Opened 11 years ago

Last modified 7 years ago

#690 closed enhancement (Deferred)

Increase the security by adding Relays from the same provider to the same family

Reported by: amis Owned by:
Priority: High Milestone:
Component: Core Tor/Tor Version: 0.1.2.19
Severity: Keywords:
Cc: amis, arma, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hi

Many routers runned on the same provider could break security used in the same circuit.

Even if the is the /16 auto exclude and the Family declaration, it's seems there isn't any control of the provider traffic analysis.
We could see in the directory many routers from the same provider with asn't the same /16 network.

It should be great to give directories to auto add families to OR from the same provider based on the RIPE registry AS number of the smallest IP range.

Perhaps should be better operated only by authorities directories.

Examples of multiples /16 from the word:
virtual.com.br 189.5 189.61 189.33 ...
brasiltelecom.net.br 200.180 201.3 201.24
hispeed.ch 84.75. 87.73. 85.2.
proxad.net
wanadoo.fr
chello.pl
t-dialin.net ...

Regards

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Attachments (1)

144-enforce-distinct-providers.txt (6.4 KB) - added by amis 11 years ago.
Proposal submitted to the list

Download all attachments as: .zip

Change History (7)

comment:1 Changed 11 years ago by arma

Where do we get the definitive lists?

Also, where does it stop? If we do this, shouldn't we also generate a
list of IP addresses that are routed by a single tier-1 ISP? After all,
they have access to the same traffic.

And last we checked, that's a potentially very large set of the network:
http://freehaven.net/anonbib/#feamster:wpes2004

"More research required", it would appear.

comment:2 Changed 11 years ago by amis

Roger wrote:

Where do we get the definitive lists?

On the net all is definitive ;-)

Periodical check on the RIPE registry.

Also, where does it stop? If we do this, shouldn't we also generate a
list of IP addresses that are routed by a single tier-1 ISP? After all,
they have access to the same traffic.

1 It's essentily to protect from adding multiple OR on the same network used by the same owner.
I think that check CIDR /16 is not sufficient because big isp give same company multiple ip on different B class .
For example let's have a look at RMLAnonSrv1 to RMLAnonSrv6 they are on 3 class B of the same provider and no family is set. It should be safe but ?
2 In many countries final( domestic) ISP as necessity to save and access real time to global control of exchange of all final user. In Europe, it's 2 or 3 providers by country with are clearly identified by RIPE check or reverse check.

But i'll read your document http://freehaven.net/anonbib/#feamster:wpes2004 as soon as possible.

comment:3 Changed 11 years ago by nickm

This is something that would definitely needs a feature proposal [see 1]. There are issues about efficiently
transmitting the necessary info to clients (whether it's collated at the authorities, or whether they all
fetch it directly). Also, if you care about topological diversity, it isn't enough to make sure all the routers
are in different places: you need to make sure that the full path from all routers doesn't bottleneck at a
single ISP or exchange.

The WPES2004 paper is a good start on some of this, but see also http://freehaven.net/anonbib/#murdoch-pet2007 .

This is not to say that the ideas here are bad or unworkable: just that the fix will be pretty hard, and somebody
will need to do a fair bit of design work before it can happen.

[1] The Tor proposal process is documented at https://www.torproject.org/svn/trunk/doc/spec/proposals/001-process.txt

Changed 11 years ago by amis

Proposal submitted to the list

comment:4 Changed 11 years ago by arma

Since this discussion has moved to or-dev and proposal 144, I'm going to close
this flyspray.

comment:5 Changed 11 years ago by nickm

flyspray2trac: bug closed.

comment:6 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.