[tor-talk] Tor survey

Klaus Layer klaus.layer at gmx.de
Wed Jan 11 12:34:35 UTC 2012 

Hi all,

I just received an email about a tor relay survey. Do other tor relay 
operators received the same email? Does anyone know something about this 
survey? I am wondering why this mailing list was not contacted before.

Best regards,

Klaus

------------- original message -----------
Dear Tor Relay Administrator,

my name is [...removed....], I am a PhD student in Computer Science at [... 
removed...] and I am currently doing a research study on the security of the 
Tor Network in collaboration with [...removed], head of the [..... 
removed......].

You are receiving this message because your e-mail address is associated to 
the Tor Relay(s) with nickname(s) and address(es):

[.....list of relays removed...........]

It has recently been discovered a new DoS attack that could allow an adversary 
to stop one or more Tor Relays from participating and providing service to the 
Tor Network. This kind of attack poses a potential threat to the hundreds of 
thousands of users around the globe that use Tor every day. For instance, an 
adversary may be able to shut down a substantial part of the Tor Network, 
forcing users to surf the web in a traceable way. In an even worse scenario, 
an adversary may attract a big part of the data flowing through the Tor 
Network to one or more malicious Tor Relays that could, thus, cooperate in 
deanonymizing Tor traffic without being noticed by the users.

The aim of our study is that of evaluating the amount of resources an 
adversary would need to perform such an attack and what would be the actual 
damage that the Tor Network would suffer. At the same time, we are working on 
a patch to be applied to the Tor software that could mitigate this issue.

The reason you are receiving this message is that, to improve our study, we 
require some extra information about the Relay(s) you are running that, 
unfortunately, is not publicly available. We would therefore like to ask a 
very little, but precious, help from your side in collecting this information 
and sharing it with us. Note that the information we need is not related in 
any way with the traffic that you are relaying in this moment or have relayed 
in the past, thus it cannot be directly used to affect the privacy of the Tor 
users. What we are interested in is related to the hardware characteristics 
(e.g., number of physical CPUs, amount of memory) and with some of the 
configuration parameters of your Tor Relay (e.g., number of processors the Tor 
Relay can use, bandwidth limit).

In the case you agree to help us, collecting this information won't steal much 
of your precious time. In order to make it easier for you to get it, you will 
find on the website linked at the end of this message a small shell script 
that you can run on the Tor Relay(s) themselves or, if possible, on another 
machine with the same hardware specs. The script doesn't need any special 
(i.e., root) permission to run, it won't download anything from the network, 
nor it will install any software on your machine. We also commented it so as 
to make it easier for you to understand it in case you wanted to check what is 
the exact sequence of operations it will perform and information it will 
collect. Any data saved by the shell script will be available in a human 
readable text format stored in an output directory you will specify. We 
encourage you to use the public key you will find on the bottom of this 
message to encrypt the data collected by the script before sending it to us. 
You ca
 n get the same public key on the website linked at the end of this message. 
We would like to assure you that we will take extraordinary care in protecting 
in the best way we can the privacy of any information you will decide to share 
with us. We want also to assure you that, in the event it will be published, 
any data you will provide us will be carefully anonymized and given only in 
terms of aggregated statistics.

Together with the script, you will find a README file containing detailed 
instructions on how to use it and how to encrypt the results before sending 
them to us.

We thank you for your kind attention.

Best regards,

[....removed....]


You can find the script and the public key in any of these locations:

https://sites.google.com/site/marcobarbera/tor-survey
http://www.dsi.uniroma1.it/~barbera/tor-survey.html


NOTICE
This is an autonomous study, not supported neither directly nor indirectly by 
the Tor Project Inc. The Tor Project Inc. is not responsible for any content 
of this message.
-----------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20120111/e03d5bc1/attachment.pgp>

More information about the tor-talk mailing list