[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Please check if your relay has fallen out of the consensus

To: pasture_clubbed242--- via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] Please check if your relay has fallen out of the consensus
From: Roger Dingledine <arma@xxxxxxxxxxxxxx>
Date: Tue, 29 Oct 2024 02:35:36 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 29 Oct 2024 02:35:52 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=torproject.org; s=2022-eugeni; t=1730183746; bh=AxnFXIvBh0a+KsLvqCqesAOyTMsZjcJCL7HY6F+BNxg=; h=Date:From:To:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Reply-To:From; b=bhMILS3LsHKwlysgzv5h/tdUKR2fUBU2K+A+zrlNW2XO1ijnRnjZnGgkUC/WYlg1P TxHJExhtjhLlq0W9CfIfFxNNX4skuB9uZLbZpFhyw7DBuo/z0ZhO470DuADfM0pPmI ZVXFEUu0r90PQFRewzoLekiPAz90diykZMDAcd7cNeKzci730enncWY5dolFIYRkiK xgizjzRz8VmcvB3KyOGrfAxckHkLhOZ3gji9uE0yeXv6iCvJ6YJwDcnj7KaAKFmgzm FtnzBINcQXC4GIndduBq7iA+tuhARzv90fTAtHRYhktRGguh32oEA8yLnw2aOWVLSW xyeXzCb4QGGnQ==
In-reply-to: <173017654443.7.12501243316001539521.477403451@simplelogin.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <Zxdm-kB2oWd4ESHy@nogrod.csail.mit.edu> <173017654443.7.12501243316001539521.477403451@simplelogin.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Tue, Oct 29, 2024 at 04:35:35AM +0000, pasture_clubbed242--- via tor-relays wrote:
> "Eclipse attacks occur when a node is isolated from all honest peers but remains connected to at least one malicious peer." https://bitcoinops.org/en/topics/eclipse-attacks/
> 
> Could an ASN feasibly deny connections to all official directories besides a malicious one to serve a malicious consensus? Perhaps to be used to then provide malicious controlled circuits or other attacks. 

That style of attack is actually one of the reasons why Tor still has
the directory authority design. Some of the other 'distributed trust'
anonymity designs out there (no need to name names, that's not the point)
have less control over who the relays are, but much more importantly they
have less control over which pieces of the network clients learn about,
which can lead to all sorts of attacks and surprises.

> I understand that there seems to be a signing of the consensus by directory authorities. Can an outdated, yet cryptographically valid, consesus be served by malicous DA's when others are eclipsed? Perhaps this could serve an older or more vulnurable consensus. 

No, those sorts of attacks should not be possible, and if you find some
way to break it, please let us know!

For a distant-past background paper on the topic of learning things
about the user if they only know about a subset of the network, check out
https://www.freehaven.net/anonbib/full/date.html#danezis2006rfa
and then for a slightly more recent analysis showing how hard it is
to protect against these attacks in "structured" scalable peer-to-peer
anonymity networks, see
https://www.freehaven.net/anonbib/#wpes09-dht-attack

All of this said, Tor's directory authority design is not perfect. It
might benefit from using some of the innovations from the consensus /
blockchain worlds over the past decade, in terms of fast robust agreement
among peers about the state of the network. For a concrete edge case where
we could do better, see this paper from this year's Oakland conference:
https://www.freehaven.net/anonbib/#directory-oakland2024

So, for sure the directory design isn't quite as good as we might like
it to be; but one of its big strengths, which has come in handy over
the years, is that it is really simple.

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Please check if your relay has fallen out of the consensus
  - From: Roger Dingledine
- Re: [tor-relays] Please check if your relay has fallen out of the consensus
  - From: pasture_clubbed242--- via tor-relays

Prev by Author: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
Next by Author: Re: [tor-relays] Tor relays source IPs spoofed to mass-scan port 22?
Previous by thread: Re: [tor-relays] Please check if your relay has fallen out of the consensus
Next by thread: Re: [tor-relays] Please check if your relay has fallen out of the consensus
Index(es):
- Author
- Thread