End-to-end confirmation attacks against Tor can de-anonymize users - so far with the scientific assumption. But the different experimental setups used for such attacks prevent from any comparability of results, and the impact remains unclear. Digestor answers this shortcoming.
Delays are the most important parameter for our measurements, as they can influence how successful an end-to-end confirmation attack gets. By definition the virtual private Tor network does not introduce any delays as expected with Tor and transmissions through international routing. Therefore. we need empirical data to feed our virtual network some ealistic parameters. We use the Delay Scanner to gather this information.
After generating terabytes of traces, the data passes a long procedure of postprocessing. It begins with parsing metadata information to a database. With all client and server captures represented by five features, the traffic analysis framework applies multiple comparison metrics of different classes and simulates an identification attack on all connections of an experiment. Finally, we can compare the average performance of each metric.
The Delay Scanner uses up-to-date consensus data to generate location-sensitive circuits. From these circuits we conduct measurements on the circuit build and request completion time, individually for different continents and countries. As a reference, standard weighted Tor circuits are probed the same way.
In the Private Tor Network we generate client and server traces that represent individual use case scenarios. Raw PCAP output is parsed into a central database and is used as input for the Traffic Analysis Framework and provides comparability of results. The parsing step is generic and independent from the attack techniques applied later.
At the moment the Traffic Analysis Framework provides metrics based on scalar packet counts, Pearson correlation, Principal Component Analysis and Pearson correlation, Root Mean Squared Error, and Mutual Information.