Thursday, May 19, 2005
1 PM - 2 PM
5331 CS
|
S. J. Murdoch
G. Danezis
S. J. Murdoch, G. Danezis
Cambridge
Low-Cost Traffic Analysis of Tor
Oakland'05
URL: http://www.cl.cam.ac.uk/~sjm217/papers/oakland05torta.pdf
Tor is the second generation Onion Router,
supporting the anonymous transport of TCP streams
over the Internet. Its low latency makes it very
suitable for common tasks, such as web browsing,
but insecure against traffic analysis attacks by a
global passive adversary. We present new traffic
analysis techniques that allow adversaries with
only a partial view of the network to infer which
nodes are being used to relay the anonymous streams
and therefore greatly reduce the anonymity provided
by Tor. Furthermore, we show that otherwise
unrelated streams can be linked back to the same
initiator. Our attack is feasible for the adversary
anticipated by the Tor designers. Our theoretical
attacks are backed up by experiments performed on
the deployed, albeit experimental, Tor network. Our
techniques should also be applicable to any low
latency anonymous network. These attacks highlight
the relationship between the field of traffic
analysis and more traditional computer security
issues, such as covert channel analysis. Our
research also highlights that the inability to
directly observe network links does not prevent an
attacker from performing traffic analysis: the
adversary can use the anonymising network as an
oracle to infer the traffic load on remote nodes in
order to perform traffic analysis.
|
Thursday, May 26, 2005
1 PM - 2 PM
7331 CS
|
P. Oechslin
P. Oechslin
EPFL
Making a Faster Cryptanalytic Time-Memory Trade-Off
CRYPTO'03
URL: http://lasecwww.epfl.ch/~oechslin/publications/crypto03.pdf
In 1980 Martin Hellman described a cryptanalytic
time-memory trade-off which reduces the time of
cryptanalysis by using precalculated data stored in
memory. This technique was improved by Rivest before
1982 with the introduction of distinguished points
which drastically reduces the number of memory
lookups during cryptanalysis. This improved
technique has been studied extensively but no new
optimisations have been published ever since. We
propose a new way of precalculating the data which
reduces by two the number of calculations needed
during cryptanalysis. Moreover, since the method
does not make use of distinguished points, it
reduces the overhead due to the variable chain
length, which again significantly reduces the number
of calculations. As an example we have implemented
an attack on MS-Windows password hashes. Using 1.4GB
of data (two CD-ROMs) we can crack 99.9% of all
alphanumerical passwords hashes (237) in
13.6 seconds whereas it takes 101 seconds with the
current approach using distinguished points. We show
that the gain could be even much higher depending on
the parameters used.
|
Created and maintained by Mihai Christodorescu (
http://www.cs.wisc.edu/~mihai)
Created: Fri Feb 04 16:32:13 2005
Last modified: Mon May 16 15:03:18 Central Daylight Time 2005