[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #8244 [Tor]: The HSDirs for a hidden service should not be predictable indefinitely into the future

To: undisclosed-recipients:;
Subject: [tor-bugs] #8244 [Tor]: The HSDirs for a hidden service should not be predictable indefinitely into the future
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 16 Feb 2013 01:48:35 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 15 Feb 2013 22:43:12 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#8244: The HSDirs for a hidden service should not be predictable indefinitely into
the future
-----------------------------------+----------------------------------------
 Reporter:  arma                   |          Owner:                    
     Type:  enhancement            |         Status:  new               
 Priority:  normal                 |      Milestone:  Tor: 0.2.5.x-final
Component:  Tor                    |        Version:                    
 Keywords:  tor-hs needs-proposal  |         Parent:                    
   Points:                         |   Actualpoints:                    
-----------------------------------+----------------------------------------
 When a hidden service chooses what HSDir relays to publish its hidden
 service descriptor to, it does it in a deterministic way based on day and
 .onion address. That way clients can do the same calculation to decide
 what HSDirs to contact when fetching the hidden service descriptor.

 But a flaw in this approach is that anybody can predict what six HSDir
 relays will be responsible for a given hidden service, 22 days from now.
 There's no reason to have that property, and it makes attacks to
 temporarily censor a hidden service much more effective since you can e.g.
 choose the identity keys of your Sybils such that there exists a day in
 the next 30 days where you'll be running all six of the HSDirs for your
 target hidden service.

 One solution would be for the directory authorities to produce a periodic
 random string that is unpredictable until they have produced it. Then put
 that string in the consensus.

 The first issue is whether a single authority can play tricks where it
 waits to vote until it sees the votes from the other authorities, and then
 chooses its random string to produce the desired consensus random string.
 This issue is actually really serious, since I bet for any six adversarial
 HSDirs, there exists a random string that puts them in charge of the
 target hidden service. See all the contortions we went through in
 http://freehaven.net/anonbib/#casc-rep about generating a consensus random
 number; I hope we don't need as many contortions here.

 The second issue is how we should handle transitions between epochs. One
 option is to post two random strings (today's and tomorrow's), and then
 each hidden service uses both of them. Surely there's a more efficient
 answer here.

 I guess issue number three is how the directory authorities should vote on
 a thing that doesn't have granularity of one vote period. Do they all just
 vote the random string that they voted at the beginning of the day, for
 the whole day? If I'm an authority and I missed the first hour of the day,
 do I get to add my vote on the second hour (I think the answer has to be
 no)? What if there weren't enough votes to make a consensus in the first
 hour? If I come up as an authority and can't get a proper recent
 consensus, but now it's time to vote, what do I vote?

 And lastly, how do we transition? I think hidden services would publish to
 the old ones and the new ones, until clients that don't know about the new
 way are obsolete. In the mean time that increases the exposure of the
 hidden service to an adversary who just wants to get one of the n HSDirs
 for the hidden service for that period. (Is getting some-but-not-all that
 bad?)

 (This ticket is inspired by rpw's upcoming Oakland paper)

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8244>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle
Next by Author: Re: [tor-bugs] #8243 [Tor]: Getting the HSDir flag should require more effort
Previous by thread: Re: [tor-bugs] #7265 [Firefox Patch Issues]: Only display Canvas message for first parties; simply log third parties (was: Canvas extraction message should provide path to full url)
Next by thread: [tor-bugs] #8245 [Tor bundles/installation]: build TBB on 10.8.2 with brew
Index(es):
- Author
- Thread