[tor-talk] Tor and HTTPS graphic
Paul Syverson
syverson at itd.nrl.navy.mil
Wed Mar 7 04:14:39 UTC 2012
On Tue, Mar 06, 2012 at 08:15:58PM -0500, Mansour Moufid wrote:
> On Tue, Mar 6, 2012 at 4:04 PM, Paul Syverson <syverson at itd.nrl.navy.mil> wrote:
> > I'm a mere four years behind in putting my work up on the web, and
> > this one wasn't co-authored so nobody else did either. I'll try to do
> > something about that in my copious free time this week and send a
> > link.
>
> Please do, this attack you mention is one I've been very interested
> in. I'm sure many others would also love to read more about it.
>
I'll try to get to it soon.
> It's time the myth of the GPA was challenged. I don't think active
> correlation attacks can be defended against, but I think they can at
> least be detected.
Actually there are many papers over the last several years (e.g., at
ACM CCS and Info Hiding) showing that one can place undetectable
timing channels on flows (for some schemes provably undetectable for
others practically undetectable). But passive correlation is adequate
anyway, even at very low sampling rates (cf. Murdoch and Zielinski,
PETS 2007). This is long known and well understood. It's why we have
always said that onion routing resists traffic analysis not traffic
confirmation.
-Paul
More information about the tor-talk
mailing list