Cuenta regresiva para Tor

Análisis de los diferentes sistemas SIGINT a escala mundial: ECHELON, FRENCHELON, SITEL, SORM
verbal
Mensajes: 9
Registrado: 22 Feb 2008 06:36
Ubicación: /dev/mem

Cuenta regresiva para Tor

Mensaje por verbal »

Simulating a Global Passive Adversary for Attacking Tor-like Anonymity Systems
We present a novel, practical, and effective mechanism for identifying the IP address of Tor clients. We approximate an almost-global passive adversary (GPA) capable of eavesdropping anywhere in the network by using LinkWidth, a novel bandwidth-estimation technique. LinkWidth allows network edge-attached entities to estimate the available bandwidth in an arbitrary Internet link without a cooperating peer host, router, or ISP. By modulating the bandwidth of an anonymous connection (e.g., when the destination server or its router is under our control), we can observe these fluctuations as they propagate through the Tor network and the Internet to the end-user's IP address. Our technique exploits one of the design criteria for Tor (trading off GPA-resistance for improved latency/bandwidth over MIXes) by allowing well-provisioned (in terms of bandwidth) adversaries to effectively become GPAs. Although timing-based attacks have been demonstrated against non-timing-preserving anonymity networks, they have depended either on a global passive adversary or on the compromise of a substantial number of Tor nodes. Our technique does not require compromise of any Tor nodes or collaboration of the end-server (for some scenarios). We demonstrate the effectiveness of our approach in tracking the IP address of Tor users in a series of experiments. Even for an under-provisioned adversary with only two network vantage points, we can accurately identify the end user (IP address) in many cases. Furthermore, we show that a well-provisioned adversary, using a topological map of the network, can trace-back the path of an anonymous user in under 20 minutes. Finally, we can trace an anonymous Location Hidden Service in approximately 120 minutes.
fuente: cryptome.org

Es decir que una conexion a internet posee ciertos patrones de dinamismo en las fluctuaciones de su ancho de banda y trafico (a modo de huellas digitales), y que un cotejo global de de las fluctuaciones capturadas de un stream sospechoso con las presentadas por los ISP podria permitir relacionar efectivamente un usuario de la red Tor con una direccion IP particular, de tal forma que la anonimidad que ofrece Tor se veria opacada seriamente, al menos para las organizaciones capaces de efectuar el cotejo detallado.
Las consecuencias mas previsibles, segun mi punto de vista, serian:

a) disminucion importante de los delitos complejos respaldados por Tor
b) Tor 2.0: balance y spoofing de ancho de banda (via adicion de redundancia a los streams cifrados), posible masificacion de subredes Tor relativamente pequeñas, enrobustecimiento de las protecciones contra analisis de trafico

como consecuencia, habra un pico de minimo en conexiones Tor, que deberia volver a la normalidad al implementarse una nueva version...
Q:Will I be used as a honey-trap?
A:Absolutely not. The Service does not use this or similar tactics.

jajaj
Responder

Volver a “Sistemas de Interceptación de Comunicaciones”