Re: How can I trust all my Tor nodes in path

[Seth David Schoen <schoen@xxxxxxx>]

Robert Hogan writes:

> Take a look again at the FAQ. The anonymity of Tor isn't predicated on trust. 
> All routers on the circuit could be malicious and still fail to find out who 
> you are. The only one that has a real chance is the last one on the circuit, 
> the exit node - and even this one will rely on it's ability to look at the 
> content of your traffic.
> 
> That said, if someone owns all three nodes (or even the entry and exit) they 
> could mount a timing attack and figure out who you are - at a stretch. But 
> this really would require the entire network to be owned - and that itself 
> would create a lot of noise to sift through.

Hmmm, if someone owns (not just eavesdrops on) all three nodes, they can
connect the sessions in a more reliable way than just a timing attack.
One approach would be to record TCP port pairs, which temporarily identify
a connection on one end with a connection on the other end.  For example,
my local machine knows that I'm currently using TCP port 43514 to make a
connection to the SSH service on the server; the server also knows that
the client connecting to it is using TCP port 43514.  Thus, both ends know
that client:43514 <----> server:22 (at this particular moment) refers to
the same TCP session.

Tor nodes could log this information, and, if they did, it would not be
a speculative matter to link circuits across servers.  You would have
the existence of the TCP connections

client:a <---> tornode1:9001
tornode1:b <---> tornode2:9001
tornode2:c <---> tornode3:9001
tornode3:d <---> host:e

where a, b, c, and d are randomly chosen TCP ports and e is the TCP
port used by host for contacting a service (such as 443 for HTTPS).
If all of the Tor nodes were paying attention, then

tornode1 knows that its connections involving client:a and tornode1:b are
part of the same circuit

tornode2 knows that its connections involving tornode1:b and tornode2:c are
part of the same circuit

tornode3 knows that its connections involving tornode2:c and host:e are
part of the same circuit

Knowing all of these facts, these nodes could deduce that client:a and
host:e are actually communicating with one another.  This is not a
"timing attack" and does not rely on observing any packets actually
transmitted across the fully-established circuit.

Malicious nodes that log this kind of information could also collaborate
after the fact to correlate it, without recording large quantities of
timing information.  They just need TCP port pairs and accurate times
when TCP connections were established.

Summary: 3 malicious nodes, whether owned by the same entity or not, can
work together to identify, in a straightforward and reliable way, the
endpoints of a Tor circuit while the circuit is active or afterward,
without having to do any timing attacks.

To learn more about the relevance of TCP port numbers as connection
identifiers, see RFC 793 or try running netstat (or netstat -p, if
your implementation supports it) on the machines on both sides of a
connection.  Observe that, with the output of netstat -p on both
ends, one can see which processes on one machine are talking to which
processes on the other machine.

-- 
Seth Schoen
Staff Technologist                                schoen@xxxxxxx
Electronic Frontier Foundation                    http://www.eff.org/
454 Shotwell Street, San Francisco, CA  94110     1 415 436 9333 x107