[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Chaum Fathers Bastard Child To RubberHose ... PrivaTegrity cMix

Andy Isaacson wrote:
> The privaTegrity (PT) backdoor is significantly more malignant than the
> Tor dirauth issue.
> If you pwn the Tor dirauths, you can sign and publish a false
> "consensns" to clients that will cause them to use only your relays for
> new connections, thus breaking anonymity for new connections.  Doing so
> leaves a trail of bits showing that this was done (mostly just on the
> target system).

This line of reasoning assumes that: (1) dirauth compromise necessarily happens âin-placeâ: i.e., the same servers at the same physical and network location as before but are starting to do bad things now; and (2) the compromised dirauth would publish the false consensus to the whole world.  Both of these assumptions, unfortunately, are likely false in many realistic threat models.

Both assumptions basically amount to assuming that the attacker will continue operating on the âgood guyâsâ turf, i.e., using the legitimate dirauth serverâs hardware and network location but just make it start doing bad things in-place.  But why would a smart attacker operate on foreign (to the attacker) turf when he the option just to steal the key and quietly create any number of âevil twinsâ of the dirauth servers elsewhere in the world on his own turf, i.e., in a network environment he has control over? 

The obvious example is a state surveillance agency who steals/bribes/coerces a threshold of dirauth keys, imposes gag orders  of some kind on all of them, and then embeds those keys in Quantum Insert type devices, or into compromised âwifi access pointsâ that MITM attack anyone who connects to the Internet through them.  The fake internet cafes as the 2009 G20 summit come to mind as an obvious example of this type of operation (http://www.theguardian.com/uk/2013/jun/16/gchq-intercepted-communications-g20-summits).  Any state-level attacker that controls the only way for users to communicate into or out of the countryâs Internet basically has the power to perform persistent MITM attacks either en mass or selectively (i.e., just targeting users they donât like).  And if they (secretly) hold copies of a threshold worth of dirauth private keys, they can silently create a completely internally consistent, âalternate view of the Tor universeâ to a user whose Internet access they control.  Complete with a fake list of Tor relays, perhaps all implemented virtually on that same MITM device, and which thus might provide a rather nice user experience unless the attacker explicitly adds forwarding delays to avoid arousing suspicion.  The ârealâ dirauth servers remain otherwise uncompromised and doing the right thing, so no one on the âmainâ part of the Internet notices anything amiss; and the victim(s) donât see anything amiss either because they have no way to compare notes (consensus documents) with the rest of the world.

The fundamental problem with arguments that attacks on dirauth/cMix-like clusters will leave a âtrail of crumbs" is that itâs unfortunately all too realistic for todayâs adversaries to split the network and keep a victimâs network view separate view of the world from the part of the Internet where the âgood guysâ live.  Yes, one of those users âmightâ notice the difference in various ways, e.g., by keeping a record of the consensus views heâs seen and comparing next time he travels to another country or uses an âuncompromisedâ Internet access point.  But many users around the world donât often travel far from their home town, let alone to other countries.  And yes, these types of operations do often get found out sooner or later, often because the adversary makes some stupid mistake.  But itâs not ideal to have our security models depend on the adversaryâs making mistakes.

Iâm not criticizing Tor in particular here; this problem is just very difficult and nobodyâs really solved it yet.  Our experimental Dissent anonymity system (http://dedis.cs.yale.edu/dissent/) currently relies on the same âsmall set of collectively-trusted serversâ assumption, which Iâm not happy with.  This motivated our current, ongoing work on scalable collective authorities or âcothoritiesâ (https://github.com/dedis/cothority), in which hundreds or thousands of decentralized participants can witness documents (such as consensus reports) and contribute to a collective signature that clients can check without needing online communication or gossip.

Thereâs been discussion of using Certificate Transparency to address this kind of problem, but even CT unfortunately still doesnât solve it, at least in its current design.  To perform a silent âevil twinâ MITM attack like this, even on a CT-enabled Web client that already knows a target web site support CT, an attacker would need to steal (any) one CA key and (any) one or two log server keys, depending on verification policy.  With those keys, a MITM attacker (e.g., a not-so-great firewall or a fake Internet cafe) could create a completely consistent, fake CT universe complete with fake logs, and at the same time deny its victims any way connectivity to the ârealâ CT universe with which it could cross-check or learn about the attack.  So CT basically raises the silent compromise threshold to 3 stolen keys - that's a lot better than 1 (just a CA key) but far from what would be ideal.  Given that attackers have hundreds of CA keys to choose from and a growing list of log servers, many of them located in the same country, that gives potential, powerful attackers a veritable candyland of options for stealing keys to enable silent evil-twin MITM attacks.


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to