[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] List of ways to attack Tor



On 2017-01-05 13:13, Roger Dingledine wrote:
On Thu, Jan 05, 2017 at 12:25:20PM +1030,
windows95@national.shitposting.agency wrote:
I'm tasked with doing a short report on the ways in which Tor can be
attacked.
I've brainstormed and done research for few hours and this is the
list I've come up with.
Is there anything big that I've missed?
I feel I might be a bit light on more technical attacks.

Your list is pretty good, though it could do with some sorting and
some categories. :)

For another interesting set of attacks, see
https://media.torproject.org/video/Defcon16-Roger_Dingledine-Sec_Anonymity_Vulns_in_Tor.m4v
and
https://media.torproject.org/video/2008-12-29-25c3-2977-en-security_and_anonymity_vulnerabilities_in_tor.mp4

These talks are some years old now, but many of the issues the talks
describe are hard to fix well so they remain an issue in some form.

If I were doing your 'short report', I would try to prioritize the various
attacks in terms of how hard they are to perform, and how damaging they
are if performed. You could imagine a two-dimensional graph where various
attacks correspond to a point on the graph.

I would also want to include a short section on how having a big list of
possible attacks does not indicate that it's a weaker system or weaker
design compared to a system or design that has a shorter but scarier list
of attacks. For example, centralized architectures don't need to think
about the more esoteric attacks, because they have the whole dataset of
what users went to which website right in front of them:
https://svn.torproject.org/svn/projects/articles/circumvention-features.html#5

Let us know what you come up with,
--Roger

Thanks, those talks were very useful.

One question: Has the attack where the first hop refuses to extend circuits, except to other relays under their control still a problem?
Has it been addressed apart from using guards?

Thanks
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk