[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Mechanism for resisting targetted backdoors in Tor



At the PET workshop (http://petworkshop.org/2006) I gave a brief talk
on a simple idea relating to Tor. One known weakness of open source
software is that, even if the source is well auditied, an attacker
could still implant a backdoor in the version downloaded by one
person, and have a very low chance of detection.

I suggested a mechanism for allowing users to detect if they were the
victim of such a targetted attack. The threat is very specialised and
the solution is not foolproof but I hope it will be of interest.

I describe the basics of the idea in this blog post:
 http://www.lightbluetouchpaper.org/2006/07/13/protecting-software-distribution-with-a-cryptographic-build-process/
Also, there are more details in the comments.

I would be happy to receive any questions or comments.

Thanks,
Steven.

-- 
w: http://www.cl.cam.ac.uk/users/sjm217/

Attachment: pgpLmj03OZGc1.pgp
Description: PGP signature