Home >
Invited Speakers >
Call for Papers >
Registration >
Travel >
Contact >

Provable Privacy Workshop

July 9-10, 2012, Vigo, Spain


Tor, real-world attackers, and (un)provable privacy

Roger Dingledine, The Tor Project

Tor's approach to threat models is to try to understand the capabilities of realistic attackers we expect to encounter, rather than picking adversaries our protocols can withstand. This strategy has led us to
deploy systems that are not amenable to security proofs. Or to say it even more strongly, we deploy provably insecure systems relative to real-world adversaries, because they're still the safest ones we
can deploy.

In this talk I'll explain some realistic attacks against Tor's anonymity and blocking-resistance properties, and discuss some reasons why it's hard to produce accurate and useful models for these attacks (and thus hard to prove things about them).