[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: OSI 1-3 attack on Tor? in it.wikipedia

Jan Reister wrote:
> Il 13/02/2008 20:55, Marco Bonetti ha scritto:
>> that's the whole point of encrypting the communications and sharing
>> public keys fingerprints inside tor sources.
>> a man in the middle can reroute traffic through his nodes but it
will be
>> useless (except for sending your connections to /dev/null) as it
>> fake the private keys of each node.
> Exactly that. An attacker can set up rogue nodes, but this is part of

> the threat model.
> Jan
Not quite true.

An attacker, with government or criminal (e.g. ISP control) backing,
set up a dummy network with the correct keys!

Here's the threat scenario...

A. Attacker obtains genuine private keys by,

1. Attacker sets up  a number of genuine tor servers, could be tor
right up to guard level - attacker therefore has these keys.

2. Attacker infects genuine tor nodes with  spyware - including guard,
entry and exit nodes - therefore attacker can read the private keys of
these tor servers.

3. Attacker has a list of known public/private key pairs. These are
generated over the years by government security service supercomputers
and their own secure network computers (around the world). Such lists
regularly swapped between 'friendly' countries and are fro sale on the
black market. Given any tor nodes public key, the attacker looks up
key in the list and it returns the tor nodes genuine private key, where
has it in its list. (Interesting note: here you have to imagine that
there is software of out there, like the tor network itself, which
be used for generating and acquiring billions of key pairs a year over
millions of networked computers world wide. You only need to store the
key pairs such networked software generates after they have finished
with them.)

B. Attacker simulates the genuine Tor network with guard, directory
nodes and lot - given it has the GENUINE PRIVATE KEYS. Actually they
don't need to simulate anything that they don't know the private keys
of, they just allow directory node access and time-out build
to non-simulated nodes.

C. When the tor client builds a circuit its circuit is restricted to
the simulated controlled network the attacker has the private keys of,
time-outs to those not under the attacker's control.

D. The attacker fakes apparent exit node ips in the traffic (including
reults of ip test sites like ipd.shat .net).

Hey presto... the attacker can watch ALL the target tor client's
internet activity.. no timing attacks and no scripting.


Never miss a thing.  Make Yahoo your home page.