On Thu, May 23, 2013 at 10:18 PM, Tom Ritter tom@ritter.vg wrote:
RPW's, et al's paper was made public today, and demonstrates several practical attacks on Hidden Services. http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf
I was wondering if there were any private trac tickets, discussions, or development plans about this that might be also be made public.
Most (all AFAIK) of what we have to do about this is public already. For stuff that's already done, see tickets #8146 and #8147 and #2286 and #8273 and #8435 for stuff that's already implemented at the directory authority level to make cheap HS-targeting attacks harder, and #8207 for fixing a bug in hidden service user authentication (which is a pretty good countermeasure if you want to avoid enumeration). See #8240 for making Guard node lifetime configurable, and raising the default.
For stuff we'd still like to do, have a look at #8106 for a good crypto idea from rransom that would form the basis of a way to make service enumeration impossible, and some discussion with hyperelliptic. See #8244 for some anti-censorship ideas from arma. See #6418 for an important last step.
(These numbered tickets are all at trac.torproject.org. For example, #8106 is https://trac.torproject.org/projects/tor/ticket/8106 and #8244 is https://trac.torproject.org/projects/tor/ticket/8244 .
All of the current tickets tagged with "tor-hs" are: https://trac.torproject.org/projects/tor/query?status=accepted&status=as...
Sorry about the enormous URL.
George had a good blog post summarizing security issues and related issues with hidden services at, which should have some good opsec suggestions: https://blog.torproject.org/blog/hidden-services-need-some-love . This week, he started some discussions about migrating to future hidden service protocols on tor-dev too.
And that's what we've got now. George and Roger will probably have more thoughts; this is just me trying to do a braindump.
hth,