[tor-bugs] #10711 [Flashproxy]: Flashproxy security issues
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 23 13:36:18 UTC 2014
#10711: Flashproxy security issues
------------------------+---------------------
Reporter: infinity0 | Owner: dcf
Type: project | Status: new
Priority: normal | Milestone:
Component: Flashproxy | Version:
Keywords: | Actual Points:
Parent ID: | Points:
------------------------+---------------------
This is the parent ticket for flashproxy security issues. The flashproxy
system consists of 4 types of entities: client, proxy, facilitator, and
server.
The facilitator is a trusted entity, but clients and proxies may be
malicious. The servers are actually unaware of the rest of the system, and
their security considerations are identical to that of other non-
flashproxy PT servers. (Indeed, the code for it is in a separate
repository and looks more like a plain PT server).
So, we can group the issues that concern us into three distinct cases:
- from the proxy's POV, dealing with malicious clients
- from the client's POV, dealing with malicious proxies
- from the facilitator's POV, dealing with malicious clients and/or
proxies.
The original flashproxy paper contains some attacks; we can explore this
area further and form a threat model to address.
Availability and resource management come under this umbrella - bad
resource management algorithms can be attacked. Actually, it will probably
be the most complex sub-topic here, since it is not binary like other
concerns such as confidentiality and authenticity.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10711>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list