[tor-bugs] #13705 [Tor]: Allow relays to promise in their descriptor that their IP address won't change
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Nov 7 23:47:40 UTC 2014
#13705: Allow relays to promise in their descriptor that their IP address won't
change
-------------------------+------------------------------------
Reporter: arma | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version:
Keywords: tor-relay | Actual Points:
Parent ID: | Points:
-------------------------+------------------------------------
Imagine the following scenario: Oscar runs a fast relay that gets the
Guard flag and accumulates some users, including a user Alice. Then some
attacker does a guard enumeration attack to identify that his victim is
using Oscar's relay as her guard. He can get a warrant to collect Oscar's
computer, but for whatever reason he's not allowed to tap the relay in-
place. So he steals the computer, takes it to his location, turns it back
on, and the relay starts up again. Alice then says "oh good, my guard is
back online" and moves back to using it.
One straightforward option to reduce the risk of this scenario happening
in practice is for relays that intend to have a static IP address to set a
line in their descriptor that tells the directory authorities to refuse
them if they show up from a different IP address. The implementation on
the directory authority side would be to add the IP address to fingerprint
mapping to the router-stability file or equivalent, and then check whether
there's a mapping when considering newly published descriptors.
This idea wouldn't handle the attack when done on relays with dynamic or
varying IP addresses.
Another avenue for addressing the attack is the encrypted identity key
proposal and friends. I'm not sure if they handle this issue, or are
orthogonal, or would supersede this idea.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13705>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list