[tor-talk] Propsal for decentralization of the Tor network

Travis Biehn tbiehn at gmail.com
Mon Nov 24 20:21:54 UTC 2014


Sybil,
You make me so sad :( You're why we can't have nice things.

Being able to 'replay' messages from a recently deceased directory nodes
opens up new venues for attack.
Directory servers as single points of failure, you might extrapolate that
to routing servers listed in directory servers; Tor wouldn't withstand an
internet-wide shit-listing very well at all.

Of course the security of any p2p network's sybil resilience the scarcity
of certain resources to keep sybil nodes from controlling enough vote
shares to enforce their own reality.

And, so, we arrive at the more fundamental problem: What resource is scarce
for 'attackers' and fits our users models?

Notarization from a real identity provider. [You are a single 'natural
person.'] (Decentralized system delegated authority to centralized system.
No good.)
Computation. [You don't control more computational power than the entire
network.] Bitcoin & *coin uses this, of course, and it appears to be
working. It's kind of wasteful, I appreciate that it works but -man- is it
kludgy.
Reputation. [You did stuff and I liked the outcome, various levels of
indirection. History.] I like these the most. They may be the most
difficult to implement, especially for 'routing packets.'
IP addresses. [Ha, ha ha, ha ha ha.]

I really enjoy this work on Sybil resilience, combining reputation based
'resource limitation' w/ 'p2p PKI':
https://liris.cnrs.fr/~flesueur/base/publis/LMV09a_proc.pdf

Grarpamp: it covers this 'network consensus' problem by using a 'p2p PKI'
which signs 'consensus messages' via 'voting' with shared secrets. Nodes
then report either naughty or good behavior, which leads to privileges
being granted / rescinded.

-Travis



On Mon, Nov 24, 2014 at 6:41 AM, Aymeric Vitte <vitteaymeric at gmail.com>
wrote:

>
> Le 24/11/2014 04:03, Cari Machet a écrit :
>
>> prove decentralization creates vulnerability to a larger degree than
>> centralization
>>
>
> That's what can be deducted from some papers but this is really a
> shortcut, like "the bittorrent network is less secure with the DHT than
> with trackers", funny statement...
>
> I must add some technical faqs following some questions I had but an
> example of a decentralized anonymous p2p system is what I have specified in
> [1], some concepts are new, I don't see it in any paper, the peers/content
> discovery system has several layers, not only the DHT, the keys are
> ephemeral and the nodeIDs are directly related to them, I believe this
> makes really difficult for the attackers to position themselves in the
> network, but since the content is not advertised by the peers that have it
> but by others, while difficult it's probably feasible for an attacker that
> has the possibility to control a large part of the space to attract the
> peers to a fake/evil content.
>
> The system answers a specific constraint coming from WebRTC: the peers
> need to be introduced by a third party, but after the initial bootstrap
> they can introduce themselves directly.
>
> Could some of this apply to the Tor network? Probably, the best way to
> know is just to try it.
>
> [1] https://github.com/Ayms/node-Tor#anonymous-serverless-p2p-
> inside-browsers---peersm-specs
>
> --
> Peersm : http://www.peersm.com
> torrent-live: https://github.com/Ayms/torrent-live
> node-Tor : https://www.github.com/Ayms/node-Tor
> GitHub : https://www.github.com/Ayms
>
>
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>


More information about the tor-talk mailing list