Anonymity easily thwarted by flooding network with relays?

Theodore Bagwell toruser1 at imap.cc
Fri Nov 19 02:19:03 UTC 2010


Some of you may be aware of the paper,"Cyber Crime Scene Investigations
(C2SI) through Cloud Computing"
(http://www.cs.uml.edu/~xinwenfu/paper/SPCC10_Fu.pdf) which illustrates
a feasible method of invalidating the anonymity afforded by Tor.

For those who are not, the approach is this: Someone with a lot of
money, such as a government, uses cloud computing to release a veritable
army of Tor relays into the Tor network. The number of legitimate Tor
relay nodes in the network is dwarfed by those under the government's
control. The chances of your Tor client choosing a government-controlled
("evil") Tor node when building a circuit increase to 99/100. Since one
entity (the government) controls the evil relay nodes, and 2 or 3 of the
three relay nodes in your circuit are evil; chances are you have no
anonymity left to speak of.

Does anyone have any comments on this paper? Any reassurance? Frankly,
this is scary.

I nominate this paper as a founding reason why Tor should permit users
to increase the number of relay nodes used in each circuit above the
current value of 3...

Thoughts?

-- 
  Theodore Bagwell
  toruser1 at imap.cc

-- 
http://www.fastmail.fm - The professional email service

***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list