[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

hostile node anonymity attack scenario

What if a hostile _first_ node from your node were to pretend to honor your extend requests and complete the connection to the exit point, yet capture everything that happens? Such a node would be able to determine that it is the first hop from a particular connection because it would be able to see clear text data. I know the data between nodes is encrypted, but if you are the first node then you have knowledge of what the encrypted data is. While it pretends to honor extend requests and handshake new keys, it's actually doing so with itself so that it can see the entire circuit.

If I understand the design document, data isn't spread out across different nodes so that each node doesn't have the complete data. Doing so would strengthen tor against such an attack. Some scrambling mechanism so that each group of bytes need to be put back together with complimentary information routed through other nodes. This way, ALL the nodes from the node under attack would have to be under control by the same attacker.

Since intermediate tor nodes have key pairs signed with their ip information which prevent subverting connections to hostile nodes, I see that it would be extremely difficult to run one master hostile node and divert all traffic to it from a node (or ISP or country) being attacked.