[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
From: Tim Wilson-Brown - teor <teor2345@xxxxxxxxx>
Date: Sun, 24 Jan 2016 15:33:54 +1100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 23 Jan 2016 23:34:14 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:message-id :references:to; bh=ZJqLHi1pBWXC8hWg50hl0apAHtLvXVJ6gmXalnLQCjM=; b=EAH/FG98T8gHtQ/WyZtGPoE9pIfzwNBBzfamATu/TKteyqZsKtrPKaySHD18S/AlZ8 W71Fn63dGsjsx4/2mRAiLxxqezUaqkwrAXe5uXKqeU8y8v19YQ1cbG8f1RMSNPNhsSR/ OlREyTMN3CzUTohnzoKI433kbnPW57toQhDYKu21NU0Rj+T1Hnm2ELT9TyIurIrdenTp PiBNdq6x474SgSIzrfxbpCmdoEXXkzcQ72r+aW3/3li0nE1620PEmv0ixoPXj3N96ghy dgjlKwKHnPuozmvOH6NfXO+rMZrZtPkW8MBRhjK5IrmrbS3LhnJ/ts6VFkryh6osPhhx e1Lg==
In-reply-to: <56A43133.5020704@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <56A3F2B8.8080101@xxxxxxxxxx> <B786C55C-9FB2-485F-8F82-C1290C3C8198@xxxxxxxxx> <56A3FE85.3070703@xxxxxxxxxx> <B93F4F19-D0D2-4F0F-AD66-D35277940B1C@xxxxxxxxx> <56A43133.5020704@xxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 24 Jan 2016, at 13:04, s7r <s7r@xxxxxxxxxx> wrote:

Signed PGP part

On 1/24/2016 1:51 AM, Tim Wilson-Brown - teor wrote:
>
>> On 24 Jan 2016, at 09:28, s7r <s7r@xxxxxxxxxx
>> <mailto:s7r@xxxxxxxxxx>> wrote:
>>
>>> * This will break some Tor2Web installations, which
>>> deliberately choose rendezvous points on the same server or
>>> network for latency reasons. (Forcing Tor2Web installations to
>>> choose multiple RPs may be a worthwhile security tradeoff.)
>>>
>> Yes, but there is a HiddenServiceRendFilter 0 in the proposal for
>> this purpose and for RSOS services as well.
>
...
>
> HiddenServiceRendFilter 0 only modifies the behaviour of one
> hidden service with Tor2Web. But because Tor2Web is a client which
> is configured to use the same rendezvous point(s) for every hidden
> service connection, it will get banned if it connects to the same
> hidden service too many times.
>

Negative.

A Tor2Web instance runs as a normal Tor client and are configured as
reverse proxies.

This means that Tor2Web runs as _normal_ and _genuine_ client, and
picks rendezvous points randomly as per Tor's path selection. They do
not request a hidden service server to connect 100 times to a middle
relay (rendezvous point) with consensus weight of 0.01%, which is what
we are trying to mitigate. So a super popular Tor2Web service might
initiate 10000 rendezvous circuits in few hours, but they will all be
at multiple rendezvous points, according to their weight and middle
fraction probability, which is OK in our model and will not be affected.

Please read the tor man page documentation for the option Tor2webRendezvousPoints.

It's implemented in the function pick_tor2web_rendezvous_node().

Under this proposal, what is the smallest number of rendezvous points a Tor2web instance would need to specify in Tor2webRendezvousPoints to avoid being banned, or does it vary depending on the popularity of the hidden service?

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
  - From: s7r

References:
- [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
  - From: s7r
- Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
  - From: Tim Wilson-Brown - teor
- Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
  - From: s7r
- Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
  - From: Tim Wilson-Brown - teor
- Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
  - From: s7r

Prev by Author: Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
Next by Author: Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
Previous by thread: Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
Next by thread: Re: [tor-dev] Proposal xxx: Filtering malicious rendezvous points at hidden service server side
Index(es):
- Author
- Thread