Advanced Deanonymization Attacks

A number of advanced deanonymization attacks. These do not just apply to Whonix, but any anonymity system. Some are also general security issues.

Rather than exploiting bugs in the hypervisor to break out, some of these attacks rely on the design of the underlying hardware to bypass privilege separation boundaries and extract (or leak) sensitive information to the network. No need for alarm, there are many qualifications to this and details in the listed tickets on proposed countermeasures. We are interested in cooperation to better assess the performance impact of the planned fixes.

  • Keystroke Deanonymization: T542
  • Advanced Attacks Meta ticket: T540
    • CPU-induced latency Covert Channel: T530
    • Cross-VM cache attacks countermeasures: T539
    • DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks: T541
    • TCP ISNs and Temperature induced clock skews: T543

 

Patrick Schleizer on sabbloggerPatrick Schleizer on sabemailPatrick Schleizer on sabfacebookPatrick Schleizer on sabgithubPatrick Schleizer on sabtwitter
Patrick Schleizer
Developer and maintainer at Whonix
Patrick started developing Whonix, the Anonymous Operating System in 2012, when quickly others joined efforts. He collected experiences working pseudonymous on Whonix for two years, enjoys collaboratively working on privacy preserving software.

Patrick started developing Whonix, the Anonymous Operating System in 2012, when quickly others joined efforts. He collected experiences working pseudonymous on Whonix for two years, enjoys collaboratively working on privacy preserving software.

Posted in Uncategorized

Notable Replies

  1. Patrick says:

    A wiki page has been created by @HulaHoop. Last revision by @HulaHoop:

    https://www.whonix.org/w/index.php?title=Advanced_Attacks&oldid=25645

    Separated the Fix Stage per Whonix platform in latest revision to make it easier to see the fix status per platform:

    https://www.whonix.org/wiki/Advanced_Attacks

    I have also added a row "requires local compromise".

    Please check if my changes are correct.

  2. HulaHoop says:

    Looks good.

  3. Patrick says:

Continue the discussion forums.whonix.org

Participants