Changes between Initial Version and Version 1 of Ticket #9001


Ignore:
Timestamp:
May 31, 2013, 4:11:47 AM (4 years ago)
Author:
mikeperry
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #9001

    • Property Cc andrea added
  • Ticket #9001 – Description

    initial v1  
    11In http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf, one of the attacks described is a method for locating the Guard nodes of a hidden service within about an hour.
    22
    3 It also seems possible to locate the Guard nodes of persistent, automated clients in a similar timeframe by similarly fingerprinting and destroying HSdir lookup circuits.
     3It also seems possible to locate the Guard nodes of persistent, automated clients in a similar timeframe by similarly repeatedly destroying HSdir lookup circuits for your target hidden service.
    44
    55These attacks are possible to execute on such rapid timescales because *each* endpoint in hidden service communications can destroy the current circuit, and force the other party to create a new one using a new middle node.
     
    1111 1. Change the Tor Protocol to prevent DESTROY cells and other mechanisms of circuit destruction from destroying the counter-party's endpoint, and create mechanisms for multiple clients to share a single HS rend circuit (such as I2Ps 'garlic routing' concept).
    1212
    13 Nick and I are tentatively learning towards the "Virtual Circuit" approach. Such a layer would cleanly decouple path selection from circuit use, and allow us to do things like keep the same three hops for rend and intro circuits for N days, regardless of transient circuit failures or DESTROY cells.
     13Nick and I are tentatively leaning towards the "Virtual Circuit" approach. Such a layer would cleanly decouple path selection from circuit use, and allow us to do things like keep the same three hops for rend and intro circuits for N days, regardless of transient circuit failures or DESTROY cells.
    1414
    1515This would considerably slow the attack, and also make all sorts of anonymity metrics and analysis easier to do. For example: We can choose N intelligently such that we would expect the runtime of the attack to be a function of our guard lifetime from #8240, or we could define lifetime based on expected circuit use and application-provided linkability hints (such as #5752).