[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] List of ways to attack Tor



On Thu, Jan 05, 2017 at 12:25:20PM +1030, windows95@national.shitposting.agency wrote:
> I'm tasked with doing a short report on the ways in which Tor can be
> attacked.
> I've brainstormed and done research for few hours and this is the
> list I've come up with.
> Is there anything big that I've missed?
> I feel I might be a bit light on more technical attacks.

Your list is pretty good, though it could do with some sorting and
some categories. :)

For another interesting set of attacks, see
https://media.torproject.org/video/Defcon16-Roger_Dingledine-Sec_Anonymity_Vulns_in_Tor.m4v
and
https://media.torproject.org/video/2008-12-29-25c3-2977-en-security_and_anonymity_vulnerabilities_in_tor.mp4

These talks are some years old now, but many of the issues the talks
describe are hard to fix well so they remain an issue in some form.

If I were doing your 'short report', I would try to prioritize the various
attacks in terms of how hard they are to perform, and how damaging they
are if performed. You could imagine a two-dimensional graph where various
attacks correspond to a point on the graph.

I would also want to include a short section on how having a big list of
possible attacks does not indicate that it's a weaker system or weaker
design compared to a system or design that has a shorter but scarier list
of attacks. For example, centralized architectures don't need to think
about the more esoteric attacks, because they have the whole dataset of
what users went to which website right in front of them:
https://svn.torproject.org/svn/projects/articles/circumvention-features.html#5

Let us know what you come up with,
--Roger

-- 
tor-talk mailing list - tor-talk AT lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk