[cryptography] Preventing Time Correlation Attacks on Leaks: Help! :-)

Mansour Moufid mansourmoufid at gmail.com
Sun Aug 25 22:56:49 EDT 2013


On 2013-08-20, at 3:31 PM, Fabio Pietrosanti (naif) wrote:

> Hi all,
> 
> at GlobaLeaks we are going to implement a feature that want to
> mitigate time correlation attacks between a Whistleblower submitting
> something and a Receiver, receiving a notification that there's a new
> leak outstanding to be accessed.
> 
> We already had a internal discussion and received some valuable
> suggestions and comments available here
> https://github.com/globaleaks/GlobaLeaks/issues/264 .
> 
> However being the argument possibly tricky, we would like to subject
> to suggestion, criticism and review the proposal.

This draft avoids the most common mistakes in this context. First is to
defend against a specific attack rather than time correlation attacks in
general. Second is to conflate padding and timing; some padding schemes
may defeat some weak timing attacks but the two problems are distinct;
you should defend against both, independently.

If I understand correctly the communication channel is one-way, that is,
submissions are into a drop box. In this case it's possible to defend
against time correlation effectively with random delays. For a uniform
distribution, pick a (min, max) pair; for a Gaussian distribution,
pick a large variance.

It seems to me you are on the right track. Best of luck.



More information about the cryptography mailing list