[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] High-latency hidden services (was: Re: Secure Hidden Service (was: Re: ... Illegal Activity As A Metric ...))

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] High-latency hidden services (was: Re: Secure Hidden Service (was: Re: ... Illegal Activity As A Metric ...))
From: Seth David Schoen <schoen@xxxxxxx>
Date: Sun, 29 Jun 2014 17:58:31 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 29 Jun 2014 21:12:33 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date; bh=C+vif3xr/8xuB/+HMxurC6aSPqTxvspxBYEUpzqx/b8=; b=lNP2BlG/hNgUt2zhihkmcBOsc7GYQeMdKOYE4sSk5GdYsf+AqJ8nj3mPG6IscyUjnyDJ6dAzudXI07OKPWMhJ4JOF4m4EtARZ0xCGnWKZ46K/q6l3M9mQkn1VcBYRao+YG3cKaSlNl9uWrqzYj4fcINnZ4EfPN0TVdDq8NWgrAM=;
In-reply-to: <20140626073045.GA10980@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <53AB742E.5000400@xxxxxxxxxx> <DUB121-W1602424B2673FF14097129C8180@xxxxxxx> <53ABAAFA.1040406@xxxxxxxxxx> <C21E9389-F7C9-47E7-B475-A3D23C8C4F14@xxxxxxxxxxxx> <20140626073045.GA10980@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)

Andreas Krey writes:

> On Thu, 26 Jun 2014 00:50:29 +0000, Tor Talker wrote:
> ...
> > > enough to do it securely enough. Also, hidden services are far more
> > > vulnerable than Tor users, simply because they serve stuff.
> ...
> > What sort of vulnerabilities would you expect to see?
> 
> Problem: Your hidden server can be made to talk by accessing it
> (which is not the case for tor clients). Thus correlation attacks
> are possible if you have access to the bandwith data of a server
> you suspect to be a hidden service. Also the downtime of a hidden
> service could be correlated with obtained downtimes of IP addresses
> of machines at usual hosting providers (or elsewhere; apparently
> pinging the entire v4 internet is quite feasible nowadays).

I wonder if there's a way to retrofit high-latency hidden services
onto Tor -- much as Pond does, but for applications other than Pond's
messaging application.

For example, maybe there's a way for a hidden service to define an
asynchronous API through which client software can use the service,
and then have some kind of pool of API requests and API replies which
the server can update via asynchronous polling (much as Pond does with
pools of user-to-user messages).

This could conceivably have much better traffic analysis resistance,
maybe even against a global adversary.

Then a question is whether users would want to use a service that takes,
say, several hours to act on or answer their queries (and whether the
amount of padding data required to thwart end-to-end traffic analysis
is acceptable).

One important problem is what counts as "thwarting end-to-end traffic
analysis".  Right now with Pond, the goal is to prevent anyone from
knowing which Pond users communicate with which other Pond users and
when, not necessarily prevent them from knowing who is a Pond user.
(It seems like the Tor traffic generated by a Pond user's client would
be recognizable as coming from Pond.)  On the other hand, the services
that I'm thinking of should prevent a passive adversary from knowing
who is using _which services_, including locating the infrastructure of
those services.  In my analogy, the system should conceal the fact that a
particular person is running Pond on their home network, and also conceal
which servers are providing infrastructure for Pond communications.

Satisfying this property might have implausibly high padding
requirements.

-- 
Seth Schoen  <schoen@xxxxxxx>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: Mirimir
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: Mark McCarron
- Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity
  - From: Mirimir
- [tor-talk] Secure Hidden Service (was: Re: ... Illegal Activity As A Metric ...)
  - From: Tor Talker
- Re: [tor-talk] Secure Hidden Service (was: Re: ... Illegal Activity As A Metric ...)
  - From: Andreas Krey

Prev by Author: Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.
Next by Author: Re: [tor-talk] SPDYv3 [WAS:You could use ModX to create .onion sites, ]
Previous by thread: Re: [tor-talk] Secure Hidden Service (was: Re: ... Illegal Activity As A Metric ...)
Next by thread: Re: [tor-talk] High-latency hidden services (was: Re: Secure Hidden Service (was: Re: ... Illegal Activity As A Metric ...))
Index(es):
- Author
- Thread