[tor-dev] Is Taking Checksum of Packet Payloads a Vulnerability?
Watson Ladd
watsonbladd at gmail.com
Sat Dec 17 16:51:19 UTC 2011
Note that the data sent from Alice to En is encrypted with a key only they
share, rendering this attack impossible.
On Dec 17, 2011 11:25 AM, "Daniel Cohen" <danielc192 at gmail.com> wrote:
> Hi,
>
> I am new to Tor, but after reading about its design, and reading a few
> research papers on its vulnerabilities (specifically timing attacks), I had
> the following thought:
>
> Suppose Alice is connecting to Bob via Tor, using HTTPS encryption. She
> sends a packet to the Tor entry node (call it En). The packet travels
> through the network, emerges from an exit node (call it Ex), and arrives at
> Bob.
>
> Alice => En => Tor Network => Ex => Bob
>
> Now suppose that Alice's connection is being monitored, as well as a group
> of the exit nodes (which are either hostile or having their packets
> sniffed). When the encrypted packet leaves Alice on its way to En, it is
> sniffed, and a checksum is made of its encrypted payload. The packet then
> continues through the network as usual, and emerges from an exit node.
>
> It appears to me that the attacker need only check packets coming out of
> exit nodes to see if their payload checksums match that of the packet
> observed leaving Alice. Unlike timing attacks, which require a reasonable
> number of packets to confirm Alice's identity, this attack would require
> only one, since checksums have an almost 0% chance of collision. If a
> packet with the same payload checksum as Alice's is discovered, it almost
> certainly originated from her.
>
> Is this a problem with Tor's architecture? If so, has this issue already
> been addressed?
>
> Thanks,
>
> Daniel Cohen
>
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20111217/d6423e2c/attachment.html>
More information about the tor-dev
mailing list