wiki:org/meetings/2015SummerDevMeeting/BootstrapBlockingResistance

Tor Client Bootstrap & Blocking Tor Nodes

Scenario

When Tor doesn't have a recent consensus, it tries to contact the authorities for a consensus.

  • New Tor Browser Download
  • Haven't used TBB in a while
  • Bridge doesn't work

Issues

Tradeoff between trying everything simultaneously and DDoS or overwhelming slow connection; and trying everything in sequence and being slow.

Security issues with clocks and old consensuses.

Automated Alternatives

  • Try Old Consensus (tor)
    • Increase consensus just-try-it period - security tradeoff - nodes can be down or compromised
    • Should it be a consensus parameter? (would need to predict attacks in advance)
    • Attack - deliver bytes slowly, or selectively deliver to clients
  • Try Authorities (tor)
  • Try (Old) Guard from state file (tor)
    • Make all nodes/guards a directory mirror - #12538, prop#237
    • Enables various attacks if guard has become bad, but it was likely bad anyway
      • drip-feeding downloads, but guard could do that anyway
  • Try Fallback Directory Mirrors - #15775, prop#??? (tor)
    • Running Opt-in Trial
    • What if the IP changes owner? (sensible backoff behaviour)
    • What if some of the mirrors are down? (contacting the right number of mirrors at the right time in the right sequence, not too many, not too few)
  • Use Cloud/Domain Fronting/FlashProxy to get the consensus (Tor Browser because meek is a PT)
    • clock-based attack using old consensuses
    • trusting cloud fronting provider / DNS / CA System
  • Use Cloud/Domain Fronting/FlashProxy to get bridges from bridgedb (Tor Browser because it needs a UI for CAPTCHA, tor if we do an crypto proof-of-work)
    • Trusting DNS / CA System
    • Google, Microsoft, Amazon, CloudFlare, ...

Manual Alternatives

  • Use default Tor Browser bridges
  • Get a bridge manually
  • Use meek
  • Use an external VPN or proxy solution
Last modified 3 years ago Last modified on Sep 30, 2015, 8:56:30 AM