[tor-talk] A possible solution to traffic correlation attacks,

grarpamp grarpamp at gmail.com
Sun Jun 5 18:34:22 UTC 2016


On 6/5/16, Not Friendly <notfriendly at riseup.net> wrote:
> After about an hour of brain storming I may of found a way to stop traffic
> correlation attacks. The idea is to add an artificial delay of a few
> randomized ms (two separate delays, one to the tor exit and another deal on
> traffic exiting the network) and add an extra chunk of randomized data (just
> a small random amount of KB that never exits the network). It would make
> traffic harder to correlate. What are your thoughts on this?

Doesn't work.
"never exits" - GPA's don't necessarily need to correlate any internal
flows. They can look only at the endpoints. The minute you insert
traffic that lights up some other endpoint, in an otherwise sufficiently
quiet network, or distinguishable way (bytes / latency [pump], which is
made even easier for them if they reign over an endpoint), you're done.
You need fulltime regulated fill traffic, within which, your traffic resides.


More information about the tor-talk mailing list