[tor-relays] TOR router install without access to root

Paul Syverson paul.syverson at nrl.navy.mil
Wed May 25 21:01:07 UTC 2016


In case it helps, here is a paper describing vulenrability of
different classes of Tor user behavior to AS, Internet Exchange Point, and
Tor relay or relay family adversaries.
http://www.nrl.navy.mil/itd/chacs/biblio/users-get-routed-traffic-correlation-tor-realistic-adversaries

Note that doing AS-aware routing so as to improve security is a fairly
active area of research. Nonetheless, I think the original point about
hosting providers having physical access to hardware with keys from many
independently-run relays has not been amongst the considerations. It
is countered somewhat by even current Tor's default routing algorithm
that prevents choosing relays in the same circuit from the same family
but also from the same range of IP addresses. But it hasn't been scrutinized
specifically as far as I know.

And here is a paper giving a framework to be able and talk about and
use expectations of adversaries at the above places, and on undersea cables,
via mutual legal assistance treaties, etc. (Note that this is research.
It is some years away from anything like this being deployed in Tor. And
trying to design trust policies and routing algorithms for your own
Tor traffic is not something even an expert should try at this stage
of development.)
http://www.nrl.navy.mil/itd/chacs/jaggard-20000-league-under-sea-anonymous-communication-trust-mlats-and-undersea-cables-proceedings

HTH,
Paul


On Wed, May 25, 2016 at 10:41:22PM +0200, pa011 wrote:
> @Green
> Thank you - couldn’t handle 'attack vector' as a synonym for ""method or
> type of attack" :-)
> 
> Additional to that is it clever for a supporter of TOR to to run more
> than one Relay (Exit) with a single ISP or even AS
> https://en.wikipedia.org/wiki/Autonomous_system_(Internet) or does this
> build a kind of new attack vector?
> 
> 
> 
> Am 25.05.2016 um 22:22 schrieb Green Dream:
> > @Paul: sure. Nils pointed out that a lot of relays using the same
> > hosting provider could be an attack vector, because the provider would
> > be a single point where all the relays' secret keys could be collected.
> > My point is that if you look at the AS (Autonomous System) Number, it's
> > normally the same for all the hosting provider's servers in that
> > country. So if Tor path selection looks at the AS, and avoids building a
> > circuit that uses two nodes from the same AS, this attack vector
> > basically goes away. It's worth noting if you weren't already aware,
> > both Atlas and Globe display the AS Number for every relay.
> > 
> > 
> > 
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> > 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 


More information about the tor-relays mailing list