[liberationtech] Breaking Tor for $3K
Maxim Kammerer
mk at dee.su
Mon Jul 7 14:20:58 PDT 2014
On Mon, Jul 7, 2014 at 11:13 PM, Richard Brooks <rrb at g.clemson.edu> wrote:
> https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget
> Sounds like hype to me. Anyone else have an opinion?
Well, if we estimate total guard node bandwidth at 4GB/s [1], several
controlled guard nodes with two gigabit links allow control of
~6% of Tor traffic, enabling a fair share of opportunistic
deanonymization attacks on hidden services and their clients. I would
approach this by constantly connecting to all known hidden services
using a distinct per-service traffic pattern, and this way determine
location of hidden services that eventually pick a controlled guard
node. Simultaneously, I would inject arbitrary delays into all client
connections to controlled guard nodes, and watch for similar delays on
suspected hidden service nodes.
All in all, sounds feasible to me, and I can't wait for some actual
Tor hidden services statistics that are not some boring wishful
thinking from “Users of Tor” page [2], but actual data.
[1] https://metrics.torproject.org/bandwidth.html
[2] https://www.torproject.org/about/torusers.html
--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
More information about the liberationtech
mailing list