Given you have access to THE NETWORKING (not the devices, just their networking, as if you were their ISP) of all the 3 relays that a circuit is using, could you time-correlate all the nodes of the circuit, as in would they connect at the same time, therefore making time correlation possible?
Asked
Active
Viewed 217 times
2 Answers
1
Yes, if you've got a complete view of the network, you can de-anonymize TOR circuits: as the circuit is built up, the nodes build their connections one after another. This is the most favorable condition for performing a timing attack on the network, and works regardless of the length of the circuit or how often it changes.
This is also by far the hardest to pull off in the real world: the typical TOR circuit passes through multiple countries, whose intelligence and police agencies don't cooperate with each other. I'm having trouble picturing the FBI and the FSB working together to track down a German drug dealer selling to a client in China.
Mark
- 34,390
- 9
- 85
- 134
0
- By design, Tor exit nodes change.
- Tor could be set to do 4 nodes rather than 3 by changing the source code.
Not sure how you would have access when these things change.
Or, are you are just asking about theory...
Well, node 1 would talk to 2, then 2 would talk to 3. There is a little latency in doing this. That latency might be short enough with little traffic to be able to connect them. If there is a lot of traffic, it would be difficult to know for certain, however, there can be a probability calculated with enough data going through.
MikeP
- 1,159
- 7
- 12
-
Tor is end-to-end encrypted, therefore both entry and middle relays receive the same data, right? Yes, Tor exit nodes change, but one packet is enough to deanonymize someone. So they would start talking to each other at approximitely the same time? – Samuel Shifterovich Oct 12 '16 at 19:52