[tor-dev] Little question

Jeroen Massar jeroen at massar.ch
Mon Jul 1 15:12:26 UTC 2013


On 2013-07-01 16:59 , André Nunes Batista wrote:
> Sorry, to bump in, I know you are busy, but being a tor-node I had to
> ask:
> 
> Some guy just posted on mailing list an conceptual attack on tor, which
> certainly would require the corruption of great deal of tor-nodes and
> data analysis, but something that appeared possible gor gov-alike:
> 
> http://pastebin.com/pRiMx0CW
> 
> And then someone pointed that this is part of tor model of security and
> known problem, but one that should raise flags if attempted. Could you
> point me some link where I can find more? Besides reading source code?

Note that "Tor developers" is not the set of people who control the
directory authorities, though there is some overlap.

>From the text:

> Most interestingly, the public keys for every other node in the
> network is served without any form of signature or other form of
> integrity control.

Public-key authentication takes care of that, you can verify them
yourself by connecting and seeing if they have the private one matching
the public one they claim to have.

also from that text:
> As such, a rogue directory authority, which anyone can be simply with
> a configuration option and an IP

You can indeed locally configure a wrong directory authority, but then
you are building your own tor network anyway, thus that is completely
standard. Near-zero people do this though and all use the standard
built-in authorities, against protected with pubkey infra and also by
the consensus that is mentioned on the first line of that piece of text.

Also please note that trusting a person who writes "think their
competent" is him/her/itself exactly not that, especially from an
anonymous source. FUD comes to mind ;)

Note that there are a couple of papers out there (See
http://freehaven.net/anonbib/ eg "Trawling for Tor Hidden Services")
that do describe ways that it could be done to attack Tor given enough
effort, the above does not describe any of that. And those attacks would
only deny access, they would not be able to see the actual inner text of
the data.

Greets,
 Jeroen

--
For archival purposes: http://pastebin.com/pRiMx0CW

Untitled
BY: A GUEST ON JUN 28TH, 2013  |  SYNTAX: NONE  |  SIZE: 1.90 KB  |
HITS: 493  |  EXPIRES: NEVER

Tor LOL:

directory authorities are the point of contact for clients to locate
relays/exit nodes/guard nodes/etc. This is determined by a consensus
document that goes through an elaborate process to ensure its integrity
and cause bad directory authorities to be identified also via consensus.

However, Tor developers are not the quickest lot, and this is basically
the only document that they serve that has integrity control on it. Most
interestingly, the public keys for every other node in the network is
served without any form of signature or other form of integrity control.

As such, a rogue directory authority, which anyone can be simply with a
configuration option and an IP, can introduce path bias and other such
tricks by serving the wrong keys for relays/guards/exits that it doesnt
control. This can result in essentially directing clients through the
network by causing decryption failures, thereby allowing determination
of the source and end-point of a given tor connection with little more
than a couple relays and some rogue directory authorities. Moreover, it
can use the simple-minded metrics made to identify rogue guard nodes and
couple that together with the behavior of public key cryptography to
actually cause legitimate guard nodes to be flagged as having excessive
extend cell failures causing it ultimately to be marked as bad.

As such, this entirely mitigates the half-witted fixes guard nodes were
intended to fix, by introducing rogue guards that work in conjunction
with rogue directory authorities, whom serve bad public keys for all
nodes except for their own giving them the ability to cause clients to
reconnect to guard nodes at their leisure.

These are design flaws in tor. Don't outsource your security, especially
if its to people like appelbaum and other incompetents. The fact is the
US government doesn't need to backdoor Tor, they just get to let the
dunces think their competent.



More information about the tor-dev mailing list