Skip to content
Snippets Groups Projects

StrategicAdversaries

Last edited by Alexander Færøy

== Strategic Adversary Models ==

Use cases

  • Journalistic (upload leaked documents): Goal:

    • Upload documents/blogpost, identity not exposed Properties:
    • Hide identity
    • (Possibly) hide location
    • Adversary: Entity that doesn't want documents leaked (usually intelligence agency?)

  • 'Generic user' who knows the internet has hostile but has no idea about a specific adversary. Goal: ? Properties: ?

  • Users who wish to hide their location specifically

  • Users who wish to circumvent censorship

  • Users who wish to circumvent censorship and maintain anonimity (in location and/or identity)

Generic properties:

  • Clueful/trained or not
  • Know their adversary or not
  • Want to protect identity
  • Want to protect location
  • Want to circument censorship

Adversaries

  • Intelligency agencies Properties:

    • Well funded
    • Might care about reputation
    • Are interested in 'evidence'

  • Commercial operations (for smaller, less well funded states), e.g. Defense contractors Properties: ?

  • "Internet troll" Properties:

    • Not usually covert
    • Typically attacks could be denial of service (targetted or not targetted "just to mess things up"), and deanonimising users (not targetted, typically?)

  • (Irresponsible) researchers Properties:

    • Might mean no harm, but could actually deanonimise real users
    • Usually short term attack ?

  • Commercial advertisers/sites Properties:

    • Wish to deanonimise/track users

  • Botnet (commercial?) Properties: ?

Users

? Connecting only to hidden services

Attacks

Properties/Costs

  • Covert/Hidden attack (or not)
  • Sustainable attack (or not)
  • Costs of approval
  • Reputation costs (if leaked/found out)
  • Time/Bandwidth/Hardware ('tradional costs')

Methods

  • Compromise hidden service and then attack browser (js, play sound and pick it up, etc) Properties: - Usually detected after a while

  • Tagging/padding attacks Properties: - Easy to detect when (it was) active

  • Fingerprint attacks. Properties: - Hard to detect

  • Compromising several devices (e.g. browser, play sound, compromised phone picks it up)

  • ...

Types

  • Deanonmise user
  • Identity theft
  • Blocking access (censorship)
  • Denial of service
  • Rubberhose attacks

To categorise:

  • ISP(s) - privacy wrt ISP
  • Privacy wrt destination
  • (exit) relay operators sniffing outgoing traffic.
    • Application layer not encrypted (can make it worse for users to people use Tor, due traffic going everywhere) -- "Unencrypted website" (users might not understand this, we don't want to limit their access to websites, but we do want to protect them)
  • (Random parties) sniffing exit traffic -- threat to 'ordinary' users.

Comments

    Please register or sign in to add a comment.