On 2013-07-01 16:59 , André Nunes Batista wrote:
Sorry, to bump in, I know you are busy, but being a tor-node I had to ask:
Some guy just posted on mailing list an conceptual attack on tor, which certainly would require the corruption of great deal of tor-nodes and data analysis, but something that appeared possible gor gov-alike:
And then someone pointed that this is part of tor model of security and known problem, but one that should raise flags if attempted. Could you point me some link where I can find more? Besides reading source code?
Note that "Tor developers" is not the set of people who control the directory authorities, though there is some overlap.
From the text:
Most interestingly, the public keys for every other node in the network is served without any form of signature or other form of integrity control.
Public-key authentication takes care of that, you can verify them yourself by connecting and seeing if they have the private one matching the public one they claim to have.
also from that text:
As such, a rogue directory authority, which anyone can be simply with a configuration option and an IP
You can indeed locally configure a wrong directory authority, but then you are building your own tor network anyway, thus that is completely standard. Near-zero people do this though and all use the standard built-in authorities, against protected with pubkey infra and also by the consensus that is mentioned on the first line of that piece of text.
Also please note that trusting a person who writes "think their competent" is him/her/itself exactly not that, especially from an anonymous source. FUD comes to mind ;)
Note that there are a couple of papers out there (See http://freehaven.net/anonbib/ eg "Trawling for Tor Hidden Services") that do describe ways that it could be done to attack Tor given enough effort, the above does not describe any of that. And those attacks would only deny access, they would not be able to see the actual inner text of the data.
Greets, Jeroen
-- For archival purposes: http://pastebin.com/pRiMx0CW
Untitled BY: A GUEST ON JUN 28TH, 2013 | SYNTAX: NONE | SIZE: 1.90 KB | HITS: 493 | EXPIRES: NEVER
Tor LOL:
directory authorities are the point of contact for clients to locate relays/exit nodes/guard nodes/etc. This is determined by a consensus document that goes through an elaborate process to ensure its integrity and cause bad directory authorities to be identified also via consensus.
However, Tor developers are not the quickest lot, and this is basically the only document that they serve that has integrity control on it. Most interestingly, the public keys for every other node in the network is served without any form of signature or other form of integrity control.
As such, a rogue directory authority, which anyone can be simply with a configuration option and an IP, can introduce path bias and other such tricks by serving the wrong keys for relays/guards/exits that it doesnt control. This can result in essentially directing clients through the network by causing decryption failures, thereby allowing determination of the source and end-point of a given tor connection with little more than a couple relays and some rogue directory authorities. Moreover, it can use the simple-minded metrics made to identify rogue guard nodes and couple that together with the behavior of public key cryptography to actually cause legitimate guard nodes to be flagged as having excessive extend cell failures causing it ultimately to be marked as bad.
As such, this entirely mitigates the half-witted fixes guard nodes were intended to fix, by introducing rogue guards that work in conjunction with rogue directory authorities, whom serve bad public keys for all nodes except for their own giving them the ability to cause clients to reconnect to guard nodes at their leisure.
These are design flaws in tor. Don't outsource your security, especially if its to people like appelbaum and other incompetents. The fact is the US government doesn't need to backdoor Tor, they just get to let the dunces think their competent.