Cryptography Reference
In-Depth Information
Bob
Alice
alpha
beta
Figure 10.2: A simple circuit established between Alice's and Bob's
computers might pass through two proxies,
.This
circuit will be hidden by the confusion of the network described in
Figure 10.3.
alpha
and
beta
ing effectivelymaking it impossible to track where the packets go and
who sends back a response.
The security of the systemdepends heavily on the confusion pro-
vided by the network of proxy machines- a network that is said to
include at least 1000 servers at some times. If an eavesdropper can't
watch all of the machines, then the eavesdropper may not be able
to track where requests go. Encrypted requests enter the cloud on
the edges and emerge somewhere else as cleartext data going to the
real destination. Matching the clients with the cleartext requests that
eventually emerge is not an easy task. [DS03, Ser07]
A powerful eavesdropper, though, can often figure out informa-
tion from watching carefully. An omniscient eavesdropper can of-
ten match clients with the cleartext packets that leave the cloud of
proxy servers by timing them. If an encrypted packet enters from Al-
ice's machine at 10:30, 10:32, and 10:35 and some cleartext packets of
the same general size leave a distant proxy at 10:31, 10:33, and 10:36,
then there is a good chance that those were Alice's packets. The qual-
ity of this analysis depends heavily on the performance of the net-
work and the number of other users. A fast network that doesn't in-
troduce very large delays will also make the matching process more
precise.
The system is also vulnerable to other accidental leaks of data. If
a proxy server shuts down for some reason then it will break all of the
paths that use it. All of the clients that used it will need to renegotiate
new paths, effectively identifying some of the past traffic. This won't
link up people immediately, but it can be revealing if it is repeated
several times.
There is also one inherent limitations to the protocol that is often
forgotten: onion routing only protects information to the last proxy
in the chain. After that, the last proxy will communicate in the clear
with the final destination for the data packet. Some suggest that the
people who volunteer to operate the last proxies in the chain, the
edge servers, may be doing so to peek at all of the data flowing past.
