[tor-dev] Hidden Service Scaling

Christopher Baines cbaines8 at gmail.com
Thu May 8 13:40:52 UTC 2014


On 07/05/14 18:30, Michael Rogers wrote:
> On 07/05/14 17:32, Christopher Baines wrote:
>>> What about the attack suggested by waldo, where a malicious IP 
>>> repeatedly breaks the circuit until it's rebuilt through a
>>> malicious middle node? Are entry guards enough to protect the
>>> service's anonymity in that case?
> 
>> I think it is a valid concern. Assuming the attacker has
>> identified their node as an IP, and has the corresponding public
>> key. They can then get the service to create new circuits to their
>> node, buy just causing the existing ones to fail.
> 
>> Using guard nodes for those circuits would seem to be helpful, as
>> this would greatly reduce the chance that the attackers nodes are
>> used in the first hop.
> 
>> If guard nodes where used (assuming that they are currently not),
>> you would have to be careful to act correctly when the guard node
>> fails, in terms of using a different guard, or selecting a new
>> guard to use instead (in an attempt to still connect to the
>> introduction point).
> 
> Perhaps it would make sense to pick one or more IPs per guard, and
> change those IPs when the guard is changed? Then waldo's attack by a
> malicious IP would only ever discover one guard.

If you change the IP's when the guard is changed, this could break the
consistency between different instances of the same service (assuming
that the different instances are using different guards).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140508/701f94ca/attachment.sig>


More information about the tor-dev mailing list