Delivery-Date: Fri, 18 Mar 2016 19:48:28 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 7DBDB1E0AB6;
	Fri, 18 Mar 2016 19:48:25 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id B658F36EC5;
	Fri, 18 Mar 2016 23:48:20 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id D3BA736820
 for <tor-talk@lists.torproject.org>; Fri, 18 Mar 2016 23:48:16 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 9iKTTROawYbH for <tor-talk@lists.torproject.org>;
 Fri, 18 Mar 2016 23:48:16 +0000 (UTC)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 9FF01220EB
 for <tor-talk@lists.torproject.org>; Fri, 18 Mar 2016 23:48:16 +0000 (UTC)
Received: from list by plane.gmane.org with local (Exim 4.69)
 (envelope-from <gno-or-talk-2@m.gmane.org>) id 1ah47o-0007Po-2l
 for tor-talk@lists.torproject.org; Sat, 19 Mar 2016 00:48:12 +0100
Received: from chomsky.torservers.net ([77.247.181.162])
 by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
 id 1AlnuQ-0007hv-00
 for <tor-talk@lists.torproject.org>; Sat, 19 Mar 2016 00:48:12 +0100
Received: from o.wendel by chomsky.torservers.net with local (Gmexim 0.1
 (Debian)) id 1AlnuQ-0007hv-00
 for <tor-talk@lists.torproject.org>; Sat, 19 Mar 2016 00:48:12 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: tor-talk@lists.torproject.org
From: Oskar Wendel <o.wendel@wp.pl>
Date: Fri, 18 Mar 2016 23:48:04 +0000 (UTC)
Lines: 43
Message-ID: <nci43k$3ee$1@ger.gmane.org>
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: chomsky.torservers.net
Subject: [tor-talk] Traffic shaping attack
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Let's assume that a global adversary sets up (or seizes) a hidden service 
with illegal content and wants to deanonymize users who download this 
content from this service.

Users are educated, use only trusted, newest software and have all plugins 
disabled.

We all know about traffic correlation attacks. But let's take it further.

Let's set up a service in a way that it will modulate the traffic, so the 
download would look like:

Few seconds - maximum traffic speed
Few seconds - download completely stopped
Few seconds - again, maximum traffic speed
Few seconds - again, download completely stopped

Then, we monitor traffic flowing into various entry nodes (remember we're 
a global adversary, having direct access to infrastructure around the 
globe) and spot the traffic that matches our pattern.

Traffic fluctuations are normal and common, but fixed sequence of 
interrupts in proper times is absolutely unique.

Seems possible? Seems probable?

- -- 
Oskar Wendel, o.wendel@wp.pl.REMOVE.THIS
Pubkey: https://pgp.mit.edu/pks/lookup?search=0x6690CC52318DB84C
Fingerprint: C8C4 B75C BB72 36FB 94B4 925C 6690 CC52 318D B84C
-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJW7JOxAAoJEGaQzFIxjbhMOKwIALCNpacHME11xF7o3CycaYHv
+agBNRmhmsSWlwb5gMs/IIUEOINYD2j5MfK1/SsfKcTqa6UQZsEtwvMRqGbJWO77
hMRaZ3fLSMrvB8fWUSWDTG40rViqNNd5e+hC+aCVpI6FAbHBXmZbIPIgrRo6BXWj
AhHb19IvHokYKnDnV02W0UDD6pCXRztEiEDB3cUVzj/MAnPizufxa/lHNH1QsW+C
z8ZoifT7Sn6fNDi7qA9B76XcQPbQdQHz+mK8QutgRB9IhN98LAfAzoNM1cUmYLbJ
JiO9Hgf6aliwsevX4kDSCGxuhd5nXKw2+VdpjZzIkMzxOY6a7St/CUYSdWrKIQI=
=XlNO
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

