Hi all,
I'm applying for TOR Summer of Privacy. I'm curious if there are any developers here who are able and willing to become a mentor for this idea.
I want to improve TOR's ability to detect anomalies such as sybil attacks, and make it easy to include other heuristics for other potential attacks. When a potential attack is detected, users and maintainers are notified (as necessary). There has been research and development with this field with TorDoctor, exitmap, and HoneyConnector. However, as far as I am aware, these projects could use some help being solidified and integrated into TOR.
Please let me know what you think, if you want to suggest any improvements, and / or if you are a mentor interested in this idea.
Cheers, Kibo
[1] TorDoctor -- https://gitweb.torproject.org/doctor.git [2] exitmap / HoneyConnector -- http://www.cs.kau.se/philwint/spoiled_onions/
On Tue, Apr 14, 2015 at 01:38:54AM -0400, Kibo Schaffer wrote:
I want to improve TOR's ability to detect anomalies such as sybil attacks, and make it easy to include other heuristics for other potential attacks. When a potential attack is detected, users and maintainers are notified (as necessary). There has been research and development with this field with TorDoctor, exitmap, and HoneyConnector. However, as far as I am aware, these projects could use some help being solidified and integrated into TOR.
What do you mean by "solidified and integrated into TOR"? Tor, the network or tor, the C program? exitmap (and I think Doctor and HoneyConnector too) is meant to be a stand-alone tool that only uses the Tor network as a client.
And do you already have some concrete ideas about detecting anomalies? It's an interesting topic, but also a theory-heavy one. If we don't have good ideas about concrete things to work on, we can easily spend all three months researching, which is not quite what TSoC is about.
While I'm currently working on Sybil attack detection [0], and more broadly anomaly detection, we are still mostly in the process of working out the theory.
There might be, however, ways to extend exitmap and add new modules to it, which is mostly programming. The GitHub issue tracker lists two of them [1].
[0] http://notebooks.nymity.ch/detecting_sybils.html [1] https://github.com/NullHypothesis/exitmap/issues
Cheers, Philipp
Hi Philipp,
Thanks for your reply. I mean Tor the network. Not integrated into the protocol itself. Sorry for the poor wording. So it would work as exitmap, HonerConnector, and TorDoctor.
And do you already have some concrete ideas about detecting anomalies? It's an interesting topic, but also a theory-heavy one. If we don't have good ideas about concrete things to work on, we can easily spend all three months researching, which is not quite what TSoC is about.
Agreed. I underestimated how much research it would take, and I haven't had the time this week to look more in-depth into pre-existing projects and research to really gauge this.
Since the scale / shape of the project is currently incompatible with TSoP, I won't submit it (I could, but it doesn't make much sense).
*However* I still want to contribute to this field, and I think I can look into getting my university to fund me for the summer instead, so I can work towards financial independence.
I'll get back in touch soon once things settle down here.
Cheers, Kibo
On Wed, 15 Apr 2015 17:28:32 +0200 Philipp Winter phw@nymity.ch wrote:
On Tue, Apr 14, 2015 at 01:38:54AM -0400, Kibo Schaffer wrote:
I want to improve TOR's ability to detect anomalies such as sybil attacks, and make it easy to include other heuristics for other potential attacks. When a potential attack is detected, users and maintainers are notified (as necessary). There has been research and development with this field with TorDoctor, exitmap, and HoneyConnector. However, as far as I am aware, these projects could use some help being solidified and integrated into TOR.
What do you mean by "solidified and integrated into TOR"? Tor, the network or tor, the C program? exitmap (and I think Doctor and HoneyConnector too) is meant to be a stand-alone tool that only uses the Tor network as a client.
And do you already have some concrete ideas about detecting anomalies? It's an interesting topic, but also a theory-heavy one. If we don't have good ideas about concrete things to work on, we can easily spend all three months researching, which is not quite what TSoC is about.
While I'm currently working on Sybil attack detection [0], and more broadly anomaly detection, we are still mostly in the process of working out the theory.
There might be, however, ways to extend exitmap and add new modules to it, which is mostly programming. The GitHub issue tracker lists two of them [1].
[0] http://notebooks.nymity.ch/detecting_sybils.html [1] https://github.com/NullHypothesis/exitmap/issues
Cheers, Philipp _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
-
Kibo Schaffer -
Philipp Winter