[tor-bugs] #29174 [Core Tor/Tor]: Guard Node can eclipse the hidden service

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Feb 14 04:14:57 UTC 2019 

#29174: Guard Node can eclipse the hidden service
-----------------------------------+------------------------------------
 Reporter:  TBD.Chen               |          Owner:  (none)
     Type:  defect                 |         Status:  new
 Priority:  Very High              |      Milestone:
Component:  Core Tor/Tor           |        Version:  Tor: 0.3.0.1-alpha
 Severity:  Critical               |     Resolution:
 Keywords:  guard, hidden service  |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+------------------------------------

Comment (by TBD.Chen):

 I think using 2 guards is quiet better than the spot-check in this certain
 schema.

 Because the spot-check should balance traffic cost and the response time
 after the guard starting to drop cells. And if the spot-check failed, we
 cannot locate the bad points instantly. The bad point may be Intro-Points,
 other middle nodes, or even HSDirs.

 But if we use the 2 guards when we creating HS-IP circuit, we can avoid
 this with several additionally cost. If the attacker blocks half of the
 HS-IntroPoint circuits, the client may fail to send her INTRODUCE1 cell
 with half probability at the first, and then she will retry automatically
 until success.
 The client feels no abnormality.

 -------------------------------------------------------------
 At last, can I get a TROVE-id or CVE-id for this bug track? Which can
 eclipse hidden services stealthily (:
 -------------------------------------------------------------
 -------------------------------------------------------------
 Replying to [comment:5 arma]:
 > Replying to [comment:4 mikeperry]:
 > > it would not be to hard to augment it to send periodic end-to-end
 probes for introduce1 circuits
 >
 > In the original tor-design paper, we spoke of onion services doing spot-
 checks of their introduction points, to make sure that they are actually
 introducing. That approach would test a larger fraction of the system than
 just doing a liveness check within the circuit. Both are kind of messy
 though.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29174#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list