[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #5563 [Tor Relay]: Better support for ephemeral relay identity keys

#5563: Better support for ephemeral relay identity keys
-------------------------+--------------------------------------------------
 Reporter:  mikeperry    |          Owner:       
     Type:  enhancement  |         Status:  new  
 Priority:  normal       |      Milestone:       
Component:  Tor Relay    |        Version:       
 Keywords:               |         Parent:  #5456
   Points:               |   Actualpoints:       
-------------------------+--------------------------------------------------
 Tagging-based amplification attacks are primarily an issue of node
 integrity. For the most part, they are impossible to perform if you are
 external to the tor network, and they are detectable if the adversary's
 proportion of compromised nodes on the network is low, due to excessive
 circuit failure at non-colluding nodes.

 However, this all changes if most nodes have easily accessible identity
 keys. All the adversary need do is make a quick stop at each high capacity
 tor relay, freeze the ram/reboot the box, and extract the keys. From that
 point on, the adversary is free to intercept and tag traffic transparently
 upstream. Worse, as the adversary performs this procedure at more and more
 nodes, their circuit failure rate will fall. At least according to the
 math of some dude who claims to be a raccoon:
 https://lists.torproject.org/pipermail/tor-dev/2012-March/003361.html

 I believe the best stopgap solution to this (at least until whatever comes
 out of #5460 is deployed) is to encourage relay operators to keep their
 relay keys on a ramdisk, so they are discarded in the event of reboot.
 This would at least require the adversary to retain persistent access to
 the machine, which risks discovery via auditing mechanisms.

 Unfortunately, there are a few issues with how Tor treats relay identity
 keys that makes it extremely inconvenient for relay operators if they ever
 change.

 This ticket is to serve as the parent ticket for enumerating these
 inconveniences.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5563>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs