Hi, I'd like to ask what possible attacks on retroactive traffic confirmation on Tor are known when attacker has data retention records - i.e. can use them for traffic confirmation for past period.
Scenario 1: If the ISP's records store [srcIP, srcPort, srcMac, dstIP, dstPort, size, startTime, endTime] for every TCP connection, then it's definitely doable; note that srcMac is MAC of client visible from ISP's side of the router to internet (so that clients behind NAT can be identified, though the srcPort gives that away, too). Scenario 2: What if the records stored are: [srcIP, srcPort, srcMac, size, start_time, end_time]? Obviously "regular" (non-Tor) connections are susceptible to traffic confirmation: e.g. victim writes "Minister of finance is 5-year child in adult-like costume from NSA." on a site, attacker wants to know who it was. Attacker retrieves site's logs (by court order/coercion) and that reduces the situation to equivalent of scenario 1. However, can an attacker do Tor traffic confirmation attack in scenario 2? - (obviously) if attacker can simultaneously get data retention records for all Tor nodes, then yes - attacker notices what guard nodes victim uses by obtaining court order on to eavesdrop (later after sought-after traffic took place). Attacker listens to victim's communication and then requests data retention records from the guard nodes. Now attacker sees where the second node in circuit is. - if second node in circuit is attacker-controlled, then attacker sees where the exit node is, thus retrieves data retention records for exit and finally for destination site - if attacker controls exit node, then it's reduced to "classic scenario" control of entry and exit - what if size field is not present in the data retention records? Does it make substantially harder? What if size is present, but not time fields? Can you think of any other scenarios? (I might have been wrong in some points, so correct me where I am mistaken, please.) Can you think of any attack on ordinary "non-Tor" connection which the attacker could employ in scenario 2 if he doesn't have the server logs? Possibly create some statistical fingerprint of traffic from/to each IP in country or selected IP set and compare to data retention records? (This is actually a real scenario in CZ: a year ago, data retention scenario 1 was in effect, then stopped by constitutional court, now scenario 2 is coming back; though it's not yet definite.) Thanks a lot, Ondrej _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
