[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] automatically detect many new identical/similar bridges



>> another raw idea:
>>
>> - would the bridge auth be willing to publish a randomly generated AS
>> identifier (regenerated daily) that allows new bridges added on the same
>> day to be grouped by that identifier without directly disclosing the AS
>> itself.
> 
> Bridges don't necessarily contact the bridge auth before producing their
> descriptors. So we'd need a protocol change to do this.

All that is needed is the IP address and fingerprint of the bridge and
that is known by the bridge auth. There should not be any requirement to
involve the bridges themself?

> How could we avoid an adversary brute-forcing all the possible ASs and
> days/hours?

I'm not sure I understand what you mean by brute-forcing in this case
since I would not suggest any deterministic algorithm (like a hash) that
takes an ASname and a timestamp and produces a string but just a
AS number -> random id
mapping, stored for a day or an hour and deleted after that.

Another way an attacker could take advantage of this:
unique AS sign-up rate patterns
"everyday there are about x new bridges in AS y" so it doesn't help much
if we change the random AS id daily.

Anyway I do not think anything like that will be implemented and very
simple detection based on first_seen, nickname, platform, .. is already
possible without AS level information.


David, I'm glad you asked about first_seen=1970-01-01 on metrics-team@,
I was wondering about the same thing. A bug affecting that timestamp
would certainly be rather bad for anything using first_seen as a
grouping data point.


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev