See Threat models for an idea on threat modeling.
This is the threat model on Proposal 1.1 (P11).
Threats on the software¶
Threats on the network transmission¶
See Attacks on common attacks to anonymity systems.
Attacks to which Proposal 1.1 (P11) is vulnerable:
Passive subpoena attack
Active subpoena attack
Partition attack on client knowledge
Tagging attack on headers
Tagging attack on payload
Attacks on multiple messages / large files: While messages are not splitted into packets, the packets don’t have to end in the same node. But it’s still vulnerable because of different sizes.
Timing and packet counting attacks: Even if padding is added, messages are still different sizes.