[tor-dev] Defending against guard discovery attacks by pinning middle nodes
A. Johnson
aaron.m.johnson at nrl.navy.mil
Wed Nov 12 20:06:10 UTC 2014
> It's interesting to reduce the HS path length, but that would reduce
> the length of the chain that the adversary has to walk, which is bad :/
Yeah, security in this attack model pushes towards a long path.
> The rendezvous model is a bit restricting isn't it :(
Agreed, modifying path selection just raises the attack time and effort some (although that “some” is a real improvement IMHO). Clearly users with a powerful global adversary should be able to survive eventual compromise of a server. It might be fun to build a system that would provide fault tolerance and protect the private HS information against individual server compromise. “Survivable HSes”? This seems doable :-)
Cheers,
Aaron
More information about the tor-dev
mailing list