Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor Open To Attack

Posted by kdawson on from the peeling-the-onion dept.

An anonymous reader writes "A group of researchers have written a paper that lays out an attack against Tor (PDF) in enough detail to cause Roger Dingledine a fair amount of heartburn. The essential avenue of attack is that Tor doesn't verify claims of uptime or bandwidth, allowing an attacker to advertise more than it need deliver, and thus draw traffic. If the attacker controls the entry and exit node and has decent clocks, then the attacker can link these together and trace someone through the network."

1 of 109 comments (clear)

  1. How Many Nodes Do You Need to Own? by quanticle · · Score: 4, Insightful

    "We show that even if an adversary can control a few malicious nodes -- 3 to 6 with a PlanetLab network of 60 honest servers -- the adversary can still compromise the identity of a significant fraction of the connections from new clients."

    3 to 6 servers out of 60 is still 5 to 10 percent. That's fine for small networks, but for a network with hundreds or thousands of nodes, controlling 5 to 10 percent may become infeasible. Does this attack require the number of nodes to scale with network size?

    --
    We all know what to do, but we don't know how to get re-elected once we have done it