[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Theft of Tor relay private keys?

Andreas Krey:
> On Tue, 02 Jul 2013 12:33:10 +0000, Mike Perry wrote:
> ...
> > But I got distracted by more pressing issues before I could finish the
> > scripts.. Also, many of those encrypted+authenticated Tor container
> > things probably don't make much sense without Secure Boot to
> > authenticate the boot process up until you can start up Tor. :/
> What's the difference between subverting that and
> the NSA starting their own tor nodes in the first place?

What do you mean by 'that'?

Guard node key theft allows a form of route capture where your upstream
gets to direct your traffic to the exit nodes of their choice, using
either cryptographic tagging/bitstomping or a timing-based version,
*without* actually running the Guard nodes you use.

In 0.2.4.x, I did a lot of work on the "path bias" detectors so that
your Tor client could at least alert you in these situations.  However,
I think we need a combination of #5968 (which I mentioned in my first
reply) and https://trac.torproject.org/projects/tor/ticket/5460 to make
these attacks significantly less feasible in the first place.

Now, the NSA (or any other upstream) could force you to only use Guards
they control to perform the attack without key theft. For that, we need

However, I think that even in that case, a proper implementation of
#5460 should still prevent them from being able to directly control your
circuits easily, especially in combination with the path bias detectors.

Mike Perry

Attachment: signature.asc
Description: Digital signature

tor-talk mailing list