Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#5979 closed defect (invalid)

Tor hidden services can be censored with (D)DoS attacks

Reported by: cypherpunks Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Keywords: needs-proposal tor-hs
Cc: g.koppen@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

(D)DoS attacks can defeat what hidden services shall provide: censor resistant services.

There have been successful attacks on sites I do not care about, such as the hidden wiki. Might target any other hidden site.

Child Tickets

Change History (13)

comment:1 Changed 7 years ago by gk

Cc: g.koppen@… added

comment:2 Changed 7 years ago by cypherpunks

Component: Tor Hidden ServicesTor Client

comment:3 Changed 7 years ago by cypherpunks

Priority: criticalblocker

Statement?

comment:4 Changed 7 years ago by arma

Component: Tor ClientTor Hidden Services
Priority: blockernormal

When you say 'blocker', what do you suggest that it block?

This is not a 'bug' so much as a missing design. There are two phases to fixing it.

First, the easier one, is to look at the various parameters we've picked (how many intro points, how many requests allowed, what sort of timeout, etc etc) and see if they're good parameters in practice. Probably most of them aren't. Then see if they should adapt under attack (and also consider messy things like anonymity effects of adapting under attack). I suggest getting your Tor network running under Shadow or ExperimenTor to get a good handle on the big picture.

The second phase is to take a step back and see if better designs would provide better resistance to attack.

You may find http://freehaven.net/anonbib/#valet:pet2006 or http://freehaven.net/anonbib/#overlier-pet2007 or http://petsymposium.org/2008/hotpets/vrtprsvc.pdf useful in phase two. See in particular the designs where the introduction point ignores your cell if you don't provide the right authentication.

comment:5 Changed 7 years ago by nickm

Step one, I would think, after coming up to speed on design stuff, is to think about which parts of the hidden service protocol are most DoS-vulnerable, and figure out how to make those robust.

comment:6 Changed 7 years ago by nickm

Milestone: Tor: unspecified

comment:7 Changed 7 years ago by arma

I'm inclined to close this ticket, since it's not a bug and it's also not any particular specified design. If we had a ticket for every open problem we wanted to come up with a way to solve, we'd be buried in tickets. :)

Or said another way, there is probably a good place for reminding people about this problem, and it's not a trac ticket. Maybe I should add a paragraph to the research page?

comment:8 Changed 7 years ago by cypherpunks

(Paul here.)
Sounds good. Besides pointing at the papers by Lasse and myself, you should
probably also point at Karsten's dissertation.

comment:9 Changed 7 years ago by arma

I pointed to Karsten's hotpets 2008 paper above. It has links to many good things, including a thesis.

comment:10 Changed 7 years ago by nickm

Keywords: needs-proposal added

comment:11 Changed 7 years ago by rransom

Resolution: invalid
Status: newclosed

Every type of service can be censored using a denial-of-service attack. Closing.

(Hopefully the troll who opened this ticket is gone now.)

comment:12 Changed 7 years ago by nickm

Keywords: tor-hs added

comment:13 Changed 7 years ago by nickm

Component: Tor Hidden ServicesTor
Note: See TracTickets for help on using tickets.