[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Onion Service - Intropoint DoS Defenses

To: tor-dev@xxxxxxxxxxxxxxxxxxxx, Roger Dingledine <arma@xxxxxxxxxxxxxx>
Subject: Re: [tor-dev] Onion Service - Intropoint DoS Defenses
From: juanjo <juanjo@xxxxxxxxx>
Date: Fri, 31 May 2019 20:40:54 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 31 May 2019 14:41:06 -0400
In-reply-to: <20190531182632.GE2629@moria.seul.org>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <20190530134926.GA9675@raoul> <d01f547c-a05f-678b-96e2-bd3715d63417@avanix.es> <20190531182632.GE2629@moria.seul.org>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0

Ok, thanks, I was actually thinking about PoW on the Introduction Pointitself, but it would need to add a round trip, like some sort of"authentication based PoW" before allowing to send the INTRODUCE1 cell.At least it would make the overhead of clients higher than I.P. as theclients would need to compute the PoW function and the I.P. only toverify it. So if right now the cost of the attack is "low" we can add anoverhead of +10 to the client and only +2 to the I.P. (for example) andthe hidden service doesn't need to do anything.


I will write down my idea and send it here.

On 31/5/19 20:26, Roger Dingledine wrote:

On Thu, May 30, 2019 at 09:03:40PM +0200, juanjo wrote:

And just came to my mind reading this, that to stop these attacks we could
implement some authentication based on Proof of Work or something like that.
This means that to launch such an attack the attacker (client level) should
compute the PoW and must have many computing power, while normal
clients/users don't need almost any change. Actually this is what PoW is
very useful.

Check out https://bugs.torproject.org/25066 for more details on this idea.

There are still some interesting design questions to be resolved before
it's really a proposed idea.

--Roger

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Onion Service - Intropoint DoS Defenses
  - From: George Kadianakis

References:
- [tor-dev] Onion Service - Intropoint DoS Defenses
  - From: David Goulet
- Re: [tor-dev] Onion Service - Intropoint DoS Defenses
  - From: juanjo
- Re: [tor-dev] Onion Service - Intropoint DoS Defenses
  - From: Roger Dingledine

Prev by Author: Re: [tor-dev] Onion Service - Intropoint DoS Defenses
Next by Author: Re: [tor-dev] Onion Service - Intropoint DoS Defenses
Previous by thread: Re: [tor-dev] Onion Service - Intropoint DoS Defenses
Next by thread: Re: [tor-dev] Onion Service - Intropoint DoS Defenses
Index(es):
- Author
- Thread