Threat model

See Threat models for an idea on threat modeling.

This is the threat model on Proposal 1.1 (P11).

Arquitecture diagrams

See Deployment and Deployment with GNS

Threats on the software

Threats on the network transmission

See Attacks on common attacks to anonymity systems.


The adversaries here are all the adversaries mentioned in Adversaries.


Attacks to which Proposal 1.1 (P11) is vulnerable:

  • Replay Attacks
  • Blending Attacks
  • Passive subpoena attack
  • Active subpoena attack
  • Partition attack on client knowledge
  • Tagging attack on headers
  • Tagging attack on payload
  • Attacks on multiple messages / large files: While messages are not splitted into packets, the packets don’t have to end in the same node. But it’s still vulnerable because of different sizes.
  • Pseudospoofing
  • Intersection attacks
  • Timing and packet counting attacks: Even if padding is added, messages are still different sizes.