Silk Road forums

Discussion => Security => Topic started by: kmfkewm on May 21, 2012, 10:28 am

Title: Remote website fingerprinting attack can deanonymize message board users
Post by: kmfkewm on May 21, 2012, 10:28 am
This new research paper is scary. They can with substantially high accuracy remotely test a given IP address and determine if it is browsing a particular site (in the case of some types of website, forums are one type that is particularly vulnerable) , even if they are using Tor or other low latency solutions. This is the state of the art in website fingerprinting attacks and I believe this is the first time it has been shown possible to do them remotely, previously this sort of attacker had to have access to your ISP or entry guard, now they only need your IP address.

http://freehaven.net/anonbib/papers/pets2012/paper_53.pdf
Title: Re: Remote website fingerprinting attack can deanonymize message board users
Post by: vlad1m1r on May 21, 2012, 12:19 pm
Scary stuff indeed!

I was reading that a possible defence might be to pad data out with random bits, see below what the good people at Tor have to say about this:
Quote
Alternate designs that we don't do (yet)
You should send padding so it's more secure.

Like all anonymous communication networks that are fast enough for web browsing, Tor is vulnerable to statistical "traffic confirmation" attacks, where the adversary watches traffic at both ends of a circuit and confirms his guess that they're communicating. It would be really nice if we could use cover traffic to confuse this attack. But there are three problems here:

    Cover traffic is really expensive. And *every* user needs to be doing it. This adds up to a lot of extra bandwidth cost for our volunteer operators, and they're already pushed to the limit.
    You'd need to always be sending traffic, meaning you'd need to always be online. Otherwise, you'd need to be sending end-to-end cover traffic -- not just to the first hop, but all the way to your final destination -- to prevent the adversary from correlating presence of traffic at the destination to times when you're online. What does it mean to send cover traffic to -- and from -- a web server? That is not supported in most protocols.
    Even if you *could* send full end-to-end padding between all users and all destinations all the time, you're *still* vulnerable to active attacks that block the padding for a short time at one end and look for patterns later in the path.

In short, for a system like Tor that aims to be fast, we don't see any use for padding, and it would definitely be a serious usability problem. We hope that one day somebody will prove us wrong, but we are not optimistic.

I found a paper the other day on disguising Tor use as Skype traffic, it sounded most promising although of course it would be obvious to any fool with the list of Tor relays could still see connections to their IP address and I imagine you'd have a hard time convincing them you had a fulfilling VOIP conversation at these kind of speeds!

V.

This new research paper is scary. They can with substantially high accuracy remotely test a given IP address and determine if it is browsing a particular site (in the case of some types of website, forums are one type that is particularly vulnerable) , even if they are using Tor or other low latency solutions. This is the state of the art in website fingerprinting attacks and I believe this is the first time it has been shown possible to do them remotely, previously this sort of attacker had to have access to your ISP or entry guard, now they only need your IP address.

http://freehaven.net/anonbib/papers/pets2012/paper_53.pdf