On Thu, Jan 05, 2017 at 12:25:20PM +1030, windows95@national.shitposting.agency wrote: > I'm tasked with doing a short report on the ways in which Tor can be > attacked. > I've brainstormed and done research for few hours and this is the > list I've come up with. > Is there anything big that I've missed? > I feel I might be a bit light on more technical attacks.
Your list is pretty good, though it could do with some sorting and some categories. :) For another interesting set of attacks, see https://media.torproject.org/video/Defcon16-Roger_Dingledine-Sec_Anonymity_Vulns_in_Tor.m4v and https://media.torproject.org/video/2008-12-29-25c3-2977-en-security_and_anonymity_vulnerabilities_in_tor.mp4 These talks are some years old now, but many of the issues the talks describe are hard to fix well so they remain an issue in some form. If I were doing your 'short report', I would try to prioritize the various attacks in terms of how hard they are to perform, and how damaging they are if performed. You could imagine a two-dimensional graph where various attacks correspond to a point on the graph. I would also want to include a short section on how having a big list of possible attacks does not indicate that it's a weaker system or weaker design compared to a system or design that has a shorter but scarier list of attacks. For example, centralized architectures don't need to think about the more esoteric attacks, because they have the whole dataset of what users went to which website right in front of them: https://svn.torproject.org/svn/projects/articles/circumvention-features.html#5 Let us know what you come up with, --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
