we sure could use some designs for defenses too
Roger Dingledine commited on 2010-04-29 05:24:27
Zeige 2 geänderte Dateien mit 53 Einfügungen und 14 Löschungen.
- en/research.wml 3579f687a..1ef898fb2
- en/volunteer.wml b9b0737f7..325f86845
| ... | ... |
@@ -67,6 +67,19 @@ the code they used. Let us know if you have new tools we should list, |
| 67 | 67 |
or improvements to the existing ones. The more the better, at this stage. |
| 68 | 68 |
</li> |
| 69 | 69 |
|
| 70 |
+<li> |
|
| 71 |
+<b>We need defenses too — not just attacks.</b> |
|
| 72 |
+Most researchers find it easy and fun to come up with novel attacks on |
|
| 73 |
+anonymity systems. We've seen this result lately in terms of improved |
|
| 74 |
+congestion attacks, attacks based on remotely measuring latency or |
|
| 75 |
+throughput, and so on. Knowing how things can go wrong is important, |
|
| 76 |
+and we recognize that the incentives in academia aren't aligned with |
|
| 77 |
+spending energy on designing defenses, but it sure would be great to |
|
| 78 |
+get more attention to how to address the attacks. We'd love to help |
|
| 79 |
+brainstorm about how to make Tor better. As a bonus, your paper might |
|
| 80 |
+even end up with a stronger "countermeasures" section. |
|
| 81 |
+</li> |
|
| 82 |
+ |
|
| 70 | 83 |
<li> |
| 71 | 84 |
<b>In-person help.</b> |
| 72 | 85 |
If you're doing interesting and important Tor research and need help |
| ... | ... |
@@ -116,8 +129,46 @@ href="http://freehaven.net/anonbib/">these papers</a> (especially the |
| 116 | 129 |
ones in boxes).</p> |
| 117 | 130 |
|
| 118 | 131 |
<p>We need people to attack the system, quantify defenses, |
| 119 |
-etc. See the "Research" section of the |
|
| 120 |
-<a href="<page volunteer>#Research">volunteer</a> page.</p> |
|
| 132 |
+etc. Here are some example projects: |
|
| 133 |
+ |
|
| 134 |
+<ul> |
|
| 135 |
+ |
|
| 136 |
+<li>The "website fingerprinting attack": make a list of a few |
|
| 137 |
+hundred popular websites, download their pages, and make a set of |
|
| 138 |
+"signatures" for each site. Then observe a Tor client's traffic. As |
|
| 139 |
+you watch him receive data, you quickly approach a guess about which |
|
| 140 |
+(if any) of those sites he is visiting. First, how effective is |
|
| 141 |
+this attack on the deployed Tor design? The problem with all the |
|
| 142 |
+previous attack papers is that they look at timing and counting of |
|
| 143 |
+IP packets on the wire. But OpenSSL's TLS records, plus Tor's use of |
|
| 144 |
+TCP pushback to do rate limiting, means that tracing by IP packets |
|
| 145 |
+produces very poor results. The right approach is to realize that |
|
| 146 |
+Tor uses OpenSSL, look inside the TLS record at the TLS headers, and |
|
| 147 |
+figure out how many 512-byte cells are being sent or received. Then |
|
| 148 |
+start exploring defenses: for example, we could change Tor's cell |
|
| 149 |
+size from 512 bytes to 1024 bytes, we could employ padding techniques |
|
| 150 |
+like <a href="http://freehaven.net/anonbib/#timing-fc2004">defensive |
|
| 151 |
+dropping</a>, or we could add traffic delays. How much of an impact do |
|
| 152 |
+these have, and how much usability impact (using some suitable metric) |
|
| 153 |
+is there from a successful defense in each case?</li> |
|
| 154 |
+</li> |
|
| 155 |
+ |
|
| 156 |
+<!-- |
|
| 157 |
+<li> |
|
| 158 |
+Path selection algorithms, directory fetching schedules for Tor-on-mobile |
|
| 159 |
+that are compatible anonymity-wise with our current approaches. |
|
| 160 |
+</li> |
|
| 161 |
+ |
|
| 162 |
+<li> |
|
| 163 |
+Figure out how bad 10 minutes is for maxcircuitdirtiness. |
|
| 164 |
+</li> |
|
| 165 |
+--> |
|
| 166 |
+ |
|
| 167 |
+<li>More coming soon. See also the "Research" section of the |
|
| 168 |
+<a href="<page volunteer>#Research">volunteer</a> page for other topics. |
|
| 169 |
+</li> |
|
| 170 |
+ |
|
| 171 |
+</ul> |
|
| 121 | 172 |
|
| 122 | 173 |
</div><!-- #main --> |
| 123 | 174 |
|
| ... | ... |
@@ -915,18 +915,6 @@ href="http://dl.dropbox.com/u/37735/index.html">thesis and prototype</a>. |
| 915 | 915 |
<a id="Research"></a> |
| 916 | 916 |
<h2><a class="anchor" href="#Research">Research</a></h2> |
| 917 | 917 |
<ol> |
| 918 |
-<li>The "website fingerprinting attack": make a list of a few |
|
| 919 |
-hundred popular websites, download their pages, and make a set of |
|
| 920 |
-"signatures" for each site. Then observe a Tor client's traffic. As |
|
| 921 |
-you watch him receive data, you quickly approach a guess about which |
|
| 922 |
-(if any) of those sites he is visiting. First, how effective is |
|
| 923 |
-this attack on the deployed Tor codebase? Then start exploring |
|
| 924 |
-defenses: for example, we could change Tor's cell size from 512 |
|
| 925 |
-bytes to 1024 bytes, we could employ padding techniques like <a |
|
| 926 |
-href="http://freehaven.net/anonbib/#timing-fc2004">defensive dropping</a>, |
|
| 927 |
-or we could add traffic delays. How much of an impact do these have, |
|
| 928 |
-and how much usability impact (using some suitable metric) is there from |
|
| 929 |
-a successful defense in each case?</li> |
|
| 930 | 918 |
<li>The "end-to-end traffic confirmation attack": |
| 931 | 919 |
by watching traffic at Alice and at Bob, we can <a |
| 932 | 920 |
href="http://freehaven.net/anonbib/#danezis:pet2004">compare |
| 933 | 921 |