Tadeln können zwar alle Tor, aber klüger handeln nicht. - PDF

Tadeln können zwar alle Tor, aber klüger handeln nicht. mo Easterhegg Salzburg PGP: FAFF CBB0 BB9E A51 BBA0 ECE9 21DA 863B 95F7 Tadeln können zwar die Toren, aber

Please download to get full document.

View again

of 33
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.


Publish on:

Views: 36 | Pages: 33

Extension: PDF | Download: 0

Tadeln können zwar alle Tor, aber klüger handeln nicht. mo Easterhegg Salzburg PGP: FAFF CBB0 BB9E A51 BBA0 ECE9 21DA 863B 95F7 Tadeln können zwar die Toren, aber klüger handeln nicht. August Friedrich Ernst Langbein ( ) deutscher Dichter und Schriftsteller Quelle:»Die neue Eva«, Wien, 1829 Wer bin ich Eine kurze Geschichte der Anonymität Tor mo betreibt seit ~2000 Anonymisierungsdienste : TU Dresden, Datenschutz und Datensicherheit Prof. Pfitzmann 2010 Gründung Torservers.net 1992 anon.penet.fi (Typ 0 R er) (500,000 users, 8000 messages/day, ~$1000/month) : Church of Scientology, Los Angeles FBI Finland 1992 Cypherpunks-R er (Typ 1 R er) einfaches R en, kein Mixing ( Timing Analysis), kein Padding ( Traffic Analysis) 1994 Mixmaster (Typ 2) 1995 anonymizer, c2.net nymserver 2002 Mixminion (Typ 3) https://sarwiki.informatik.hu-berlin.de/mixmaster_r er 1 1978 Limitations of End-to-End Encryption in Secure Computer Networks (Karger) 1981 Untraceable electronic mail, return addresses and digital pseudonyms (David Chaum) 1985 Networks Without User Observability Design Options (Pfitzmann) 1991 ISDN-Mixes (Pfitzmann) 1995 Initial work on Onion Routing begins 1998 Real-Time MIXes (Pfitzmann) (aus: JAP Inside, Stephan Köpsell, 2002 https://anon.inf.tu-dresden.de/develop/anon.ppt ) https://www.torproject.org/about/overview Goldschlag, Reed, Syverson: Naval Research Laboratory Briefing 1996 Goldschlag, Reed, Syverson: Naval Research Laboratory Briefing 1996 I2P 2000 Roger Dingledine Master s Thesis: Garlic Routing Unfortunately, I2P's usage of garlic terminology over the past seven years has not always been precise; therefore the reader is cautioned when encountering the term. https://geti2p.net/en/docs/how/garlic-routing 2003 erstes I2P release Unidirektionale Tunnel Angriffsvektor Traffic Correlation The Tor design doesn't try to protect against an attacker who can see or measure both traffic going into the Tor network and also traffic coming out of the Tor network. That's because if you can see both flows, some simple statistics let you decide whether they match up. [ ] The way we generally explain it is that Tor tries to protect against traffic analysis, where an attacker tries to learn whom to investigate, but Tor can't protect against traffic confirmation (also known as end-to-end correlation), where an attacker tries to confirm a hypothesis by monitoring the right locations in the network and then doing the math. And the math is really effective. There are simple packet counting attack and moving window averages, but the more recent stuff is downright scary, like Steven Murdoch's PET 2007 paper about achieving high confidence in a correlation attack despite seeing only 1 in 2000 packets on each side (Sampled Traffic Analysis by Internet-Exchange-Level Adversaries). https://blog.torproject.org/blog/one-cell-enough Angriffsvektor Traffic Correlation The Java Anon Proxy (also known as JAP or Web MIXes) uses fixed shared routes known as cascades. As with a single-hop proxy, this approach aggregates users into larger anonymity sets, but again an attacker only needs to observe both ends of the cascade to bridge all the system's traffic. The Java Anon Proxy's design calls for padding between end users and the head of the cascade. However, it is not demonstrated whether the current implementation's padding policy improves anonymity. (Tor Design Paper, 2004) Not secure against end-to-end attacks: Tor does not claim to completely solve end-to-end timing or intersection attacks. (Tor Design Paper, 2004) A global passive adversary is the most commonly assumed threat when analyzing theoretical anonymity designs. But like all practical low-latency systems, Tor does not protect against such a strong adversary. (ebd.) Currently nodes are not required to do any sort of link padding or dummy traffic. Because strong attacks exist even with link padding, and because link padding greatly increases the bandwidth requirements for running a node, we plan to leave out link padding until this tradeoff is better understood. (Tor Protocol Specification) There is clear evidence that timing information is both recognized as being key to correlating events and streams; and it is being recorded and stored at an increasing granularity. There is no smoking gun as of 2011 to say they casually de-anonymize Tor circuits, but the writing is on the wall for the onion routing system. GCHQ at 2011 had all ingredients needed to trace Tor circuits. It would take extra-ordinary incompetence to not have refined their traffic analysis techniques in the past 5 years. The Tor project should do well to not underestimate GCHQ s capabilities to this point. [ ] One should wonder why we have been waiting for 3 years until such clear documents are finally being published from the Snowden revelations. If those had been the first published, instead of the obscure, misleading and very non-informative slides, it would have saved a lot of time and may even have engaged the public a bit more than bad powerpoint. George Danezis, A technical reading of the HIMR Data Mining Research Problem Book, February 3rd 2016 https://conspicuouschatter.wordpress.com/2016/02/03/atechnical-reading-of-the-himr-data-mining-research-problem-book/ Wer betreibt die Relays? Wer betreibt die Relays? Betreiben oder überwachen? Welche Vorteile? https://github.com/moba/stem-scripts/blob/master/listrelaysbyspeed.py ( ) https://compass.torproject.org/ Lösungsansätze Guard design Vertrauen in Exits end-to-end crypto ( Angriffsvektor Application Layer ) Browser fingerprinting (Clients) Web server fingerprinting (Server) Tor Browser Hier mal ausgeklammert Alternativen? nicht alle Angreifer sind global active/passive! Was ist besser? d.h., bis auf nichtstun, was schützt mich de fakto am besten, zugeschnitten auf meine Situation? Alternativen? High latency mixing (?) Alpha Mixing, Dingledine 2006 Ruhr-Uni Bochum Broadcast (Bitmessage) PETS Darmstadt Juli th Privacy Enhancing Technologies Symposium Einreichungen für HotPETs bis 13. Mai! - Kurzvorträge auch von Nicht-Akademikern!
Related Search
Similar documents
View more...
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks