[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Suggestion: make _hidden services_ choose randomentry nodes often!



-------- Original Message --------
From: Sebastian Hahn <mail@xxxxxxxxxxxxxxxxx>
Apparently from: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Suggestion: make _hidden services_ choose randomentry nodes often!
Date: Fri, 21 Oct 2011 14:54:29 +0200

> Unfortunately, you got it all wrong. There's a trivial attack against any
> hidden service that doesn't use entry guards: Make a lot of connections
> to it, while running at least one relay. Then do some timing analysis to
> see when your connection to the hidden service coincides with a
> connection to the node that you control, and write down the IP address
> of the person making the connection, and you have de-anonymized
> the hidden service.
> 
> If you have 200 bad entry nodes under your control, that attack will
> work very quickly and reliably, whereas there's still a good chance
> that you need to keep those nodes running for a few months for the
> hidden service to pick one of those nodes as guard.

No, I didn't mean that the HS should choose random nodes. I meant that a 
HS should use _guards_ only, but switch between all available _guards_ 
randomly and often, so you don't stick to a (bad) guard long enough for 
the operator to make any traffic analysis.

If your HS connects to a (bad) guard, but stays there for only 5-10 min 
before jumping to another random guard, the guard operators will have 
very little to no time to investigate the clients and then do traffic 
analysis.

To me this is simple math and logics, and if this is less secure than 
choosing 3 static guards for HS usage, please explain why.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk