[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] automatically detect many new identical/similar bridges

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] automatically detect many new identical/similar bridges
From: teor <teor2345@xxxxxxxxx>
Date: Wed, 14 Dec 2016 21:24:50 +1100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 14 Dec 2016 05:25:16 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=aAE0kQo7o+N3LBU0eCYFIfNi/9E5jLXakvKC7agJZds=; b=HkyKGrzjIbmwdTm2chZ/L1kvkHsLjLU/u5etuGvw8UmdKqC4u2Nb9aOoYw5Rd2vuU8 byYT4VbWJf3X7/pP0fhQ2dvMyI4g7gjJSlHP82cDO4o5Rmvfrnp4w+HhPZGbv498ty+Z SdT5V8eIiMp3Ppj6V7TeCCynN9WsE5NPk/nvDjIFF6awCBn9x3Pz5tPG40Equ/SVGidP h5ssprjH317nvEVPyQKp7MDYUVG+Y4DM//3i5ZxClMMburkvYVHs5SXX80BYW4tA/sdU ZGr5qjNalXrjMkNi8uwq+syPuE+k4qVuLiKV3rO58z85+YVJxlM7KTJKK5lmuFQRz6MP /PHg==
In-reply-to: <6f621276-b2df-34a1-61c9-aeb0617f220e@openmailbox.org>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <6f621276-b2df-34a1-61c9-aeb0617f220e@openmailbox.org>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

> On 14 Dec. 2016, at 21:09, nusenu <nusenu@xxxxxxxxxxxxxxx> wrote:
> 
> another raw idea:
> 
> - would the bridge auth be willing to publish a randomly generated AS
> identifier (regenerated daily) that allows new bridges added on the same
> day to be grouped by that identifier without directly disclosing the AS
> itself.

Bridges don't necessarily contact the bridge auth before producing their
descriptors. So we'd need a protocol change to do this.

> Note: This introduces a confirmation opportunity, where attackers can
> learn the AS in which a new bridge is added if they added a bridge in
> the same AS on the same day. To reduce this problem it could be a hourly
> generated identifier.

How could we avoid an adversary brute-forcing all the possible ASs and
days/hours?

We can use the shared random value in the consensus to prevent relays
knowing their position on the hidden service hash ring in advance, but
there's nothing stopping someone brute-forcing it in arrears.

So we'd need a concrete protocol that would allow correlation, but not
be able to be brute-forced. And we'd need something that doesn't have
a single point of failure (if only we had two bridge authorities, they
could do the shared random protocol).

Hmm, still worth thinking about...

T

-- 
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] automatically detect many new identical/similar bridges
  - From: nusenu

References:
- [tor-dev] automatically detect many new identical/similar bridges
  - From: nusenu

Prev by Author: Re: [tor-dev] Is it safe for second_elapsed_callback() to be called less often?
Next by Author: Re: [tor-dev] Hidden Services and identity-based encryption (IBE)
Previous by thread: [tor-dev] automatically detect many new identical/similar bridges
Next by thread: Re: [tor-dev] automatically detect many new identical/similar bridges
Index(es):
- Author
- Thread