Changes between Version 37 and Version 38 of thesis

Apr 26, 2011 2:23:26 PM (8 years ago)


  • thesis

    v37 v38  
    3939< Both, monitor and attack peers run with 64 KB/s. Monitor peers just participate in the network and behave as any other node. (No special behavior to the victim)[[BR]][[BR]]
     41**> Hmm that's discouraging. Obviously the attack is more powerful if the attack peers don't need to be high-bandwidth. I think what we are seeing is the potential of attacks where the attackers are only "nice" to potential victims, as a way of appearing fast to that victim and getting into their tunnels quicker (even if that's not exactly what you did). In any case, I'm surprised that it didn't take more bandwidth and will have to look into it further. As you know the primary defense against DDos is to increase resource requirements and we have to figure out how to do that.
    4143Table 5.2: The network size is estimated to be about 2500 uniques per day, and about 6000 - 7000 uniques per month (source )
    5254< 3-hop requires handling of A-F-A-V-B-C-D case (A=attacker, V=victim, B/C/D=bystanders, F=false-positive), which is easy (looking at traffic volumes not changing) but was not (yet) implemented (hence no data presented); preliminary data shows that the overall signal strength is not significantly disminished. 1-hop and 2-hop data sufficiently strong. Bottom line: If we have time to add the data, it will be added.[[BR]][[BR]]
     56**> I didnt expect you would have time to run more experiments; but since your victim was not using the default 3-hop tunnels, some explanation of why you chose shorter hops, and a prediction of how the results would change (if at all) with 3-hop tunnels is clearly appropriate.
    5458    "for the duration of the measurement": How long was it? minutes, hours, days? The time-to-deanonymize would be good to include here. It isn't clear if you deanonymize in one tunnel lifetime (10 minutes) or it takes multiple successful placements of the monitor peers over a long time period.
    5660< 4 hours test data. (Addressed in the paper) Every point is a deanonymization as we described it. Tunnel participation in inbound and outbound tunnel, for 10 minutes.[[BR]][[BR]]
     62**> OK. I didnt see any mention of the actual duration.
    5864Sec 6 Discussion: