Bandwidth throttling (was Re: Padding)
Paul Syverson
syverson at itd.nrl.navy.mil
Wed Jul 10 20:34:07 UTC 2002
Hi all,
Here's my point about padding. Right now I'm not convinced there can be
padding/throttling regimen that is both useful and practical, or maybe
even either useful or practical. Some of what has been suggested is
certainly worth a look if anything is, but I think before we try to
design mechanisms we should consider if there is any point. Sometimes
you can just see where a design takes you and then realize what you
were trying to do with it. But, I think we need to do some analysis
before we go building any of this stuff into our OR code. I tried to
justify this point of view in my last message but probably wasn't very
clear.
This is how I think we should proceed on this issue.
Assume an adversary can induce a timing signature on connections.
Maybe it's better to call this a timing signal.
Some important parameters are:
The nature of the signal itself (.e.g., release ten cells, wait 20
milliseconds, repeat)
Where the signal is introduced and read (e.g., sent between Alice and the
first COR and read between the last COR and Bob, sent by a COR in
both directions and read at Alice and Bob--OK that's two signals,
sent by someone who modulates a thickpipe rather than individual
connections, etc.)
We should set this out to some extent, perhaps a few specific
examples. Then we should look at
How much information could be sent this way, perhaps,
what is the capacity of such a channel? This can give us a measure
of the number of connections that could be differentiated by this
technique or the number of connections differentiated per unit time.
We could then introduce various padding/throttling schemes and see
the effect they have on this.
These could come from either a priori modeling and analysis or
even from empirical data on simulations or testbed.
I had begun some analysis with others here at NRL that was at least
related to this some time ago, but have not had time to follow through
on it yet: one of the many things simmering on the back burner.
Once we have some ideas about this, we can talk about specific
implementations of countermeasures now having some clue what they
potentially will buy us. I guess that means that in the short run
I don't think we should be trying to implement anything. If people
have clever ideas, please go ahead and note them, but I think we
need some analysis first in this area.
aloha,
Paul
More information about the tor-dev
mailing list