Tor: Research
Read these papers (especially the ones in boxes) to get up to speed on anonymous communication systems.
We need people to attack the system, quantify defenses, etc. For example:
- Website volume fingerprinting attacks (Back et al, Hintz). Defenses include a large cell size, defensive dropping, etc. How well does each approach work?
- The end-to-end traffic confirmation attack. We need to study long-range dummies more, along with traffic shaping. How much traffic of what sort of distribution is needed before the adversary is confident he has won?
- It's not that hard to DoS Tor servers or dirservers. Are puzzles the right answer? What other practical approaches are there?
- What sensitive info squeaks by privoxy? Are other html scrubbers better?