[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Suggestion: make _hidden services_ choose randomentry nodes often!

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Suggestion: make _hidden services_ choose randomentry nodes often!
From: Sebastian Hahn <mail@xxxxxxxxxxxxxxxxx>
Date: Sat, 22 Oct 2011 14:50:15 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 22 Oct 2011 08:50:32 -0400
In-reply-to: <N1-kLHs5EGGqJ@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <N1-kLHs5EGGqJ@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On Oct 22, 2011, at 2:03 PM, hikki@xxxxxxxxxxxxx wrote:

> -------- Original Message --------
> From: Sebastian Hahn <mail@xxxxxxxxxxxxxxxxx>
> Apparently from: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
> To: tor-talk@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-talk] Suggestion: make _hidden services_ choose randomentry nodes often!
> Date: Fri, 21 Oct 2011 14:54:29 +0200
> 
>> Unfortunately, you got it all wrong. There's a trivial attack against any
>> hidden service that doesn't use entry guards: Make a lot of connections
>> to it, while running at least one relay. Then do some timing analysis to
>> see when your connection to the hidden service coincides with a
>> connection to the node that you control, and write down the IP address
>> of the person making the connection, and you have de-anonymized
>> the hidden service.
>> 
>> If you have 200 bad entry nodes under your control, that attack will
>> work very quickly and reliably, whereas there's still a good chance
>> that you need to keep those nodes running for a few months for the
>> hidden service to pick one of those nodes as guard.
> 
> No, I didn't mean that the HS should choose random nodes. I meant that a 
> HS should use _guards_ only, but switch between all available _guards_ 
> randomly and often, so you don't stick to a (bad) guard long enough for 
> the operator to make any traffic analysis.
> 
> If your HS connects to a (bad) guard, but stays there for only 5-10 min 
> before jumping to another random guard, the guard operators will have 
> very little to no time to investigate the clients and then do traffic 
> analysis.

This assumption is wrong. Just making a single connection is enough
for timing analysis, and that means if you ever choose a bad node -
whether that's a guard node or not - you've already lost.

> To me this is simple math and logics, and if this is less secure than 
> choosing 3 static guards for HS usage, please explain why.

I hope the above made it clearer?
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] Suggestion: make _hidden services_ choose randomentry nodes often!
  - From: hikki

Prev by Author: Re: [tor-talk] Suggestion: make _hidden services_ choose random entry nodes often!
Next by Author: [tor-talk] New operator for gabelmoo (one of Tor's directory authorities)
Previous by thread: Re: [tor-talk] Suggestion: make _hidden services_ choose randomentry nodes often!
Next by thread: [tor-talk] GPG plugin for Firefox
Index(es):
- Author
- Thread