Re: [Tails-dev] TCP Sequence Numbers leak System Clock

Delete this message

Reply to this message
Author: Daniel Kahn Gillmor
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] TCP Sequence Numbers leak System Clock
On 09/27/2014 05:55 AM, Griffin Boyce wrote:

> But to your point, local system time doesn't/shouldn't impact correlation attacks at all. Every network hop between the user and destination has a set system time that is far better to determine sequence. Correlation attacks are nice on paper, but seem to fall apart quite quickly. Even in a lab environment, I can't imagine they are easily replicated.


I would really like to believe this, but it sounds speculative to me.
Can you point to research that shows this is actually a hard problem for
a global adversary who has a well organized data set?

> Or if the sizes are extremely common. Lots of classified documents are about 50kb, but that would be virtually impossible to correlate.


if "about 50kb" means "between 30 kilobytes and 70 kilobytes" then we're
talking about 40000 possible different file sizes. Without robust
padding (which i'm not sure we know how to do yet), that's a 2^15
reduction in search space just from looking at the size of files alone,
even within the "extremely common" set of flow sizes.

every distinguishing characteristic shaves off work that an adversary
needs to do to distinguish "targeted" from "untargeted" traffic, so even
if local system clock isn't particularly useful on its own, it's still
worth cleaning up.

For example, say knowledge of the originating machine's local system
clock lets you filter traffic into 64 anonymity sets (everyone is within
roughly a half-minute of everyone else, and the resolution is about 1
second). that's about 6 bits of info. But those 6 bits can be combined
with with other features (like file size, mentioned above) to provide
much cheaper deanonymization (by a factor of 64!) than was possible
without it.

    --dkg