon/white-noise-generator

Heh, never. In particular not because the exit or the server at the other e=
nd
might attack you with something like this open-source PoC I built for traci=
ng
connections through Tor with an active end-to-end-correlation attack:

http://git.thejh.net/?p=3Ddetour.git;a=3Dblob;f=3DREADME
http://git.thejh.net/?p=3Ddetour.git;a=3Dtree

To prevent that attack traffic from being measurable, you'd need so much co=
ver
traffic that the Tor network couldn't handle it anymore, I think.

--IJpNTDwzlM2Ie8A6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJTlgPrAAoJED4KNFJOeCOoorAP/inGgDAOmIgBPOvks5+eKjv/
3K/soyNVucRW7l554P84W65i2vr87eOv0L3EolwqaEv88QAE98LFQJ2YJvrfNosv
OpoLofye2HMyzvrb+//NI0mbRSVLxkMI0SH5xb4D7nNe/McCNHbiQqT8IYtj2ROB
iPQueRCb3L+w/4H56ch7Ms10FfucyIChm4pQGt+IbI1xWPHspvq+MGU98UHt8r9/
uv38bhAWgHnpukob4zoW9goctT4l1PwIzr8qj/G2/RLKw13VLvd4HKVzQZPZPkNn
RRIPtqKa513DaxvXDRiicBK1S4pQiAA6iFlI5YpsTo+vBnT/m5TE6Eja4dhBdtU9
ltzqTMeE+edYEYD9FT0mq6h7P3967FUmYTePfbRvIZjSbx2XV4KOCCoDFH9TNfXx
L0mxJMGGMEn7/u3cT7J5HpEVAepJM+bYNDfwHg6Uw3d8q9zhhEO1VAGZIoen9PcZ
YUkmZhVunnGz6gDQxYgGq6lHJl45R8q8Nn4hWG8Hoy3POC9hidM69oevnpv9QTgi
nuWbyZb1JSGnuZqJpuph5Ds1zpiYcmyCl1L0FRcRispsnby9qbSp2kfqzcC92uoQ
WmjW5yLuDTQmFf5+wxRd0ve7sEp9o7LCUIPYmXWPPfdsVfGLYUpOtm3jfOv0wI5z
DJIzxMKtXm+ZPdWCLCfj
=k9Io
-----END PGP SIGNATURE-----

--IJpNTDwzlM2Ie8A6--

--===============3562371630751295909==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============3562371630751295909==--

