Opened 6 years ago

Last modified 2 years ago

#9689 new project

Write proposal for RELAY_AUTHENTICATE/multipath AUTHENTICATE delivery

Reported by: mikeperry Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: key-theft mike-0.2.5 needs-proposal so-crazy-it-just-might-work research-program term-project
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

To protect against relay key theft, it would be useful if relays supported a way to replay the ntor handshake and the DH/ECDH TLS handshake via a directory mirror whose keys are stored in the Tor source code (via #572).

The idea is that clients could replay some percentage of their circuits' and TLS connections handshakes via independently authenticated cryptographic paths using the directory mirror keys and #5968. If any one handshake replay failed to yield the same session keys from a replayed DH/ECDH/ntor handshake for any subset of the paths, we know the authentication key for that handshake was stolen and one of the client's paths was MITMed, and we could sound the alarm bells.

We'd probably need two cell types for this: a VERIFY cell that included enough information to replay one or both handshakes, and a RELAY_VERIFY cell that instructed a relay to send an enclosed VERIFY cell on behalf of a remote client.

It would be extra neat if we could use this mechanism as the basis for a proper TLS extension, to allow the whole web to do stuff like this.

Child Tickets

Change History (3)

comment:1 Changed 6 years ago by mikeperry

Summary: Write proposal for VERIFY and RELAY_VERIFY cellsWrite proposal for RELAY_AUTHENTICATE/multipath AUTHENTICATE delivery

Ok, I am now fairly convinced that AUTHENTICATE could be bootstrapped into this position for TLS. We would need some form of RELAY_AUTHENTICATE though, and still would need to leverage #572 and #5968.

For circuits/onionkey auth, we probably still need a new VERIFY cell, but if we can authenticate TLS very strongly, that might not matter. I'll leave that for a separate ticket.

comment:2 Changed 6 years ago by nickm

Milestone: Tor: unspecified

comment:3 Changed 2 years ago by nickm

Keywords: needs-proposal research-program term-project added; proposal-needed removed
Severity: Normal
Note: See TracTickets for help on using tickets.